Skip to main content

QRL Security

The QRL provides means for secure communication and verification of various functions and features of the project.

From validating releases for the QRL wallet to providing a secure means to report security impacts and concerns, the QRL Security repo provides the Public PGP keys for the project.

The QRL security repo contains:

  1. The public key for
  2. Signed messages containing the hashes of some QRL releases in order that they may be verified

QRL network security issues can be directed to the QRL development team at

Should the matter be sensitive, PGP/GPG can be used using the public key contained in this repository.

While setup of secure email is outwith the scope of this repository, instructions to do so are below (thanks @jackalyst)



1. Setup private/public key

  1. Open Thunderbird v78 and above
  2. Go to Edit -> Account Settings
  3. Find the email account you want to use and select [email acct]-> End-to-End Encryption
  4. Click [Add Key]
  5. Create new OpenPGP key [continue]
  6. Define any parameters (defaults are fine), then [Generate Key] and [confirm]

2. Import's public key

  1. Open Thunderbird 78 and above
  2. Go to Tools -> OpenPGP key manager
  3. Select Edit -> Import Keys from URL
  4. Enter URL:

3. Sending an End-to-end encrypted message

  1. Open Thunderbird 78 and above
  2. Compose a message to
  3. Select from the dropdown [security], "Require Encryption", and "Attach my public key"
  4. Send email.