Documentation

Your Wallet is Your Identity

On Qverax, you don't create an account. You don't set a password. You don't verify an email to log in. Instead, you use a blockchain wallet — and that changes everything.

What is a wallet?

A wallet is a cryptographic key pair: a private key (your secret, stored only on your device) and a public address (your identity, visible to everyone). Think of it as a digital signature that no one can forge — not even us.

Why is that better than email + password?

One wallet — everything

Connect your wallet once and you're recognized across all Qverax services. Your wallet is your:

• Identity — verified via QIDENT (email, domain, organisation)
• Name — register yourname.qan instead of showing hex addresses
• Signature — every stamp and attestation is cryptographically signed by you
• Access control — no passwords to manage, rotate, or leak
• Proof of authorship — your wallet proves you created something at a specific time

What about losing my wallet?

Your wallet is secured by a seed phrase — 12 or 24 words that you write down when you create it. As long as you have this phrase, you can recover your wallet on any device. Keep it offline, keep it safe.

We're working on a recovery mechanism for verified identities (L4 / eIDAS): if you reach the highest verification level, your government-issued ID becomes your backup. Your passport is your recovery key.

Getting Started

Qverax services fall into two categories:

No wallet needed

These services work with a simple API call. No account, no wallet, no setup.

• QSBOM — curl -X POST https://sbom.qverax.eu/attest
• QTRUST — openssl ts -query ... | curl https://trust.qverax.eu/timestamp

Wallet required

These services use your wallet as your identity. You sign transactions with MetaMask — no password, no account.

• QSTAMP — Timestamp documents and messages
• QIDENT — Verify email, domain, register .qan name
• QPRIOR — Register prior art claims
• QCERT — Attest certificate validity

Wallet Setup (2 minutes)

1. Install MetaMask
2. Add QAN Testnet: visit any Qverax service and click "Connect Wallet" — the network is added automatically
3. Get test QANX from the QAN Faucet
4. Optional: install QAN XLINK for quantum-safe transaction signing

QSTAMP Live

Quantum-safe timestamping. Prove any document or data existed at a specific point in time.

What it does

Hash a file or message, stamp it on the QAN blockchain, and get an immutable proof of existence. The file never leaves your browser — only the SHA3-256 hash goes on-chain.

Features

• Message Stamp — Type any text, stamp it. The text is visible on-chain (hex-to-ASCII).
• Document Register — Upload a file, add title/description, get a versioned document registry entry.
• Verify — Paste any hash to check if it was stamped, when, and by whom. No wallet needed.
• History — See all stamps from your connected wallet.

Privacy

Document content stays in your browser. Only the hash goes on-chain. Descriptions in the Document Register are visible on-chain — choose carefully what you write.

QSBOM Live

Quantum-safe build attestation for software supply chains. NIS2-ready.

How it works

QSBOM takes your SBOM + artifact hashes, computes a Merkle Root (SHA3-256), and stamps it on the QAN blockchain via QSTAMP. No wallet needed — our relayer pays the gas.

Quick Start (curl)

curl -X POST https://sbom.qverax.eu/attest \
  -H "Content-Type: application/json" \
  -d '{
    "project": "myorg/myapp",
    "version": "v1.0.0",
    "git_commit": "abc1234",
    "artifact_hashes": {
      "app.wasm": "'$(sha256sum app.wasm | cut -d' ' -f1)'"
    }
  }'

GitHub Actions

- name: Attest Build
  run: |
    TREE=$(git rev-parse HEAD^{tree})
    BODY=$(python3 -c "import json; print(json.dumps({
      'project': '${{ github.repository }}',
      'version': '${GITHUB_SHA::7}',
      'git_commit': '${{ github.sha }}',
      'artifact_hashes': {'tree': '${TREE}'},
      'memo': 'CI build'
    }))")
    curl -sf -X POST https://sbom.qverax.eu/attest \
      -H 'Content-Type: application/json' -d "$BODY"

Verify

Re-submit the same data to reproduce the hash, then check if it exists on-chain. No data is stored on our servers — privacy by design.

NIS2 Compliance

QIDENT Live

Verified identity on-chain. Link your wallet to your email, domain, or organisation.

Trust Levels

Email Verification (L1)

1. Connect wallet
2. Enter your email address
3. Receive OTP code, enter it
4. Claim is anchored on-chain (email stored as SHA3-256 hash only)

Domain Verification (L2)

1. Connect wallet
2. Enter your domain
3. Add DNS TXT record: _qident.yourdomain.com = "v=qident1 address=0xYourWallet"
4. Click verify — the service checks DNS and registers on-chain

Your domain name is stored in plaintext on-chain — DNS records are public by design. The service re-checks DNS periodically; if the record is removed, the claim is revoked.

.qan Name Service

Human-readable names for QAN wallets. Instead of 0x9370f5a19c3f1eea..., you get yourname.qan.

How to register

1. Go to ident.qverax.eu and click the ".qan Name" tab
2. Connect your wallet
3. Choose a name (3-32 chars, a-z, 0-9, hyphens)
4. Click "Register" — your name is anchored on-chain

Rules

• One name per wallet, one wallet per name
• Names are first-come, first-served
• You can release your name (it becomes available again)
• Names are transferable to another wallet

Where your .qan name appears

Once registered, your .qan name shows up automatically across all Qverax services when you connect your wallet — in the header and the wallet info card.

API

Contract: 0x90564EaD158A67b3Ec8Ad37b14A9193BA524a6ee (QAN Testnet)

QTRUST Live

RFC 3161 compliant timestamp authority with CRYSTALS-Dilithium dual signing.

What makes it special

Every timestamp is signed with both ECDSA (for compatibility) and Dilithium3 (for post-quantum security). When ECDSA is broken in 15+ years, the Dilithium signature remains valid.

Quick Start (openssl)

# Create timestamp request
openssl ts -query -data myfile.txt -sha256 -out request.tsq

# Get timestamp response
curl -s -X POST https://trust.qverax.eu/timestamp \
  -H "Content-Type: application/timestamp-query" \
  --data-binary @request.tsq -o response.tsr

# Verify (requires TSA certificate from trust.qverax.eu)
openssl ts -verify -in response.tsr -queryfile request.tsq \
  -CAfile ca-cert.pem -untrusted tsa-cert.pem

JSON API

curl -X POST https://trust.qverax.eu/timestamp/json \
  -H "Content-Type: application/json" \
  -d '{"hash": "0xabc123...", "algorithm": "sha256"}'

Output formats

• .tsr — Standard RFC 3161 Timestamp Response (binary)
• .pdf — Human-readable certificate with QR code

QPRIOR Live

Prior art registration. Prove your invention existed at a specific point in time with a blockchain-anchored certificate.

How it works

1. Connect wallet, upload your file (patent draft, design, code, research)
2. Add title and description
3. The file is hashed in your browser (SHA3-256) — it never leaves your device
4. The hash is stamped on the QAN blockchain
5. Download your Prior Art Certificate (PDF) with QR code for verification

Version History

Update your prior art claim by referencing the original hash. The full version chain is preserved on-chain — useful for documenting iterative development.

Domain Verification

Optionally link your domain via DNS TXT record to increase trust level. Add _qprior.yourdomain.com = "v=qprior1 address=0xYourWallet".

QCERT Live

Certificate validity attestation. Prove a certificate (ISO, CE, FDA) was valid during a specific period.

How it works

1. Connect wallet
2. Enter certificate number, type, and validity period (valid_from, valid_until)
3. Upload the certificate file (hashed in browser, never uploaded)
4. The attestation is anchored on-chain

Point-in-Time Verification

Anyone can check if a certificate was valid at a specific date. Use the Verify tab and set the date — no wallet needed.

Supported Certificate Types

60+ recognized standards with searchable dropdown: ISO 9001, ISO 13485, ISO 27001, ISO 14001, SOC 2, CE Marking, EU MDR, EU IVDR, FDA 510(k), FDA PMA, GMP, PCI DSS, NIS2, TISAX, IEC 62443, and many more. Custom standards can be entered as free text.

Technology

Post-Quantum Cryptography

All Qverax services run on the QAN Blockchain, the first EVM-compatible quantum-safe Layer 1. Validators use CRYSTALS-Dilithium (NIST PQC FIPS 204) for block signing. Your attestations are protected against quantum computer attacks from day one.

Privacy by Design

Files never leave your browser. Only SHA3-256 hashes go on-chain. Private data (email, personal ID) is stored as hashes. Domain names are stored in plaintext because DNS records are public by design.

No Vendor Lock-in

All proofs are anchored on a public blockchain. Even if Qverax disappears, your attestations remain verifiable. The smart contracts are immutable — no one can delete or modify your stamps.