About Qryptal

About Qryptal
Qryptal was set up with the aim of making information secure by ensuring that it is tamperproof and easily verifiable especially by people who don’t have access to the source of the information.

our mission
our mission
our mission
our mission

Our Story

Headquartered in Singapore, Qryptal was incorporated in the year 2011. It was set up with the aim of making information secure by ensuring that it is tamperproof and easily verifiable especially by people who don’t have access to the source of the information.

Qryptal’s founders have got extensive prior experience in secure information transfer after having successfully founded and run a company in this field.

Qryptal uses QR codes as the vehicle to store and share this information.Through the use of its proprietary technology,it is uniquely positioned to target a small footprint of the QR code with the highest possible levels of security.

Qryptal currently has users in more than 30 countries across large enterprises, SMEs, financial institutions and governments. We pride ourselves on having full control of our technology stack which allows us to be flexible as well as quick in making enhancements to keep abreast of latest developments and trends in the market.

Frequently Asked Questions

A few queries we come across everyday, let’s connect to get into more details.

  • General
  • Technology
  • Industry
Simply post the image of the invoice (carrying the Qryptal Secure QR Code) to the Qryptal Validation Server. It first validates the invoice to ensure it’s authenticity and that it originated from the designated company. Once validated, it returns the invoice data in a structured format that can be read and ingested into most systems for further processing, helping in automation.
Yes. In addition to our cloud based offering, we do offer an on-premise solution that can run in your own data centre.
Qryptal provides solutions for all types of users. We have a web based portal for end users. This does not require you to be a developer. To integrate with existing systems, some knowledge of using web based APIs is needed. The integration is similar to most web based REST API system integration and quite straightforward.
In the case of cloud API, the Qryptal generator is hosted by Qryptal on Amazon Web Service (AWS) and the customer is provided a log in to their account to use it as required. In case of On Premise, one or multiple instances of the generator are run on the customer’s computer systems directly.
Yes. In this context, Qryptal enables generation of two kinds of tamper-proof digitally signed QR codes: 1) Readable by any QR code reader 2) Readable by only authorised apps and services. Please contact us to schedule a discussion with our solutions architect to discuss viable options for your application.
Underlying most fraud is fake/tampered information. When an organisation uses Qryptal to secure its information then fraudsters cannot rely on injecting fake/tampered documents in the name of that organisation. For example if the department secured their driving licences then fraudsters would not be able to easily perpetuate fraud enabled by fake driving licences.
Yes. Qryptal is being used in over 30 countries in various languages.
Yes, just sign up for a trial, and our awesome support team will be there to assist with any questions that you may have.
We recommend starting with the Cloud API as you can be up and running quickly. However if your organisation requires that solution run only within the organisation’s network, then you’ll need the On Premise solution.
All the information which is available at the time of cheque generation should be stored. It should include cheque number, bank details/code and optionally amount, beneficiary and date.
Document security refers to the integrity of information in a document. Any individual or system looking at the document should feel assured that it has not been manipulated or tampered with. Qryptal helps ensure this.
Yes, one good use case is screenshots of online bank funds transfer confirmations. Users typically take screenshots and send to other parties as proof of payment and Qryptal adds value by providing a secure confirmation of such screenshots.
Qryptal’s technology gives you the flexibility to use it for both printed as well as electronic documents. Unlike some other solutions in the market, Qryptal’s solutions are not restricted to working with only one type of document.
Digitally signed PDF technology is old and has been available for a very long time. But because of its complications hardly any user knows how to validate digitally signed PDFs. Also, digitally signed PDFs work only for electronic PDFs and the moment the document is printed or scanned or copied, these signatures are lost forever. Qryptal’s solutions help to overcome these limitations of digitally signed PDFs. You can also combine Qryptal with digitally signed PDFs to make them easily verifiable.
Ideally, You should use document security for any document of value that leaves your organisation and may need to be trusted by third parties. Examples could be certificates, IDs, receipts, invoices, letters of undertaking, letters of references, employment letters, pay slips, contracts, trade documents, account statements etc.
Qryptal’s technology can be used as as a cloud based service and for on-premise deployment. We have customers worldwide that we support from Singapore. However, if you want to work with partners, please get in touch with us to find out more. Alternatively, if you are a reseller or partner, contact us at info@qryptal.com.
The information you generate is accurate but once it leaves the boundary of your organisation there is often a need to verify it and use the same for onward processing. For example if you issue an account statement to a client, the client may need to submit that to a third party. Qryptal helps to do this seamlessly and also protects your organisation from malicious attempts to manipulate this information which could be a reputation and/or a monetary risk to the producer of the information.
Qryptal is based on established cryptography standards. The information is digitally signed with an organisation’s private key and the corresponding public key is used for validation. Optionally Qryptal can be integrated with on-premise or cloud hardware security modules (HSM). Qryptal uses large keys because it is designed for documents that may need to be used over a long term such as university transcripts, degrees, birth certificates etc. For further information, contact us at info@qryptal.com and request for the “Security Evaluation Guide”.
The Qryptal code can have secure attachments. The attachments are stored, encrypted and signed. They are as secure as the information in the QR code and goes through an equally rigorous process of validation to check for any tampering, before being displayed to the verifier. By using secure attachments, there is theoretically no limit to the amount of information which can be secured.
Qryptal is quick to install and integrate because it has been architected with minimal dependencies. We had an enterprise customer who rolled out the solution for 8 different systems across different countries in just 2 months including integration, staging and testing.
Qryptal solution includes a validation server (QVS: Qryptal Validation Server) which can be accessed via the browser to validate the document. User can simply scan the code with the device camera or upload the document PDF or scanned image for validation.
Simply post the image of the invoice (carrying the Qryptal Secure QR Code) to the Qryptal Validation Server. It first validates the invoice to ensure it’s authenticity and that it originated from the designated company. Once validated, it returns the invoice data in a structured format that can be read and ingested into most systems for further processing, helping in automation.
Yes. In addition to our cloud based offering, we do offer an on-premise solution that can run in your own data centre.
Qryptal provides solutions for all types of users. We have a web based portal for end users. This does not require you to be a developer. To integrate with existing systems, some knowledge of using web based APIs is needed. The integration is similar to most web based REST API system integration and quite straightforward.
In the case of cloud API, the Qryptal generator is hosted by Qryptal on Amazon Web Service (AWS) and the customer is provided a log in to their account to use it as required. In case of On Premise, one or multiple instances of the generator are run on the customer’s computer systems directly.
Yes. In this context, Qryptal enables generation of two kinds of tamper-proof digitally signed QR codes: 1) Readable by any QR code reader 2) Readable by only authorised apps and services. Please contact us to schedule a discussion with our solutions architect to discuss viable options for your application.
Qryptal Secure Code System (QSCS) can be used to generate three types of digitally signed secure codes:
Primary Data Codes (PDC): These are self-contained codes which encapsulate all the information within the code itself and can be validated off-line with just the public key. Before compression, these codes have a capacity of about 2KB of textual data and the QR image size varies based on the amount of data encapsulated.
Extended Data Codes (EDC): These codes require connectivity to validate and can contain much more data including attachments like photos and PDFs. The data is stored as encrypted blobs in the Additional Data Repository (ADR) object-store. The decryption key and fingerprint is stored inside the QR content. A unique decryption key is generated for every code. The information can be updated using the update API. The image size of the code is nearly constant.
Hybrid Data Codes (HDC): These codes combine the features of both the codes above and present PDC information when the validation is offline and EDC information when online. The image size of code is variable and depends upon the amount of PDC data.

The data and attachments for EDC and HDC are stored in the ADR. The default ADR is provided by the QSCS on the local disk. Optionally the Qryptal Generator can be configured to use an Object Storage Service (OSS) like Amazon Web Services (AWS) S3 or Microsoft Azure.
Ensuring document secrecy and privacy is one the top priority at Qryptal.
For cloud based deployments, documents are stored for a short term basis during processing and purged immediately after as per the user configurable purging policy.
No documents are ever stored in its unencrypted form for Qryptal code verification.
The system can also be configured to store encrypted documents in customer owned Object Storage account (S3 compatible or Azure BLOB).
Primary Data Codes (PDC) are self-contained and work without any kind of document storage.
Extended Data Codes (PDC) linked documents are encrypted with unique QR code specific keys and stored on the publicly accessible cloud to facilitate validation.
For on premise deployments, Qryptal does not get involved in any document processing or storage.
Absolutely. In addition to the ID textual information, it can also include a photo id as well an expiry date or any other such important attribute which is checked during validation.
We support both options: codes which can be scanned by any QR reader or by only authorised Apps. If you are storing sensitive data then our default recommendation is to use the only authorised Apps option to help prevent leaking of this sensitive information.
Underlying most fraud is fake/tampered information. When an organisation uses Qryptal to secure its information then fraudsters cannot rely on injecting fake/tampered documents in the name of that organisation. For example if the department secured their driving licences then fraudsters would not be able to easily perpetuate fraud enabled by fake driving licences.
Yes. Qryptal is being used in over 30 countries in various languages.
Yes, just sign up for a trial, and our awesome support team will be there to assist with any questions that you may have.
We recommend starting with the Cloud API as you can be up and running quickly. However if your organisation requires that solution run only within the organisation’s network, then you’ll need the On Premise solution.
All the information which is available at the time of cheque generation should be stored. It should include cheque number, bank details/code and optionally amount, beneficiary and date.