Encrypting QR Codes with Qrafter

Published on · Updated
By Kerem Erkan

Users of Qrafter and Qrafter Pro can protect QR Code contents with password-based encryption. To enable this feature, tap the Encrypt button on the scan results screen. You can also create encrypted QR Codes directly from the free online QR Code Generator.

Encryption Evolution

The earliest versions of Qrafter utilized DES encryption. While functional, DES is considered weak by modern standards and can be cracked relatively easily. I originally chose DES for two reasons: compliance with export regulations at the time, and minimal expansion of the content size.

Later versions switched to AES-256 via RNCryptor, using Base64 encoding and the ENC: prefix format.

The current version of Qrafter uses AES-256-CBC encryption via the RNCryptor v3 format with Base45 encoding and the *E: wrapper format. This provides industry-standard encryption with authenticated message integrity and more efficient QR Code encoding.

Starting with version 2026.05, the wrapper prefix changed from ~E: to *E:. The ~ character is not part of the QR Code alphanumeric character set, which forced the encoder to use the less efficient byte mode for the wrapper. The * character is in the alphanumeric set, so the entire encrypted payload — wrapper included — can now be encoded in alphanumeric mode, resulting in slightly smaller QR Codes.

Qrafter still supports decrypting QR Codes created with the older ~E: and ENC: formats for full backward compatibility.

AES-256 is the same encryption standard used by governments and financial institutions worldwide to protect sensitive data.

The trade-off with stronger encryption is increased data size. As a result, you cannot encrypt extremely lengthy content (exceeding several thousand characters). For most use cases, this limitation is not a concern.

Technical Implementation

Qrafter implements encryption through the RNCryptor v3 format. I selected this library because its developer follows strict standards for encryption and the implementation has been thoroughly audited. The format provides:

  • AES-256-CBC for symmetric encryption
  • PBKDF2-SHA1 with 10,000 iterations for key derivation
  • HMAC-SHA256 for message authentication
  • Random salts and IV for every encryption operation

How It Works

The encryption process follows this sequence:

  1. Your content is encrypted using RNCryptor v3 with your chosen password
  2. The encrypted binary data is Base45 encoded for optimal QR Code storage
  3. The result is wrapped with *E: and : to identify the content as encrypted

Why Base45?

Previous versions used Base64, but the current format uses Base45 encoding (RFC 9285). Base45 uses a 45-character alphabet that maps directly to the QR Code alphanumeric character set. This means the QR Code encoder can use its most efficient mode for the encrypted payload, resulting in smaller QR Codes compared to Base64.

Encrypted Format

The final format of an encrypted QR Code looks like this:

Format 
*E:BASE45_ENCODED_ENCRYPTED_CONTENT:

For example, if you encrypt the text "Hello World" with a password, the resulting QR Code content might look something like:

Example 
*E:0E10X5C9*3VK2Z 7J+QE...:

Legacy Formats

QR Codes created with older versions of Qrafter use previous formats:

Legacy Format (pre-2026.05) 
~E:BASE45_ENCODED_ENCRYPTED_CONTENT:
Legacy Format (older) 
ENC:BASE64_ENCODED_ENCRYPTED_CONTENT

Qrafter automatically detects and decrypts all three formats. QR Codes encrypted with older versions will continue to work.

Decryption

When you scan an encrypted QR Code with Qrafter, the app automatically detects the format (*E:, ~E:, or ENC:) and prompts you for the password. Once you enter the correct password, the content is decrypted and displayed.

External Decryption

If you need to decrypt Qrafter-encrypted content outside of the app, the steps depend on the format:

For the current *E: format (or the previous ~E: format):

  1. Extract the content between *E: (or ~E:) and the trailing :
  2. Base45 decode the extracted string to get the raw encrypted bytes
  3. Decrypt using RNCryptor v3 with the appropriate password

For the legacy ENC: format:

  1. Remove the ENC: prefix from the content
  2. Base64 decode the remaining string
  3. Decrypt using RNCryptor with the appropriate password

RNCryptor libraries are available for multiple programming languages including Swift, Objective-C, Python, JavaScript, PHP, Ruby, and more.

Online QR Code Generator

You can create encrypted QR Codes without the app using the free online QR Code Generator. Enable the "Encrypt with Password" option, set your password, and generate your code. The online generator uses the same RNCryptor v3 encryption and Base45 encoding as the iOS app, so codes created online can be decrypted by Qrafter and vice versa.

Best Practices

  • Use strong passwords - Combine uppercase, lowercase, numbers, and symbols
  • Don't share passwords with the QR Code - Communicate passwords through a separate secure channel
  • Keep content concise - Shorter content creates smaller, more scannable QR Codes
  • Test your codes - Always verify encrypted codes can be scanned and decrypted successfully

Encryption in Qrafter provides a simple yet powerful way to protect sensitive information in your QR Codes. Whether you're sharing confidential business data, personal information, or secure access credentials, you can trust that your content remains private.