// COMING SOON

The cryptographically correct key manager

Passwords. Signing keys. Post-quantum cryptographic keys. All under one zero-knowledge vault — built the way it should have always been.

EXPLORE 0xKEYSVIEW ROADMAP
$ 0xkeys vault init --pqc --hybrid
✓ Vault initialized with AES-256-GCM
✓ PQC hybrid keys (Kyber768 + X25519)
✓ Signing keypair (Dilithium3 + Ed25519)
✓ Zero-knowledge vault sealed
$ 0xkeys secret get DB_PASSWORD
→ s3cr3t_p4ssw0rd_123
0x
HEX NATIVE
3
KEY TYPES
256
BIT ENCRYPTION
ZERO KNOWLEDGE
// FEATURES

Everything wrong with password managers. Fixed.

Built after studying every known attack on Bitwarden, LastPass, and Dashlane. We don't repeat their mistakes.

VAULT-LEVEL INTEGRITY
Your vault is a single cryptographic object, not a collection of individually encrypted items. Every field and metadata entry is cryptographically bound — no field swapping, no metadata manipulation.
AES-256-GCM
SIGNING KEY MANAGEMENT
Store and manage Ed25519, ECDSA, SSH, and GPG keys alongside your passwords. Built-in key rotation policies, expiry alerts, and full audit logs for every access event.
Ed25519 · ECDSA · SSH · GPG
POST-QUANTUM READY
Hybrid classical + PQC key exchange using X25519 + Kyber768. Hybrid signing with Ed25519 + Dilithium3. Quantum computers can't harvest your keys today and decrypt them tomorrow.
CRYSTALS-KYBER · DILITHIUM
AUTHENTICATED PUBLIC KEYS
Every public key is authenticated before use. No unauthenticated key substitution — the silent attack that compromises sharing in every major password manager today.
NO KEY ESCROW ATTACKS
ZERO LEGACY CRYPTO
No AES-CBC. No RSA-PKCS1v1.5. No MD5. No SHA-1. No backwards compatibility with weak primitives. We don't support downgrade attacks because we never supported the old stuff.
NO CBC · NO DOWNGRADE
DEVELOPER FIRST CLI
A powerful CLI built for developers. Inject secrets into any process, integrate with CI/CD pipelines, manage SSH keys, and script everything. Your workflow, uninterrupted.
CLI · SDK · CI/CD
TRUE ZERO KNOWLEDGE
Encryption and decryption happen on your device only. Our servers store only ciphertext. Even a fully compromised server leaks nothing — not marketing, cryptographically enforced.
CLIENT-SIDE ONLY
PUBLIC CRYPTO SPEC
Our full cryptographic specification is publicly documented and reviewed by independent cryptographers. No security through obscurity. You can verify every claim we make.
OPEN SPEC
ENTERPRISE GRADE
HSM support, RBAC, SSO with authenticated key exchange, Shamir's Secret Sharing for M-of-N recovery, and a full SOC 2 compliance roadmap.
HSM · RBAC · SSO
// WHY 0xKEYS

The competition is broken. We're not.

In February 2026, ETH Zurich researchers found 25 distinct attacks across Bitwarden, LastPass, and Dashlane. Most allow full password recovery. We were designed to have none of them.

FEATUREBitwarden1PasswordLastPass0xKeys
Vault-level integrity
Authenticated public keys~
No legacy crypto (CBC etc.)
Post-quantum keys
Signing key management
Public crypto specification
HSM support~
Developer CLI + SDK~~
Independent security audit~✓ soon
// ROADMAP

Building in public. Slowly. Correctly.

Security-first means we don't ship until it's right. Every phase is reviewed by external cryptographers before we move forward.

PHASE 0
FoundationNOW
Months 1–3
Threat model definitionCryptographic spec designPrimitive selection (AES-GCM, Argon2id, Ed25519)External crypto reviewCore team assembly
PHASE 1
MVP VaultNEXT
Months 4–9
Zero-knowledge vaultPassword storage & retrievalDeveloper CLILocal storageAuthenticated secret sharing
PHASE 2
Developer PlatformUPCOMING
Months 10–18
Signing key managementSSH & GPG key storageCI/CD & secrets injectionMulti-language SDKZero-knowledge cloud syncFirst external security audit
PHASE 3
EnterpriseUPCOMING
Months 19–30
Team vaults & RBACSSO (SAML/OIDC)HSM supportShamir's Secret SharingSOC 2 Type IISelf-hosted deployment
PHASE 4
Post-Quantum CryptographyUPCOMING
Months 24–36
Hybrid KEM (X25519 + Kyber768)Hybrid signing (Ed25519 + Dilithium3)SPHINCS+ hash-based signingPQC migration toolingPQC specialist audit
PHASE 5
Market StandardVISION
Month 36+
Open core crypto layerBrowser extensionsMobile apps (iOS / Android)Formal cryptographic proofIndustry standard protocol