Your passwords, wallet backups, IDs and files - sealed in your browser with Argon2id + XChaCha20-Poly1305 + ML-KEM-1024 + ML-DSA-87 (NIST Level 5), backed up to Kaspa's BlockDAG. No sign-up, no account. Nobody else holds a copy to hand over. The locks are built to hold up against today's computers and the powerful quantum computers expected later. How safe it is comes down to three things: a strong password, an unaltered copy of this app, and keeping your wallet key secret.
Lock your KAS in an on-chain vault on Kaspa. The vault can have up to six different ways to open it, and you turn on the ones you want: open with this wallet, a quantum-resistant lock, a release that needs a secret, a payout to an heir if you go silent, a group vote, and a cold lock that opens with no signature at all. To open a vault you have to meet one of the rules you turned on. For the rules that pay out automatically, the destination is locked in advance, so the money can only go where you set it to go. The Kaspa network itself enforces these rules. There is no Kassword server in the middle. The app talks to a Kaspa node that you pick.
capsules array) - pick the one for you.Run on an offline device with your vault unlocked. Paste the unsigned unlock, confirm the recipient + amount, then sign. Your key never touches the network.
generated when you click DeployOpen Kassword on a phone in airplane mode - that's your COLD device. The safest way to run it is to download the app and run it locally (see below) so your keys never depend on a website. The cold device makes a one-time set of secret unlock codes and keeps them. It hands you only a short code called the "vault root". You pair that root with your everyday browser, which we call the HOT device. To spend money, the hot device builds the exact transaction. You carry it over to the cold phone. The cold phone shows you the real recipient + amount and Schnorr-signs the actual spend. It signs that exact transaction using one of its one-time codes. You carry the signed transaction back, and the hot device sends it out. The cold phone never goes online.
start.bat) from GitHub, or save this exact page right now.
start.bat (or run python serve_nocache.py) and open the address it shows you. Once it has loaded, it works with no internet at all, which is perfect for a cold, offline phone.Use this on an offline phone with airplane mode turned ON. It makes a fresh batch of one-time unlock codes. You then copy the short vault root over to your hot device.
On a fresh or wiped device, paste the kassword-cold-secrets backup file you saved plus the password it was sealed with. This rebuilds the cold tree here so you can sign unlock requests again.
Run this on a SEPARATE offline device that has this SAME vault on it (recover it there from the DAG, or import your wallet key). Only your own vault can sign your transaction, so a different or empty vault is refused. The HOT DEVICE tab builds the unsigned transaction and hands you the JSON. Paste it here, review every output, then sign. Carry the signed JSON back to the HOT DEVICE tab to broadcast. Your key never touches the network.
Use this on an offline device with your vault open. Paste in the transaction, check EVERY place the money is going, then sign it. Your key never goes online.
You turn MY VAULT protection on over on the HOT DEVICE tab (under "MY VAULT AIR-GAP"). These are the matching steps you do here on your offline device: make the one secret for Tier 2, or set up and run the oracle for Tier 4.
Do this on a phone that is offline (airplane mode) or any clean device. It makes a brand new secret code and a short fingerprint of it (a SHA-256 hash, a one-way summary). The SECRET stays on this offline device or on paper. The FINGERPRINT is the part you copy to your everyday device.
Run these on your offline device. Become an oracle once, ingest the arm code from your hot device, then answer each unlock challenge. Save the backup kit offline so you can rebuild this oracle if the browser is ever wiped.
This device talks to Kaspa and broadcasts, but it never holds your cold unlock codes. Here you pair with a cold vault, build and broadcast spends, and arm MY VAULT air-gap protection. The matching offline steps live on the COLD DEVICE tab - so you always know which device you are acting as.
This is your everyday browser. It connects to Kaspa but never holds your unlock codes. To make a vault that is tied to your offline device, copy its root code from there and paste it here.
This is a TWO-device tool. Build the unsigned transaction here on your online device, then carry it to your signer, which runs on a SEPARATE offline device that holds this SAME vault (you recover the vault there from the DAG, or import your wallet key). The online device builds and broadcasts but cannot sign; the offline device signs but never connects. Doing both halves on one device works for trying it out, but it adds no security. The destination is fixed inside the signed transaction, so a hacked online device can never redirect the funds. Paste the signed JSON back here to broadcast.
Carry the unsigned payment above to your offline device, open the 📱 COLD DEVICE tab, paste it into the SIGNER, check the recipient + amount, and sign. Bring the signed file back here for Step 3.
Applied to MY VAULT - your passwords, notes, IDs, wallet backups, and files. When this is turned on, opening your vault on this browser needs one more thing: a secret code that is kept ONLY on your offline device or on paper. You paste this code in every time you open the vault. When the vault locks itself, it forgets the code right away. What it protects, precisely: opening the vault here, in this browser. It does not cover the copy of your vault that is saved on the Kaspa BlockDAG. You can still get that copy back with your master password plus your wallet key, so the saved copy still needs two things to open. If you also want the offline code to protect the saved copy, choose the one-time codes tier (Tier 3) instead.
This is how your vault already works - there is nothing to set up here. Your vault opens with just your master password, with no extra offline code on this browser. The copy saved on the Kaspa BlockDAG still needs your master password plus your wallet key to open. Want more safety? Pick a higher tier above to add an offline code. Each higher tier is a little less handy but harder for a thief to beat. Tier 2 is the simplest (one code you reuse, protects this browser only); Tier 3 and Tier 4 also protect the copy saved on the Kaspa BlockDAG.
Kassword keeps your passwords, wallet backups, IDs, notes and media in your browser. Everything is sealed with a post-quantum crypto stack - Argon2id key stretching, XChaCha20-Poly1305 per-entry encryption, ML-KEM-1024 (FIPS-203 Level 5) and ML-DSA-87 (FIPS-204 Level 5) keypairs sealed under your password, and BLAKE2b Merkle trees for media tamper-evidence. No accounts, no Kassword servers - your data is sealed client-side; the app talks only to a Kaspa node/REST you choose. No subpoena surface for your data: no one can hand over what they never held.
@noble/hashes, @noble/ciphers, @noble/post-quantum - zero-dependency, audited, NIST-conformant.Cloud password managers go down. Companies get bought. Servers get subpoenaed. Kaspa's BlockDAG is permanent: once a TX confirms, the encrypted + ML-DSA-signed payload is there forever. Anyone with your wallet key + master password can restore from any browser, any device, any year - and the signature proves what they're decrypting is authentically yours.
For high-value KAS locked in the Kaspa Locker tab, the strongest mode runs the same HTML on a phone in airplane mode. The cold device holds the single-use cold key (a BLAKE2b Merkle tree, one per vault); the hot device only sees the root commitment. Unlock data crosses the gap by copy-paste or QR. The cold key never sees the network. A fully-compromised hot device cannot drain the vault without that cold key - provided the cold key secures only this one vault (the app enforces it).
On top of the password + wallet-key 2-factor encryption, Kassword now wraps the wallet key with a non-extractable AES-GCM-256 key stored in this browser's IndexedDB. The browser refuses to ever export this key - not even page-side scripts can read it. Effect: a stolen copy of your vault file plus your password is useless without ALSO having access to this exact browser profile's secure storage. New and imported vaults are browser-bound from day one. Existing vaults auto-migrate on first unlock. If you ever clear browser data on this device, recover from a DAG backup or paper wallet key.
Kassword can install as a Progressive Web App. Once installed, the app code loads fully offline - perfect for a cold/air-gap phone in airplane mode, where cold signing runs entirely offline. (The hot app still needs a Kaspa node to scan, build, submit or verify spends.) Install once over WiFi; afterwards it loads from local storage indefinitely, even after browser cache clears or device restarts.
If the button is hidden, your browser may not support the install prompt API. On iOS Safari, tap Share → "Add to Home Screen". On Firefox Android, menu → "Install". Manifest works on all modern browsers.