QR9.NET

Security Notes

QR9.NET includes encoding, hashing, encryption, signing, and key handling tools. This page explains what those tools can do and what they should not replace.

Local processing boundary

The tools currently provided by this site run in the browser and avoid uploading text, files, keys, or images to QR9.NET servers as computation input.

Local processing reduces the chance that the server sees your input, but it is not an absolute security guarantee. Devices, extensions, clipboards, caches, downloads, and networks still matter.

Limits of cryptography tools

  • Online encryption, signing, hashing, and key tools are suitable for format conversion, integration checks, compatibility testing, and low-risk temporary work.
  • Production keys, long-term private keys, high-value secrets, and compliance material should use offline tools, dedicated toolchains, or audited workflows approved by your organization.
  • Output from this site is not a security audit, compliance proof, or professional cryptography advice.

Transport and dependencies

Visit the site through https://qr9.net and check the browser address bar and certificate status.

Tool behavior depends on frontend code, browser capabilities, and project dependencies. On first visit, after clearing cache, or when using some tools, the browser may need to download scripts, model files, or other static assets.

Vulnerability reports

If you find XSS, supply-chain risk, unintended data upload behavior, sensitive information exposure, or a tool result that may cause security misjudgment, email 470589027@qq.com.

Please include the affected URL, reproduction steps, browser version, expected result, and actual result. Do not send real sensitive keys or third-party personal data.

Safe usage tips

  • Check the domain, HTTPS status, and device environment before handling sensitive content.
  • Do not handle private keys, tokens, or passwords on shared devices or in unknown extension environments.
  • After handling sensitive data, clear inputs, downloaded files, and browser site data.