Start your PQC journey in minutes

Turn Existing Security Evidence into a Cryptographic Inventory

qReflector extracts algorithms, protocols and certificate metadata from vulnerability reports and configuration exports. It compiles these findings into a structured inventory for compliance review and migration planning, without requiring software deployment on your network for the first review.

Apply for Invitation Trust & Security

Existing evidence No agents required Source-linked findings

vulnerability report infrastructure-scan certificate export vendor questionnaires

qReflector Review extract cryptographic findings flag cryptographic risk keep source evidence attached

System / Asset: vpn-gateway-01 Algorithm: ECDHE_RSA Evidence Source: tls-scan.json Security Risk: Legacy Key Exposure Review Priority: High

Sample output · Example workspace · Synthetic data

Cryptography Is Already Spread Across Your Environment

Public-key cryptography is embedded in certificates, VPNs, internal APIs, identity systems, cloud workloads and vendor-managed software.

Post-quantum readiness starts by creating an accurate cryptographic inventory. That means finding where these algorithms actually appear in real security evidence, rather than estimating from theoretical architecture diagrams.

Public-Key Exposure

RSA, Diffie-Hellman and elliptic-curve cryptography appear across networks, VPNs, identity systems and vendor-managed software.

Scattered Evidence

Relevant cryptographic details are often scattered across vulnerability reports, infrastructure scans, certificate inventories and vendor security questionnaires.

Discovery Before Migration

Before migration planning begins, teams need a structured view of what cryptography exists, where it appears and which findings need review first.

Which Cryptography Should Your Team Review First?

Post-quantum migration does not affect every cryptographic mechanism in the same way. qReflector helps separate public-key exposure from items that should be monitored, documented or reviewed later.

Example Cryptographic Inventory

Sample Output

Crypto Type	Asset Area	Post-Quantum Concern	Evidence Captured	Review Priority
RSA	TLS, certificates, signing	Public-key exposure	Key size, certificate source	HIGH
Diffie-Hellman	VPNs, TLS key exchange	Public-key key exchange	Group parameters, scan finding	HIGH
ECDH	TLS, APIs, VPNs	Public-key key agreement	Curve name, service evidence	HIGH
ECDSA	Certificates, identity, signing	Public-key signature exposure	Curve, certificate export	HIGH
DSA	Legacy systems	Legacy public-key algorithm	Implementation details	LEGACY
TLS/Cipher Suites	Web and API traffic	Negotiation and policy review	Suite selection, TLS version	POLICY
Certificates	PKI and service identity	Signature and lifecycle review	Issuer, expiry, signature	POLICY
Symmetric Crypto	Data-at-rest and applications	Monitor key strength and policy	Algorithm, mode, key strength	MONITOR

CORE CAPABILITY

Turn Security Evidence into a Reviewable Baseline

qReflector uses evidence your team already collects: vulnerability reports, infrastructure scans, configuration exports, certificate data and vendor security documentation.

It extracts cryptographic signals, keeps findings linked to their source files and structures the result into a baseline for CBOM work, compliance review, vendor review and post-quantum migration planning.

Report-Based Discovery

Start from existing reports and security exports instead of deploying agents during the first review.

Quantum-Relevant Prioritisation

Highlight findings involving RSA, Diffie-Hellman, ECDH, ECDSA and other public-key cryptography that may need post-quantum review.

Evidence Traceability

Keep identified cryptographic items linked to the scan, configuration file, certificate or vendor document they came from.

Review-Ready Baseline

Create a structured baseline that security, architecture, compliance and procurement teams can review before planning next steps.

{ "label": "Sample output", "source": "tls-scan.json", "asset": "vpn-gateway-01", "service": "443/tcp", "protocol": "TLS", "algorithm": "ECDHE_RSA", "certificate": { "signature": "sha256WithRSAEncryption", "keySize": 2048, "issuer": "Internal PKI" }, "postQuantumConcern": "public-key exposure", "reviewPriority": "high", "baselineUse": "CBOM and migration planning", "evidence": "scan finding attached" }

How It Works

The workflow is intentionally simple: start from existing evidence, extract cryptographic findings, review post-quantum exposure and create a structured inventory for the team.

Upload Evidence

Start with selected reports, scans, exports or vendor documents.

Extract Findings

Identify algorithms, certificates, protocols and cryptographic signals.

Review PQC Exposure

Flag findings that may matter for post-quantum readiness and migration planning.

Structure Inventory

Organise findings into a reviewable cryptographic inventory.

Continuously Improve

Use the findings, guidance and review hints to plan, prioritise and manage your PQC readiness efforts over time.

Built for Sensitive Security Evidence

qReflector is designed for teams that need practical cryptographic visibility without unnecessary operational friction.

No Agent Required for First Review

Start with uploaded reports, scans and exports. Deeper discovery can come later if needed.

Controlled Upload Model

Process selected evidence sets instead of connecting broadly to production environments from day one.

Evidence-Linked Output

Every finding should remain connected to its source, so teams can verify why it was flagged.

Built for Security Review

The output is intended for security, architecture, compliance and procurement review — not just a technical export.

Exportable Baseline

Use the inventory as a starting point for CBOM work, vendor follow-up, risk review or migration planning.

Private Deployment Path

For sensitive environments, qReflector can move towards private or controlled deployment models.

Why We Built qReflector

Post-quantum migration discussions often jump quickly to algorithms, standards or vendor promises.

In practice, many teams first need a simpler answer: where are we using cryptography today, which findings are based on evidence and which systems need review before migration planning?

qReflector is built for that first visibility step. It does not replace migration work. It helps security teams turn scattered evidence into a structured starting point.

Start Post-Quantum Readiness with Evidence

qReflector helps security teams turn existing reports, scans and vendor evidence into a structured view of cryptographic exposure, source evidence and review priorities.

Apply for Invitation