People often toss around the term [encrypted] QR code very loosely. Sure you can encrypt data into a (usable - meaning 1/4"x1/4") code but in no way will it be considered secure. I liken the security to locking your front door with a twisty tie.

There is however one company, Six Degrees Counterfeit Prevention which delivers a 1M bit non mathematical encryption method that can be encapsulated into a QR code.

See for yourself - please place the following string into a QR code generator and then scan it for yourself.

A QR code, at heart, just encodes bytes. Those bytes could be anything you want. They could be the encryption of some data. The question is whether a reader application will know that is the nature of the bytes and know what to do with it.

And the problem is, no it won't. There is no such scheme as "Secure QR codes" defined in the QR code spec or otherwise. So, no reader out there will do anything but show a string of garbage text.

You can write your own custom reader that knows what to do, but I imagine this is completely infeasible.

So, @Dan is right. The right way to do this is encode a link to a web server which challenges for authentication.

If you want clients to encrypt their communication to you, why is it necessary to wrap it in a QR code? just encrypt and send it via HTTPS. Sending a QR code is conceivable, but like sending a picture of data instead of data. It doesn't really make sense.

Other answers suggest you could use the QR code to encode a URL, and then ensure the service at that URL provides the authentication / security you need. If the channel you're using to communicate with your client is digital and internet-connected, maybe that makes sense ... and if it does make sense, you don't need a QR code at all, just send the URL. As Tadmas pointed out, QR is just an encoding.

However, I'll infer from your original question that the channel you're using is analog (paper??), or digital but not internet-connected (digital photos of a paper original or screen shot, or ??). That's not the most usual use case -- not what most of the respondents on this forum would naturally consider -- but I can imagine some realistic use cases e.g. for bills or payment data where that could be happening.

If that's true -- if for some reason you have to transmit the actual data through a non-internet channel, and the actual data has to be wrapped in a QR code format, then there's a different way to do this.

The obvious approach (hi-level) looks like this

message
   --> (compress) --> compressed message 
      --> (encrypt) --> encrypted compressed message
         --> (QR encode) --> QR of encrypted compressed message
            ... send over channel ...
      encrypted compressed message <-- (QR decode) <--
   compressed message <-- (decrypt) <-- 
message <-- (decompress) <--

In which your primary challenge is to choose compression & crypto algorithms that suit your purposes.

Note well, crypto is non-obvious, approach with respect & caution, don't just slam something together ...

Compressing before encrypting is a best practice. It isn't always needed as a separate step, because some crypto algorithms perform compression for you -- for example, PGP compresses data before encrypting. Others don't. If you're not sure or the approach needs to be general (work for different choices of crypto algorithm) you can always compress; it's safe, just sometimes pointless.

Choice of crypto algorithm has many implications (key management etc. -- huge topic). However one of the implications is especially relevant to QR codes -- how much the crypto step bloats your message. QR code blocks have a limited capacity of 2953 bytes of 8-bits each. If the message you're transmitting is close to this limit, you'll want to choose a crypto algorithm that has output size equal to input size (AES is one example). If the message is much smaller than this limit, then you won't care about this (could use the highly-bloating PGP for example).

If you can find compression and encryption algorithms that work for both you & your client (and a safe way to distribute keys and so on), then I don't think it's particularly hard to satisfy your original request. Don't try to encrypt the QR code itself (not sure that terminology actually makes any sense) but instead, compress and encrypt your data, then QR-encode the resulting encrypted data. Nothing to it.

You don't really need an "encrypted" QR Code- you just need to make sure that wherever the information is hosted on the web, that is encrypted.

There is! (despite all the above complicated ways of misunderstanding the question and saying "no there isn't").

The answer is an Android app called QR Droid. It's a general QR code reader and generator.

QR Droid can create a QR code (including from plain keyboard text) and optionally create a variation with the content encrypted using a requested key word. Because this is a feature of this particular app and not QR, this app is needed to read and decrypt the encrypted QR code (it'll ask for a key to decrypt after scanning).

This is handy way of creating username/passwords to leave in plain sight to decipher (only via QR Droid) when needed.

So, yes. There is an application that can generate QR codes with encrypted content. It is the Android App: QR Droid.