Encryption Services

The EncryptionService provides high-level data protection utilities for persistent storage. It handles complex cryptographic workflows like salt management, key derivation, and binary sanitization automatically.

Core Encryption

Encrypt any serializable data into a versioned, secure JSON package. By default, XyPriss uses AES-256-GCM with 100,000 PBKDF2 iterations for key derivation.

Encryption Workflow

import { EncryptionService } from "xypriss-security";

// Encrypt an object
const secretPackage = await EncryptionService.encrypt(
    { pin: 1234, token: "active" }, 
    "master-passphrase"
);

// Decrypt back to object
const originalData = await EncryptionService.decrypt(secretPackage, "master-passphrase");

Advanced Options

Quantum-Safe Mode

Enabling quantumSafe forces the use of ChaCha20-Poly1305, which offers better resistance to certain theoretical quantum cryptanalysis vectors.

typescript

await EncryptionService.encrypt(data, key, { quantumSafe: true });

Integrity Checks

Verify the format and version of an encrypted package without needing the master key.

typescript

const info = EncryptionService.getMetadata(secretPackage);
console.log(info.algorithm); // aes-256-gcm

API Reference

generateSessionKey()
Generates a secure 256-bit session key in hexadecimal format.
verifyIntegrity(package)
Checks if the package format is valid and readable by XyPriss.

Performance

All heavy cryptographic computations are offloaded to the Go binary core, ensuring that encryption operations do not block the Node.js event loop even when using high PBKDF2 iteration counts.

Utilities

Encoding and general cryptographic helpers.