Package Exports
- cryptonism
Readme
🔐 Cryptonism · 
Frontend End-to-End Encryption Library
Secure your authentication flows and sensitive data with zero-knowledge architecture directly in the browser.
✨ Features
- 🔑 Argon2id Key Derivation: Memory-hard password hashing resistant to attacks
- 🔐 AES-GCM Encryption: Authenticated encryption for maximum security
- 🛡️ Recovery System: Secure mnemonic-based key recovery
- 🔄 Password Rotation: Safe password updates without data loss
- 📊 Attempt Tracking: Built-in protection against brute force attacks
- ⚡ TypeScript Support: Full type safety and IntelliSense support
📚 Documentation
Full documentation is available here: View the Docs
📦 Installation
npm install cryptonismUsage Example
Encrypt An Account
import { generateEncryptedKey } from 'cryptonism';
const result = await generateEncryptedKey({
password: 'user-master-password'
});
if (result.success) {
// Store these in your database
const data = {
encryptedKey: result.encryptedKey,
salt: result.salt,
iv: result.iv,
encryptedRecoveryKey: result.encryptedRecoveryKey,
recoverySalt: result.recoverySalt,
recoveryIV: result.recoveryIV
};
// CRITICAL: Show recovery phrase to user ONCE
alert(`Save this recovery phrase: ${result.recoveryPhrase}`);
} else {
console.error('Key generation failed:', result.error.message);
}With Custom Argon2 Configuration
// Note: use same custom argonConfig for all functions
const result = await generateEncryptedKey({
password: 'user-master-password',
argonConfig: {
time: 3, // More iterations for higher security
mem: 32000, // 32MB memory usage
hashLen: 32 // 32-byte output
}
});
// The Default Argon2 Config
const defaultArgonConfig = {
time: 3,
mem: 65536,
hashLen: 32
};
Decrypt An Account
import { decryptGeneratedKey } from 'cryptonism';
// Data from your database
const data = {
salt: 'base64-salt-string',
iv: 'base64-iv-string',
encryptedKey: 'base64-encrypted-key'
};
const result = await decryptGeneratedKey({
salt: data.salt,
iv: data.iv,
encryptedKey: data.encryptedKey,
password: 'user-entered-password'
});
if (result.success) {
const { decryptedKey } = result;
// Now you can use this key to encrypt/decrypt secrets
console.log('Vault unlocked successfully!');
} else {
console.error('Failed to unlock vault:', result.error.message);
}Decrypt With Attempt Tracking
const result = await decryptGeneratedKey({
salt: data.salt,
iv: data.iv,
encryptedKey: data.encryptedKey,
password: userPassword,
trackAttempts: {
enable: true,
id: `user-${userId}`, // Unique identifier for this user
maxAttempts: 5 // Lock after 5 failed attempts
}
});
if (result.success) {
console.log('Login successful!');
} else {
console.error(`Login failed. Attempts: ${result.attempts}/5`);
if (result.attempts >= 5) {
console.error('Account locked due to too many failed attempts');
}
}Encrypt Each Secret Data
import { encryptSecret } from 'cryptonism';
// Assuming you have a decrypted key from decryptGeneratedKey
const result = await encryptSecret({
secret: 'my-api-key-abc123',
decryptedKey: userDecryptedKey
});
if (result.success) {
// Store these values in your database
const secretRecord = {
encryptedSecret: result.encryptedSecret,
iv: result.iv,
};
await saveSecretToDatabase(secretRecord);
console.log('Secret encrypted and saved!');
} else {
console.error('Encryption failed:', result.error.message);
}Decrypt Each Secret
import { decryptSecret } from 'cryptonism';
// Data retrieved from your database
const secretRecord = {
encryptedSecret: 'base64-encrypted-data',
iv: 'base64-iv-string'
};
const result = await decryptSecret({
encryptedSecret: secretRecord.encryptedSecret,
iv: secretRecord.iv,
decryptedKey: userDecryptedKey // From decryptGeneratedKey
});
if (result.success) {
console.log('Secret:', result.decryptedSecret);
// Use the decrypted secret (API key, password, etc.)
} else {
console.error('Decryption failed:', result.error.message);
}For advanced usage, configuration options, and troubleshooting tips, please refer to the Full Documentation.