Confidentiality

Portable, secure by default cryptography.

Important: This library is not a substitution for well seasoned TLS implementations and only exists as a supplementary means of offering cryptographic primitives. Make sure you understand the limitations of each function before you use them.

Project state: Unstable, we're still working on the API and used algorithms.

Supported languages

Used algorithms

Backward compatibility

Confidentiality will be released using semantic versioning. Releases on the a new major release may introduce algorithm changes that are not compatible with releases on previous major releases. New major versions may be compatible with older releases, unless there are security concerns for supporting older algorithms.

The 0 major release has no promise of backward compatibility and are used to field test algorithm changes.

Message authentication

Using HMAC-SHA256.

Signing

sign(message, key) -> signed message

Verifying

verify(signed message, key) -> [error]

Key exchange

Using Elliptive Curve Diffie-Helman (ECDH) key exchange.

Shared key

exchange(readable & writable stream) -> key

Message encryption

Using AES-128-GCM.

Encrypting

encrypt(message, key) -> encrypted message

Decrypting

decrypt(encypted message, key) -> message

Stream encryption

Using AES-128-GCM for IV hand over and AES-128-CTR for stream encryption.

Encrypting

encrypter(writable stream, key) -> writable stream

Decrypting

decrypter(readable stream, key) -> readable stream

Secure a stream

Performs a key exchange and switches to encrypted/decrypted streams for writing/reading to/from the stream.

secure(readable & writable stream) -> readable & writable stream