Skip to Content
API Reference@cfxdevkit/servicesEncryptionService

@cfxdevkit/services

@cfxdevkit/services / EncryptionService

Class: EncryptionService

Defined in: packages/services/src/services/encryption.ts:29

Encryption service using AES-256-GCM

Security specifications:

  • Algorithm: AES-256-GCM (authenticated encryption)
  • Key derivation: PBKDF2-SHA256 with 100,000 iterations
  • Salt: 32 bytes (random, stored in keystore)
  • IV: 12 bytes (random per encryption, prepended to ciphertext)
  • Format: base64(IV + EncryptedData + AuthTag)

Methods

decrypt()

static decrypt(ciphertext, password, salt): Promise<string>

Defined in: packages/services/src/services/encryption.ts:128

Decrypt ciphertext with password

Parameters

ciphertext

string

Base64-encoded ciphertext with prepended IV

password

string

Encryption password

salt

Buffer

Salt for key derivation

Returns

Promise<string>

Decrypted plaintext

Throws

Error if decryption fails (wrong password or corrupted data)

decryptObject()

static decryptObject<T>(ciphertext, password, salt): Promise<T>

Defined in: packages/services/src/services/encryption.ts:174

Decrypt to an object (parses JSON after decryption)

Type Parameters

T

T

Parameters

ciphertext

string

password

string

salt

Buffer

Returns

Promise<T>

deriveKey()

static deriveKey(password, salt): Promise<CryptoKey>

Defined in: packages/services/src/services/encryption.ts:50

Derive encryption key from password using PBKDF2

Parameters

password

string

salt

Buffer

Returns

Promise<CryptoKey>

encrypt()

static encrypt(plaintext, password, salt): Promise<string>

Defined in: packages/services/src/services/encryption.ts:86

Encrypt plaintext with password

Parameters

plaintext

string

String to encrypt

password

string

Encryption password

salt

Buffer

Salt for key derivation

Returns

Promise<string>

Base64-encoded ciphertext with prepended IV

encryptObject()

static encryptObject<T>(obj, password, salt): Promise<string>

Defined in: packages/services/src/services/encryption.ts:162

Encrypt an object (serializes to JSON first)

Type Parameters

T

T

Parameters

obj

T

password

string

salt

Buffer

Returns

Promise<string>

generateSalt()

static generateSalt(): Buffer

Defined in: packages/services/src/services/encryption.ts:41

Generate a random salt for key derivation

Returns

Buffer

hash()

static hash(data): Promise<string>

Defined in: packages/services/src/services/encryption.ts:186

Hash a string with SHA-256 (for config integrity checks)

Parameters

data

string

Returns

Promise<string>

validatePasswordStrength()

static validatePasswordStrength(password): object

Defined in: packages/services/src/services/encryption.ts:198

Verify password strength (basic validation)

Parameters

password

string

Returns

object

errors

errors: string[]

valid

valid: boolean

OverviewKeystoreLockedError