UNPKG

xypriss-security

Version:

Advanced High-Performance Security Framework. Military-grade encryption, post-quantum resilience, and fortified data structures.

206 lines (145 loc) 6.96 kB
# XyPriss Security XyPriss Security is an enterprise-grade cryptographic framework for TypeScript / JavaScript environments. It utilizes a high-performance Go-based core engine compiled as a static, dependency-free CLI binary to provide military-grade security with absolute cross-platform reliability. ## Core Principles - **Performance**: Optimized execution using lightweight process spawning, bypassing the overhead of standard JavaScript cryptographic implementations without the complexity of CGO. - **Universal Portability**: Zero native compilation required. Statically linked pure Go binaries run flawlessly on Linux, Windows, and macOS (amd64/arm64) via a unified interface. - **Modern Standards**: Native support for Ed25519, AES-256-GCM, Argon2id, PBKDF2, HKDF, RSA-OAEP, RSA-PSS, and Post-Quantum algorithms (Kyber-768). - **Security by Default**: Automatic memory sanitization and secure key derivation patterns. - **High-Payload Optimization**: Transparent `stdin` piping for large buffers to bypass OS-level `E2BIG` limitations. - **Zero-Config Installation**: Automatically downloads the exact pre-built binary for your platform during installation (no local Go toolchain required). ## Documentation The framework documentation is modularized for clarity and depth. ### Modules - [Core](docs/modules/core.md) - Foundational primitives (Hash, Random, Password, SecureBuffer, XyPrissSecurity). - [Ed25519](docs/modules/ed25519.md) - High-performance EdDSA signature verification. - [RSA and Byte Utilities](docs/modules/rsa-and-byte-utils.md) - RSA-PSS signing, RSA-OAEP encryption, key generation, and UTF-8 byte validation. - [Cache](docs/modules/cache.md) - Ultra-fast secure in-memory cache system (UFSIMC). - [Encryption](docs/modules/encryption.md) - High-level data protection services. - [Utilities](docs/modules/utils.md) - Encoding and general helpers. ### Reference - [Type System](docs/api/types.md) - API options and data structure references. ## Quick Start ### Installation ```bash xfpm add xypriss-security ``` ### The Unified `Cipher` API (Compatibility) For maximum convenience and compatibility with previous versions, use the `Cipher` class. It aggregates `Hash`, `Random`, and `XSec` into a single entry point. ```typescript import { Cipher } from "xypriss-security"; // --- RANDOM & TOKENS --- // Generate 32 secure random bytes const bytes = Cipher.random.getRandomBytes(32); console.log(bytes.toString("hex")); // Generate a secure integer in range [1000, 9999] const pin = Cipher.random.Int(1000, 9999); // Create a high-entropy API key const apiKey = Cipher.XSec.generateAPIKey({ prefix: "sk_live" }); // --- HASHING & PKCE --- // Create a standard SHA-256 hash const digest = Cipher.hash.create("sensitive-payload"); // Generate a PKCE Code Challenge for OAuth2 const challenge = Cipher.hash.pkce("verifier-string-123"); // --- KEY DERIVATION (PBKDF2) --- const derivedKey = await Cipher.hash.create("my-password", { algorithm: "pbkdf2", iterations: 200000, salt: "unique-salt-string", }); ``` ### Professional Passwords (Argon2id) XyPriss uses Argon2id by default, providing superior resistance to GPU/ASIC cracking. ```typescript import { pm } from "xypriss-security"; // 'pm' is an alias for PasswordManager // 1. Configure once per app const passwords = new pm({ memoryCost: 65536, // 64MiB parallelism: 4, }); // 2. Use everywhere const hash = await passwords.hash("user-password-123"); const isValid = await passwords.verify("user-password-123", hash); // 3. Detect if a string is already hashed (useful in upsert flows) const alreadyHashed = passwords.isHashed(hash); // true const notHashed = passwords.isHashed("plane-text"); // false ``` ### RSA Asymmetric Cryptography ```typescript import { generateRSAKeyPair, rsaSign, rsaVerify, rsaEncrypt, rsaDecrypt, } from "xypriss-security"; // Generate a 4096-bit key pair (do this once, persist securely) const { publicKey, privateKey } = await generateRSAKeyPair(); // Sign a payload with your private key const signature = await rsaSign(privateKey, "critical-payload"); // Verify on the receiver side const isValid = await rsaVerify(publicKey, "critical-payload", signature); console.log(isValid); // true // Encrypt small data (e.g., symmetric keys) with a public key const encrypted = await rsaEncrypt(publicKey, "short-secret"); const decrypted = await rsaDecrypt(privateKey, encrypted); console.log(decrypted); // "short-secret" ``` ### Ed25519 Signatures Optimized verification for high-speed integrity checks. ```typescript import { ed25519Verify } from "xypriss-security"; const valid = ed25519Verify(authorPubKeyHex, dataContent, signatureBase64); ``` ### Hash Detection ```typescript import { pm } from "xypriss-security"; const passwords = new pm({ algorithm: "argon2id" }); const hash = await passwords.hash("user-password"); // Check before re-hashing if (!passwords.isHashed(rawInput)) { const stored = await passwords.hash(rawInput); } ``` ### Byte-Safe Length Validation JavaScript's `.length` counts characters, not bytes. For multi-byte Unicode, this distinction is critical in cryptographic contexts. ```typescript import { getByteLength, isValidByteLength } from "xypriss-security"; // "caf\u00e9" has 4 characters but 5 bytes in UTF-8 console.log("cafe\u0301".length); // 5 (chars) console.log(getByteLength("cafe\u0301")); // 6 (bytes) // Validate AES-256 key material (must be exactly 32 bytes) const keyCandidate = "exactly-32-bytes-long-passphrase"; if (!isValidByteLength(keyCandidate, 32)) { throw new Error("Invalid key length."); } ``` ### Ultra-Fast Secure Caching (UFSIMC) The caching system automatically handles encryption and compression using the Go core. ```typescript import { Cache } from "xypriss-security"; // Stores data securely with a 1-hour TTL await Cache.set( "session:88", { role: "admin", permissions: ["*"] }, { ttl: 3600 }, ); const session = await Cache.get("session:88"); ``` ## Performance Benchmarks XyPriss Security leverages a multi-threaded Go core, consistently outperforming native JavaScript implementations: | Operation | Standard JS | XyPriss (Go Core) | Improvement | | --------- | ----------- | ----------------- | ----------- | | Argon2id | ~450ms | ~85ms | 5.3x | | AES-GCM | ~12ms | ~2ms | 6x | | SHA-256 | ~5ms | ~0.8ms | 6.2x | ## Binary Handling with `SecureBuffer` `SecureBuffer` extends standard `Uint8Array` to support multiple encodings directly, optimized for security contexts. ```typescript import { Random } from "xypriss-security"; const data = Random.getRandomBytes(32); console.log(data.toString("base64")); // Output as Base64 console.log(data.toString("binary")); // Output as Binary String ``` ## License Copyright (c) 2025 NEHONIX. Licensed under the Nehonix Open Source License (NOSL). All rights reserved.