Symmetric encryption made easy

Monthly Downloads: 0
Programming language: JavaScript
Tags: Storage     JavaScript     Js     Encryption     Crypto     Cipher    
Latest version: v2.1.0

kruptein alternatives and similar libraries

Based on the "Storage" category

Do you think we are missing an alternative of kruptein or a related project?

Add another 'Storage' Library



crypto; from kruptein to hide or conceal

npm Downloads Codacy Badge Known Vulnerabilities Build Status codecov


To install npm install kruptein


  • .set(secret, plaintext, [aad], callback)
  • .get(secret, ciphertext, [{at: auth_tag, aad: aad}], callback)


Industry standards are used for the algorithm, hashing algorithm, key & IV sizes. The default key derivation is pbkdf2, however use of the scrypt derivation function can be enabled.

  • algorithm: (Optional) Cipher algorithm from crypto.getCiphers(). Default: aes-256-gcm.
  • hashing: (Optional) Hash algorithm from crypto.getHashes(). Default: sha512.
  • encodeas: (Optional) Output encoding. Currently supports binary, hex, & base64. Default: binary.
  • key_size: (Optional) Key size bytes (should match block size of algorithm). Default: 32
  • iv_size: (Optional) IV size bytes. Default: 16.
  • at_size: (Optional) Authentication tag size. Applicable to gcm & ocb cipher modes. Default: 128.
  • use_scrypt: (Optional) Use .scrypt() to derive a key. Requires node > v10. Default/Fallback: .pbkdf2().


To test use npm test or node .test/vanilla.js


When selecting an algorithm from crypto.getCiphers() the iv and key_size values are calculated auto-magically to make implementation easy.

You can always define your own if the defaults per algorithm and mode aren't what you would like; see the options section above.

Create ciphertext from plaintext

To create a new ciphertext object.

const kruptein = require("kruptein")(opts);
let secret = "squirrel";

kruptein.set(secret, "Operation mincemeat was an example of deception", (err, ct) => {
  if (err)
    throw err;


Get plaintext from ciphertext

To retrieve plaintext from a ciphertext object.

const kruptein = require("kruptein")(opts);
let ciphertext, secret = "squirrel";

kruptein.get(secret, ciphertext, (err, pt) => {
  if (err)
    throw err;



The .set() method creates the following object;

Non-Authenticated Ciphers

For those ciphers that DO NOT support authentication modes the following structure is returned.

  'hmac': "<binary format of calculated hmac>",
  'ct': "<binary format of resulting ciphertext>",
  'iv': "<buffer format of generated/supplied iv>",
  'salt': "<buffer format of generated/supplied salt>"

Authenticated Ciphers

For those ciphers that DO support authentication modes the following structure is returned.

Important: Note that in the event additional authentication data (aad) is not provided a random 128 byte salt is used.

  'hmac': "<binary format of calculated hmac>",
  'ct': "<binary format of resulting ciphertext>",
  'iv': "<buffer format of generated/supplied iv>",
  'salt': "<buffer format of generated/supplied salt>",
  'at': "<buffer format of generated authentication tag>",
  'aad': "<buffer format of generated/supplied additional authentication data>"

Cryptography References

This module conforms to industry recommendations regarding algorithm type, mode, key size, iv size & implementation, digests, key derivation & management etc. References used provided here:


  • RFC 2104: HMAC: Keyed-Hashing for Message Authentication
  • RFC 4086: Randomness Requirements for Security
  • RFC 5084: Using AES-CCM and AES-GCM Authenticated Encryption
  • RFC 7914: The scrypt Password-Based Key Derivation Function
  • RFC 8018: Password-Based Cryptography Specification


  • SP 800-38A: Block cipher modes of operation
  • SP 800-38B: Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC
  • SP 800-57P1: Recommendations for key management
  • SP 800-107: Recommendation for Applications Using Approved Hash Algorithms
  • SP 800-108: Recommendation for Key Derivation Using Pseudorandom Functions
  • SP 800-131A: Transitioning the Use of Cryptographic Algorithms and Key Lengths
  • SP 800-132: Recommendation for Password-Based Key Derivation
  • SP 800-175B: Guideline for Using Cryptographic Standards in the Federal Government


  • FIPS 197: Advanced Encryption Standard (AES)
  • FIPS 198-1: The Keyed-Hash Message Authentication Code (HMAC)
  • FIPS 180-4: Secure Hash Standard (SHS)


Contributions are welcome & appreciated!

Refer to the contributing document to help facilitate pull requests.


This software is licensed under the MIT License.

Copyright Jason Gerfen, 2019.

*Note that all licence references and agreements mentioned in the kruptein README section above are relevant to that project's source code only.