Skip to content
Brivora

Encryption

Encrypt & Decrypt

Section titled “Encrypt & Decrypt”
import { crypto } from '@brivora/crypto';


// Alice encrypts a message for Bob
const encrypted = await crypto.encrypt('secret message', bob.publicKey);


// Bob decrypts
const plaintext = await crypto.decrypt(encrypted, bob.privateKey);
// Uint8Array → use new TextDecoder().decode(plaintext) for strings

How Hybrid Encryption Works

Section titled “How Hybrid Encryption Works”
  1. Generate ephemeral X25519 key pair
  2. Compute classical shared secret via X25519 ECDH
  3. Encapsulate PQC shared secret via ML-KEM-768
  4. Combine both secrets via HKDF-SHA256
  5. Encrypt plaintext with AES-256-GCM

An attacker must break both X25519 and ML-KEM-768 to recover the plaintext.

PQC-Only Mode

Section titled “PQC-Only Mode”
// Disable classical crypto (PQC-only)
const encrypted = await crypto.encrypt(data, pubKey, { hybrid: false });

API Reference

Section titled “API Reference”
MethodDescription
crypto.encrypt(data, recipientPublicKey, options?)Hybrid encrypt (X25519 + ML-KEM-768 + AES-256-GCM)
crypto.decrypt(encrypted, privateKey)Decrypt with your private key