Module crypto 

AES-256-GCM encryption and X25519 ECDH key exchange. Wire format: base64url(nonce[12B] || ciphertext || GCM_tag[16B]).

This module is the single source of truth for client-side crypto across the CLI and desktop. Wire format is bit-compatible with the Go relay / cinch/internal/crypto/ Go side; do not change byte layout, HKDF info string (cinch-key-xfer), or nonce length without coordinated updates to all consumers and testdata/crypto-vectors.json.

Functions

decrypt

Decrypt a base64url-encoded AES-256-GCM payload.

derive_shared_key

Derive a 32-byte AES key from X25519 ECDH shared secret via HKDF-SHA256. local_priv_b64 and remote_pub_b64 are base64url-encoded.

encrypt

Encrypt plaintext with AES-256-GCM. Returns base64url(nonce[12] || ciphertext || tag[16]).

generate_aes_key

Generate a fresh 32-byte AES-256 key. Mirrors the Go side’s cinchcrypto.GenerateKey() used by cinch auth login to seed the per-user clip-encryption key.

generate_device_keypair

Generate a static X25519 keypair for the device’s long-lived identity used in encrypted key-exchange bundles. Returns (private_b64, public_b64).

generate_ephemeral_keypair

Generate an ephemeral X25519 keypair for ECDH key exchange. Returns (private_key_b64, public_key_b64).

pub_from_priv

Derive the X25519 public key (base64url) from a stored private key (base64url). Used at login completion to re-register a device’s public key with the relay without needing the keypair generator’s in-memory output.