@gomani/secure@1.2.0
npm size budget2.8 KB / 5.0 KB ✓
@gomani/secure
Local data is encrypted at rest with a key derived from user authentication (PBKDF2), so possession of the device alone doesn't yield the data. Offline sessions have a hard expiry and a bounded offline window; sync transport is integrity-signed.
API
deriveKey
function
deriveKey(password: string, salt: Uint8Array): Promise<CryptoKey>
Derive an AES-GCM key from user authentication via PBKDF2 — keys are never stored in plaintext beside the data.
createCryptoCodec
function
createCryptoCodec(key: CryptoKey): ValueCodec
An encryption-at-rest codec for the @gomani/data IndexedDB boundary — ciphertext on disk, plaintext in cache.