HyperFrontend
← Back to @hyperfrontend/cryptography
@hyperfrontend/cryptography/node

node

Node.js-targeted bindings of the cryptography primitives, wired to node:crypto (webcrypto.subtle and randomBytes).

Overview

This entry point composes the runtime-agnostic core (createEncrypt, createValueCreator, hashing, key derivation, time-based passwords) with Node.js implementations of subtle, getRandomValues, and UTF-8 encoding. Function signatures match /browser so encryption workflows can be shared across the stack — pick the adapter that matches the runtime and the rest of the code stays identical.

Usage

import { encrypt, decrypt, getTimeBasedPasswords } from '@hyperfrontend/cryptography/node'

const ciphertext = await encrypt('Sensitive data', 'secure-password')
const plaintext = await decrypt(ciphertext, 'secure-password')

// Rotating passwords on a 5-minute window, with previous/next for clock-drift tolerance
const generators = getTimeBasedPasswords(new Date(), 300_000)
const current = await generators.current()
const previous = await generators.previous()

Notes

  • subtle resolves to webcrypto.subtle. Node.js 19+ is recommended; on 18.x webcrypto is still flagged experimental.
  • getRandomValues delegates to randomBytes and throws when called with a zero byte length.
  • The package has zero runtime dependencies beyond node:crypto and a small set of internal utility libs.

API Reference

ƒ Functions

§function

createHash(data: string, algorithm: HashAlgorithm): Promise<string>

Creates a cryptographic hash of the provided data using Node.js crypto module.

Parameters

NameTypeDescription
§data
string
The string data to hash
§algorithm
HashAlgorithm
The hash algorithm to use (defaults to SHA-256)
(default: 'SHA-256')

Returns

Promise<string>
A promise that resolves to the hexadecimal hash string

Example

Creating a hash

const hash = await createHash('secret-message')
// => '64-character hexadecimal string'
§function

getRandomValues(byteLength: number): Uint8Array

Generates cryptographically secure random values using Node.js crypto module.

Parameters

NameTypeDescription
§byteLength
number
The number of random bytes to generate

Returns

Uint8Array
A Uint8Array containing the random bytes

Example

Generating random bytes

const randomBytes = getRandomValues(16)
// => Uint8Array(16) with cryptographically secure random values
§function

isSHA256Hash(hash: unknown): boolean

Validates whether the provided value is a valid SHA-256 hash string. Checks for exactly 64 hexadecimal characters (case-insensitive).

Parameters

NameTypeDescription
§hash
unknown
The value to validate as a SHA-256 hash

Returns

boolean
True if the value is a valid SHA-256 hash string, false otherwise

Example

Validating SHA-256 hashes

isSHA256Hash('e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855')
// => true

isSHA256Hash('invalid')
// => false

Interfaces

§interface

EncryptionConfig

Configuration for encryption algorithm settings.

Properties

§name:"AES-GCM" | "AES-CBC" | "AES-CTR"
Encryption algorithm name (AES-GCM, AES-CBC, or AES-CTR).
§interface

TimeBasedPasswordGenerators

Generators for time-based one-time passwords (TOTP).

Properties

§readonly current:() => Promise<string>
Generates the password for the current time window.
§readonly next:() => Promise<string>
Generates the password for the next time window.
§readonly previous:() => Promise<string>
Generates the password for the previous time window.
§interface

Vault

Secure vault for storing encrypted key-value pairs.

Properties

§readonly close:() => void
Closes the vault and clears sensitive data from memory
§readonly getPassword:() => string
Retrieves the current vault password, or null if not set
§readonly read:(label: string, password: string) => Promise<string>
Reads and decrypts a value by label, requiring the password
§readonly write:(label: string, value: string) => Promise<void>
Writes an encrypted value with the given label

Types

§type

HashAlgorithm

Supported cryptographic hash algorithms.
type HashAlgorithm = "SHA-256" | "SHA-384" | "SHA-512"

Variables

§type

createVault

§type

decrypt

§type

encrypt

§type

generateKey

§type

getTimeBasedPassword

Generates a UTC time-based one-time password (TOTP) with configurable time window and offset (Node.js implementation). Uses Node.js crypto module for hash generation.
§type

getTimeBasedPasswords

Generates time-based one-time passwords (TOTP) for current, previous, and next time windows (Node.js implementation). Useful for handling time synchronization issues by providing passwords across adjacent time windows.
§type

subtle

§type

encryptionConfig

Frozen encryption configuration to prevent runtime tampering. Using AES-GCM as the default algorithm for authenticated encryption.