Privyy.io — Open Cryptographic Infrastructure
Enterprise-grade encryption engineered for every stack. One protocol. Zero translation layer.
Ephemeral ECDH key pairs guarantee forward secrecy on every message. Context binding via AAD ties each ciphertext to its conversation and prevents cross-context replay.
Go and TypeScript implementations are byte-for-byte compatible. Data encrypted by your backend is always decryptable by your frontend — verified by an automated cross-compatibility suite.
Encrypted payloads carry version markers. When cryptographic standards evolve, you can migrate gracefully without ever losing access to older data.
Private keys are encrypted at rest using AES-256-GCM with user-derived keys. Sensitive material is zeroed from memory immediately after use.
Generate cryptographically secure recovery keys with optional BIP39 mnemonic encoding, so users can always regain access to their own data.
Both implementations actively erase key material after use. Go leverages memguard-style techniques; TypeScript uses best-effort zeroing with explicit garbage collection hints.
Install the package for your platform and start encrypting in minutes. The primitives are identical — only the syntax changes.
// npm install @privyy-io/grimlock import grimlock from '@privyy-io/grimlock'; // Generate key pair const keyPair = await grimlock.generateKeyPair(); // Derive key from user passcode const key = await grimlock.derivePasscodeKey(passcode, { salt, argon2Params: { timeCost: 4, memoryCost: 131072, parallelism: 2 } }); // Encrypt a message end-to-end const encrypted = await grimlock.encryptMessage( payload, recipientPublicKey, context ); // Decrypt const decrypted = await grimlock.decryptMessage( encrypted, privateKey, context );
// go get github.com/privyy/grimlock import "github.com/privyy/grimlock" // Generate key pair keyPair, err := grimlock.GenerateKeyPair() // Derive key from user passcode params, _ := grimlock.GenerateDefaultKdfParams() key, err := grimlock.DerivePasscodeKey( "passcode", params ) // Encrypt a message end-to-end encrypted, err := grimlock.EncryptMessage( payload, recipientPublicKey, context ) // Decrypt result, err := grimlock.DecryptMessage( encrypted, privateKey, context, nil )
Grimlock does not invent new cryptography. It composes proven, well-audited primitives into a cohesive API — so your security relies on decades of peer review, not on novel code.
| Primitive | Algorithm | Purpose |
|---|---|---|
| X25519 | Elliptic Curve Diffie-Hellman | Ephemeral shared secret for message encryption; forward secrecy per session |
| AES-256-GCM | Authenticated Encryption | Message and private key encryption with integrity guarantees |
| Argon2id | Memory-Hard KDF | Passcode to encryption key derivation; resistant to GPU brute-force |
| HKDF-SHA512 | Key Derivation Function | Recovery key derivation and per-message key expansion |
| CSPRNG | Platform Secure Random | All nonces, salts, and ephemeral key material |
| BIP39 (opt.) | Mnemonic Encoding | Human-readable recovery key representation |
Full implementation using the Go standard library and golang.org/x/crypto. Ideal for backend services, microservices, and CLIs.
Works in both Node.js and the browser via Web Crypto API. Tree-shakeable, fully typed, zero native dependencies required for browser builds.
Native Python implementation for data pipelines, scripts, and server-side tooling that must interoperate with Go or TypeScript services.
Open Source · Production Ready
Read the documentation, explore the source, or drop into the repository and contribute. The full stack awaits.