Skip to main content
Version: 3.x

Symmetric Data Encrypt

In the following section, you will see a diagram of the cryptographic operations performed when calling the method symmetricDataEncrypt

This method securely encrypts input data by first generating a 12-byte Initialization Vector (IV) and a 64-byte salt using the HKDF(sha3-256 + random_key + random_salt) technique. It then derives a secure encryption key from the salt using the Argon2 algorithm. The actual data is encrypted using AES-256-GCM with the derived key, resulting in an output that includes the IV, salt, authentication tag, and ciphertext. This comprehensive approach ensures the integrity and confidentiality of the data during storage or transmission.

Diagram

Encrypt Data

Generate Salt (64 bytes)

Generate IV (12 bytes)

Input: Data

DATA

Input: Key

KEY

Key Length: length

Create Random Bytes: 64 bytes

Create Secret Key

SECRET_KEY

Create Random Bytes: 64 bytes

RANDOM_BYTES

HKDF ( sha3-256 + SECRET_KEY + RANDOM_BYTES + length )

Return Secure Random Bytes

Key Length: length

Create Random Bytes: 64 bytes

Create Secret Key

SECRET_KEY

Create Random Bytes: 64 bytes

RANDOM_BYTES

HKDF ( sha3-256 + SECRET_KEY + RANDOM_BYTES + length )

Return Secure Random Bytes

IV

Securely derive DEK using Argon2 + Salt

ENCRYPTION_KEY

Encrypt DATA using AES-256-GCM with ENCRYPTION_KEY + IV

Encrypted data [IV + Salt + AuthTag + CipherText]

Explanation of the Diagram

  1. Generate IV (12 bytes): A 12-byte IV is generated using HKDF(sha3-256 + random_key + random_salt).
  2. Generate Salt (64 bytes): A 64-byte salt is generated, also using HKDF(sha3-256 + random_key + random_salt).
  3. Derive Secure Encryption Key: A secure encryption key is derived using Argon2 with the Key and Salt.
  4. Encrypt Data: The input data is encrypted using AES-256-GCM with the derived secure encryption key, producing the encrypted result in format: [IV + Salt + AuthTag + CipherText].