Skip to content

Commit 637ed66

Browse files
author
Developer
committed
docs: add encryption section to README
 Add comprehensive encryption documentation to README including: - Basic encryption with auto-generated keys - User-provided encryption key examples - Feature list (XChaCha20-Poly1305, 256-bit keys, chunking) - Security considerations and warnings - Link to full API.md documentation
1 parent 01fecfd commit 637ed66

File tree

1 file changed

+55
-0
lines changed

1 file changed

+55
-0
lines changed

README.md

Lines changed: 55 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -111,6 +111,61 @@ for await (const item of s5.fs.list("home/documents")) {
111111
}
112112
```
113113

114+
## Encryption
115+
116+
Enhanced S5.js includes **built-in encryption** using XChaCha20-Poly1305, providing both confidentiality and integrity for sensitive data.
117+
118+
### Basic Encryption
119+
120+
```typescript
121+
// Auto-generate encryption key
122+
await s5.fs.put("home/secrets/credentials.json", sensitiveData, {
123+
encryption: {
124+
algorithm: "xchacha20-poly1305",
125+
},
126+
});
127+
128+
// Retrieve and decrypt automatically
129+
const data = await s5.fs.get("home/secrets/credentials.json");
130+
console.log(data); // Original decrypted data
131+
```
132+
133+
### User-Provided Encryption Keys
134+
135+
```typescript
136+
// Use your own 32-byte encryption key
137+
const myKey = new Uint8Array(32); // Your secure key
138+
crypto.getRandomValues(myKey);
139+
140+
await s5.fs.put("home/private/document.txt", "Secret content", {
141+
encryption: {
142+
algorithm: "xchacha20-poly1305",
143+
key: myKey, // Use specific key
144+
},
145+
});
146+
147+
// Decryption uses key from metadata automatically
148+
const content = await s5.fs.get("home/private/document.txt");
149+
```
150+
151+
### Features
152+
153+
- **Algorithm**: XChaCha20-Poly1305 (AEAD cipher)
154+
- **Key Size**: 256-bit (32 bytes)
155+
- **Chunk-based**: Large files encrypted in 256 KiB chunks
156+
- **Transparent**: Automatic encryption/decryption
157+
- **Secure**: Each chunk uses unique nonce
158+
159+
### Security Considerations
160+
161+
⚠️ **Important**: Encryption keys are stored in directory metadata. Anyone with directory read access can decrypt files. This design provides:
162+
163+
- ✅ Convenience: No separate key management needed
164+
- ✅ Automatic decryption with directory access
165+
- ⚠️ Access control: Secure your directory access credentials
166+
167+
For complete encryption documentation, examples, and security best practices, see the [Encryption section in API.md](./docs/API.md#encryption).
168+
114169
### Advanced Usage
115170

116171
```typescript

0 commit comments

Comments
 (0)