Skip to content
Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time


Simple, extensible interface for the tweetnacl-js cryptography library


Cryptography is hard. Even subtle bugs in implementation can render your efforts insecure. That inspired the creation of TweetNaCl and its JavaScript port, TweetNaCl.js. TweetNaCl.js is an opinionated bundle of universal JavaScript that distills cryptography best practices and is auditable (that is, making it easier for other security professionals to review it). That's good because the code is short and introduces minimal abstraction. However, that lack of abstraction can make the API hard to use.

Panda Confidential aims to make Tweet NaCl easier to use—and extend—with minimal reduction in auditability.


Because panda-confidential is extensible, you must instantiate a new instance before using it. This helps prevent unexpected changes by third parties.

import {confidential} from "panda-confidential"

do ->
  # Instantiate Panda-Confidential
  {encrypt, decrypt, key} = confidential()

Panda-confidential wraps the TweetNaCl.js interface with three pairs of opposing functions:

  1. encrypt and decrypt
  2. sign and verify
  3. encode and decode

These functions are generics and infer intent based on their arguments. For example, if you invoke encrypt with a symmetric key, you get symmetric encryption.

  # Generate symmetric key of correct length that should be saved.
  myKey = await key.Symmetric()

  # Person A symmetrically encrypts their data.
  message = "Hello World!"
  ciphertext = await encrypt myKey, message

The details -- key length, ensuring a robust source of randomness, encryption algorithm, etc -- are all handled by TweetNaCl.js. encrypt and the key type system just provides a super simple interface for that power.

Use decrypt to retrieve the data just as simply.

  # Later, Person A decrypts that ciphertext.
  output = await decrypt myKey, ciphertext

Please see the full API documentation for more detailed information about key types and function pairs.


For the browser, bundle using your favorite bundler:

npm i -s panda-confidential

Full API Documentation


Simple, extensible interface for the tweetnacl-js cryptography library




No packages published