npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@majikah/majik-envelope

v0.0.1

Published

The post-quantum cryptographic engine for Majik Message. Implements Envelope Format using ML-KEM-768 (Kyber) and AES-256-GCM with multi-recipient support and transparent compression.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

thezelijahthezelijah

Keywords

seed-phrasemnemonicbip39cryptocryptographyaccountkey-generationdeterministicseedkeypairmajik-envelopeblockchainauthenticationsecurityed25519key-derivation

Readme

Majik Envelope

Developed by Zelijah GitHub Sponsors

Majik Envelope is the core cryptographic engine of the Majik Message platform. It provides a post-quantum secure "envelope" format that handles message encryption, multi-recipient key encapsulation, and transparent compression using NIST-standardized algorithms.

npm npm downloads npm bundle size License TypeScript

Overview

Majik Envelope implements Envelope Format, which exclusively uses ML-KEM-768 (FIPS-203) for post-quantum security. It abstracts away the complexity of managing shared secrets, AES-GCM initialization vectors, and multi-recipient key wrapping, allowing developers to focus on sending secure messages.

Key Features

  • Post-Quantum Security: Exclusively uses ML-KEM-768 for key encapsulation.
  • Hybrid Encryption: Combines ML-KEM shared secrets with AES-256-GCM for high-speed content encryption.
  • Group Messaging: Native support for 1-to-many encryption using a single-ciphertext, multi-key-wrap approach.
  • Transparent Compression: Built-in Zstd and Gzip support via MajikCompressor to reduce message size.
  • Strict Format: Binary-backed envelopes with a standardized Base64 string representation (~*$MJKMSG:).

Installation

npm install @majikah/majik-envelope

Usage Guide

Encrypting a Message (Single Recipient)

The library automatically chooses between "Single" and "Group" logic based on the number of recipients.

import { MajikEnvelope } from "@majikah/majik-envelope";

const envelope = await MajikEnvelope.encrypt({
  plaintext: "Hello, this is a quantum-safe secret.",
  recipients: [{
    fingerprint: "recipient_fingerprint_base64",
    mlKemPublicKey: recipientPublicKeyBytes // Uint8Array (1184 bytes)
  }],
  compress: true // Default is true
});

// Convert to the scanner-ready string
const secretString = envelope.toString(); 
// Output: ~*$MJKMSG:AbC123...

Encrypting for a Group (2+ Recipients)

For group messages, a senderFingerprint is required for metadata.

import { MajikEnvelope } from "@majikah/majik-envelope";

const groupEnvelope = await MajikEnvelope.encrypt({
  plaintext: "Secret group meeting at midnight.",
  senderFingerprint: "my_fingerprint_base64",
  recipients: [
    { fingerprint: "alice_fp", mlKemPublicKey: alicePk },
    { fingerprint: "bob_fp", mlKemPublicKey: bobPk }
  ]
});

// Convert to the scanner-ready string
const secretString = groupEnvelope.toString(); 
// Output: ~*$MJKMSG:AbC123...

Decrypting an Envelope

To decrypt, you simply provide the recipient's identity (their private ML-KEM key and fingerprint).

import { MajikEnvelope } from "@majikah/majik-envelope";

const identity = {
  fingerprint: "my_fingerprint_base64",
  mlKemSecretKey: mySecretKeyBytes // Uint8Array (2400 bytes)
};

try {
  // Option 1: Decrypt from an existing instance
  const decrypted = await envelope.decrypt(identity);
  
  // Option 2: Parse from a string first
  const parsedEnvelope = MajikEnvelope.fromString("~*$MJKMSG:...");
  const text = await parsedEnvelope.decrypt(identity);
  
  console.log(text); // "Hello, this is a quantum-safe secret."
} catch (error) {
  console.error("Decryption failed: Unauthorized or tampered message.");
}

Technical Specifications Reference

1. Cryptographic Stack (Envelope)

Majik Envelope is designed to be Post-Quantum Secure (PQS) by default, moving away from classical ECC for key encapsulation.

| Component | Primitive | Implementation / Standard | | :--- | :--- | :--- | | Key Encapsulation (KEM) | ML-KEM-768 | FIPS-203 (formerly Kyber) | | Symmetric Encryption | AES-256-GCM | NIST SP 800-38D | | Hashing / Fingerprinting| SHA-256 | FIPS 180-4 | | Key Derivation (KDF) | Argon2id | OWASP Recommended (v2 accounts) | | Compression | Zstd / Gzip | @bokuweb/zstd-wasm / fflate |

2. Binary Structure & Framing

The library produces a "Scanner-Ready" string. This is a Base64-encoded binary blob prefixed with a protocol identifier.

Format: ~*$MJKMSG:<Base64_Payload>

Internal Binary Layout (Decoded Base64):

| Offset (Bytes) | Length | Field | Description | | :--- | :--- | :--- | :--- | | 0 | 1 | Version | Set to 0x03 for current PQ format. | | 1 | 32 | Fingerprint | SHA-256 of the recipient (Single) or Sender (Group). | | 33 | Variable | Payload | UTF-8 JSON string containing IVs and ciphertexts. |

3. Primitive Parameters

| Parameter | Value | Description | | :--- | :--- | :--- | | ML_KEM_PK_LEN | 1184 bytes | ML-KEM-768 Public Key size. | | ML_KEM_SK_LEN | 2400 bytes | ML-KEM-768 Secret Key size. | | ML_KEM_CT_LEN | 1088 bytes | ML-KEM-768 Ciphertext (encapsulation). | | AES_KEY_LEN | 32 bytes | 256-bit symmetric key. | | IV_LENGTH | 12 bytes | Standard GCM Initialization Vector length. |

4. Encryption Logic Flows

A. Single-Recipient (Direct)

  1. Compress: Plaintext is compressed using Zstd (or Gzip fallback).
  2. Encapsulate: Generate a sharedSecret (32b) and mlKemCipherText (1088b) using the recipient's Public Key.
  3. Encrypt: Encrypt the compressed data via AES-256-GCM using the sharedSecret as the key.
  4. Pack: Encode the iv, ciphertext, and mlKemCipherText into a SinglePayload JSON object.

B. Multi-Recipient (Group)

  1. Compress: Plaintext is compressed.
  2. Key Generation: Generate a random 32-byte masterAesKey.
  3. Encrypt: Encrypt the compressed data via AES-256-GCM using the masterAesKey.
  4. Wrap Keys: For each recipient:
    • Perform ML-KEM encapsulation to get a unique sharedSecret.
    • encryptedAesKey = masterAesKey XOR sharedSecret.
    • Store the recipient's fingerprint, mlKemCipherText, and encryptedAesKey.
  5. Pack: Encode the iv, ciphertext, and the array of keys into a GroupPayload JSON object.

5. Implementation Notes

  • Authentication: AES-GCM provides AEAD (Authenticated Encryption with Associated Data). If a message is tampered with or the wrong key is used, decryption will throw an "Auth tag mismatch" error.
  • Quantum Resistance: Because the symmetric key is derived via ML-KEM-768, the message remains secure even against future Shor's algorithm-based attacks that would break RSA or Elliptic Curve (X25519) systems.
  • Graceful Degradation: The MajikCompressor automatically handles decompression by identifying the mjkcmp magic header, ensuring compatibility even if compression settings change.

Related Projects

Majik Message

Secure messaging platform using Majik Keys

npm npm downloads npm bundle size License TypeScript

Read more about Majik Message here

Majik Message Thumbnail

Click the image to try Majik Message live.

Read Docs

Also available on Microsoft Store for free.

Official Repository SDK Library

Majik Key

Majik Key is a seed phrase account library for creating, managing, and parsing mnemonic-based cryptographic accounts (Majik Keys). Generate deterministic key pairs from BIP39 seed phrases with simple, developer-friendly APIs. Now supports ML-KEM-768 post-quantum key derivation alongside X25519.

npm npm downloads npm bundle size License TypeScript

Read Docs Official Repository SDK Library

Contributing

If you want to contribute or help extend support to more platforms, reach out via email. All contributions are welcome!

License

Apache-2.0 — free for personal and commercial use.

Author

Made with 💙 by @thezelijah

About the Developer

Contact