JOY-VAULT

JOY-VAULT is a command-line tool designed for secure file encryption and data concealment. It compresses and encrypts files using AES-256-GCM and maps the resulting binary data directly into audio (WAV) or image (PNG) files.

The project focuses on high data density (1:1 ratio) and cryptographic integrity. Unlike traditional steganography tools that hide data inside existing media, JOY-VAULT generates the media from the encrypted data itself, ensuring the smallest possible output size.

Compatibility

Node.js 20.x or higher.

Cross-platform: Works on Linux, Windows, and macOS.

Local-only: No data ever leaves your machine.

Installation

Install the package globally via npm:

npm install -g joy-vault

Core Functionalities

The tool provides two main commands: encode and decode.

Encoding Files

To encrypt files and turn them into an audio or image vault:

joy-vault encode [files...] -p [password] -t [type] -o [output_name]

Arguments and Options:

files: A list of one or more files to be included in the vault.

-p, --password: The master key used to derive the encryption key.

-t, --type: The output format. Options are 'audio' (default) or 'image'.

-o, --output: Optional custom name for the generated file.

Examples:

Create an audio vault: joy-vault encode document.pdf photo.jpg -p my_secret_key -t audio -o vault.wav

Create an image vault: joy-vault encode backup.zip -p my_secret_key -t image -o vault.png

Decoding Vaults

To extract the original files from a vault:

joy-vault decode [vault_file] -p [password]

Example: joy-vault decode vault.wav -p my_secret_key

Technical Specifications Encryption Standard

The tool utilizes AES-256-GCM (Galois/Counter Mode). This provides both confidentiality and authenticity. If the vault file is modified by even a single bit, the decryption process will fail, protecting against data corruption or tampering.

Key Derivation

Passwords are processed using PBKDF2 with 100,000 iterations and a random 16-byte salt. This makes brute-force attacks significantly more difficult by increasing the computational cost of testing each password.

Data Compression

Before encryption, all files are bundled and compressed using Zlib (Level 9). This reduces the final footprint, often resulting in a vault file that is smaller than the sum of its original parts.

Storage Density

Audio (WAV): Uses 8-bit PCM mapping. Every byte of encrypted data corresponds to one audio sample. At a 44.1kHz sample rate, the tool stores approximately 44KB of data per second of audio.

Image (PNG): Maps data to the Red, Green, and Blue channels of each pixel. The Alpha channel is kept opaque to ensure data persistence across different image viewers.

FAQ

Q: What happens if I lose my password? A: There is no recovery mechanism. The data is mathematically encrypted. Without the key, the content is indistinguishable from random noise and cannot be recovered.

Q: Can I convert the WAV to MP3 to save more space? A: No. MP3 is a lossy format that discards audio information to reduce size. Doing this will destroy the encrypted bits, making decryption impossible. Always keep the vault in its original WAV or PNG format.

Q: Why does the audio sound like static/noise? A: Because it is. The audio samples are not a recording; they are a direct representation of encrypted binary data. High-entropy encrypted data naturally sounds like white noise.

Q: Is this tool safe to use for sensitive data? A: The encryption used (AES-GCM) is a standard for top-secret information. However, security also depends on the strength of your password. As a local-only tool, your data is never uploaded to a server, which eliminates the risk of interception during the encryption process.

Architecture

The CLI is built with:

node:crypto for hardware-accelerated encryption.

fflate for high-performance, pure-JavaScript compression.

pngjs for cross-platform image generation without external system dependencies.

commander for the terminal interface.