svg2text

Encrypt and decrypt small payloads as bitmap-style SVG using Web Crypto (SubtleCrypto). Works in the browser or any runtime with globalThis.crypto.subtle.

Install

npm install svg2text

Usage

import { randomKeyMaterial, keyMaterialToHex, enc, dec } from "svg2text";

const key = randomKeyMaterial();
const svg = await enc(key, "Hello");
const text = await dec(key, svg);

Key: Uint8Array / ArrayBuffer (32 bytes) or a 64-character hex string. Helpers: keyMaterialToHex, hexToKeyMaterial.

External key in pixels: await enc(key, text, { embedKey: false }) — decrypt with dec(key, svg); the SVG marks this with data-s2t-embed="0" (SVG_STREAM_EMBED_ATTR).

By default the 32-byte key material is in the pixel stream (plaintext is still AES-GCM sealed). Treat default SVGs as carrying the key next to the ciphertext unless you use embedKey: false.

Requirements

Secure context (https or http://localhost) for crypto.subtle. Node 20+ for tooling that runs the bundler.

API

| | | |---|---| | enc / dec | Encrypt UTF-8 or Uint8Array ↔ SVG string | | getLibraryVersion, getCryptoProfile, getLimits, getWireFormatSummary, getSubtle | Introspection | | sealPlaintextBytes, openSealedPlaintext, parseBitmapSvg, renderBitmapSvg, … | Lower-level building blocks |

Errors are Svg2TextError with a code (ErrorCode). Use isSvg2TextError(err) to narrow.

Named constants (CELL, LIMITS, AEAD_NAME, …) are re-exported from the package root for tree-shaking.

Bundle for <script>

npx esbuild src/entry.js --bundle --format=iife --global-name=Svg2Text --platform=browser --outfile=dist/bundle.js

Publishing

Run npm login, then npm publish. The name svg2text is already on the registry; you must be a listed maintainer or your publish will fail (often as E404). For a fork under your account, change "name" in package.json (for example a scoped name like @your-username/svg2text) and set "publishConfig": { "access": "public" }.

License

MIT