ton-lock 🔐

Securely encrypt and decrypt your TON wallet mnemonics using AES-256-GCM.
Usable both in Node.js and in the browser. Includes a built-in CLI tool.

✨ Features

• 🔒 AES-256-GCM encryption with random salt and IV for secure and authenticated encryption.
• 🔑 PBKDF2-SHA256 key derivation with 100,000 iterations to protect against brute-force attacks.
• ⚙️ Works in both frontend and backend – can be used in browsers and Node.js environments.
• 💻 Developer-friendly CLI tool – easily encrypt/decrypt mnemonics via terminal.
• 📦 Lightweight and dependency-free – uses Node.js native crypto only, no external libraries.

📦 Installation

CLI (global)

npm install -g ton-lock

As a package

npm install ton-lock

🖥️ Usage (as a library)

import { encryptMnemonic, decryptMnemonic } from "ton-lock";

const encrypted = encryptMnemonic("abandon abandon abandon ...", "my-password");
console.log(encrypted);

const decrypted = decryptMnemonic(encrypted, "my-password");
console.log(decrypted); // original mnemonic

⚠️ Note: If you imported your keystore file (like wallet-lock.json) directly as an object (e.g., using import wallet from "./wallet-lock.json" or require("./wallet-lock.json")), you must convert it to a JSON string before decryption:

const decrypted = decryptMnemonic(JSON.stringify(wallet), "your-password");

🔧 CLI Usage

Encrypt mnemonic

ton-lock encrypt

This will prompt for:

• Your mnemonic

• A password

• Output file name (default: ton-lock.json)

Decrypt mnemonic

ton-lock decrypt

This will prompt for:

• A ton-lock.json path

• The password

🗂 Encrypted Keystore Structure

The saved file is a JSON object like:

{
  "version": 1,
  "cipher": "aes-256-gcm",
  "salt": "...",
  "iv": "...",
  "tag": "...",
  "ciphertext": "..."
}

🛡 Security Notice

This library uses:

• AES-256-GCM for encryption
• PBKDF2 with SHA-256 and 100,000 iterations
• Never store passwords or mnemonics in plaintext.
• The output keystore JSON includes salt, iv, and authentication tag.

📝 License

MIT © 2025 TonOracle