XyPriss Security

XyPriss Security is an advanced JavaScript security library designed for enterprise applications. It provides military-grade encryption, secure data structures, quantum-resistant cryptography, and comprehensive security utilities for modern web applications.

Migration Notice: This library is the separated version of FortifyJS accessible via the link or using npm install fortify2-js. The FortifyJS library will be deprecated soon, so start moving from it to XyPriss for future improvements.

Key Features

Secure Data Structures

• SecureArray: Military-grade encrypted arrays with AES-256-CTR-HMAC
• SecureString: Protected string handling with automatic memory cleanup
• SecureObject: Encrypted object storage with metadata management
• SecureBuffer: Protected memory allocation with secure wiping

Cryptographic Operations

• Token Generation: Secure random tokens with configurable entropy
• Password Management: Argon2ID hashing with pepper support
• Hash Functions: SHA-256/512, BLAKE3, with timing-safe operations
• Key Derivation: PBKDF2, Argon2, scrypt implementations

Advanced Security Features

• Quantum-Resistant Cryptography: Post-quantum algorithms (Kyber, Dilithium)
• Tamper-Evident Logging: Immutable audit trails with cryptographic verification
• Fortified Functions: Tamper-resistant function execution with integrity checks
• Side-Channel Protection: Timing-safe operations and memory protection

Enterprise Features

• Zero Dependencies: Self-contained with no external dependencies
• Browser & Node.js: Universal compatibility across environments
• TypeScript Native: Full type safety and IntelliSense support
• Performance Optimized: Benchmarked for high-throughput applications

Installation

npm install xypriss-security

For use with XyPriss framework:

npm install xypriss xypriss-security

Quick Start

Basic Usage

import {
    XyPrissSecurity,
    fString,
    fArray,
    Hash,
    generateSecureToken,
} from "xypriss-security";

// Create secure strings
const securePassword = fString("my-secret-password", {
    protectionLevel: "maximum",
    enableEncryption: true,
});

// Generate secure random tokens
const token = generateSecureToken({
    length: 32,
    entropy: "maximum",
});
console.log(token); // 64-character hex string

// Hash operations
const hash = Hash.create("sensitive-data", {
    algorithm: "sha256",
    outputFormat: "hex",
});

Secure Data Handling

import { fArray, fObject } from "xypriss-security";

// Secure array operations
const secureData = fArray([1, 2, 3, 4, 5]);
secureData.setEncryptionKey("your-encryption-key-2025");
secureData.encryptAll();

// Secure object storage
const secureObj = fObject({
    apiKey: "secret-api-key",
    credentials: { username: "admin", password: "secure123" },
});

// Access with automatic decryption
const apiKey = secureObj.get("apiKey");

Password Management

import { Password } from "xypriss-security";

// Hash passwords with Argon2ID
const hashedPassword = await Password.hash("user-password", {
    algorithm: "argon2id",
    memoryCost: 65536,
    timeCost: 3,
    parallelism: 4,
});

// Verify passwords
const isValid = await Password.verify("user-password", hashedPassword);

Cryptographic Operations

import { XyPrissSecurity as security, KeyDerivation } from "xypriss-security";

// Generate encryption keys
const key = await KeyDerivation.deriveKey("master-password", {
    salt: "unique-salt",
    iterations: 100000,
    keyLength: 32,
    algorithm: "pbkdf2",
});

// Encrypt/decrypt data
const encrypted = await security.encrypt("sensitive-data", key);
const decrypted = await security.decrypt(encrypted, key);

Architecture

Core Modules

Security Core (/core)

• crypto.ts: Main cryptographic operations and algorithms
• hash.ts: Secure hashing functions with timing-safe operations
• random.ts: Cryptographically secure random number generation
• validators.ts: Input validation and sanitization utilities

Secure Components (/components)

• secure-array: Encrypted array implementation
• secure-string: Protected string handling
• secure-object: Encrypted object storage
• secure-memory: Memory management and protection
• fortified-function: Tamper-resistant function execution

Advanced Features (/components)

• post-quantum: Quantum-resistant cryptographic algorithms
• tamper-evident-logging: Immutable audit trail system
• side-channel: Protection against timing and cache attacks
• attestation: Code and data integrity verification

Utilities (/utils)

• errorHandler: Secure error handling and logging
• performanceMonitor: Security-aware performance monitoring
• securityUtils: General security utility functions
• patterns: Security pattern matching and detection

API Reference

XyPrissSecurity Class

The main entry point for the security library.

class XyPrissSecurity {
    constructor(config?: SecurityConfig);

    // Core methods
    encrypt(data: any, options?: EncryptionOptions): Promise<string>;
    decrypt(encryptedData: string, options?: DecryptionOptions): Promise<any>;
    hash(data: string, options?: HashOptions): string;
    generateToken(length?: number): string;

    // Validation methods
    validateInput(input: any, rules: ValidationRules): ValidationResult;
    sanitize(input: string, options?: SanitizeOptions): string;
}

Secure Data Structures

fString (SecureString)

const secureStr = fString("sensitive-data", {
    protectionLevel: "maximum",
    enableEncryption: true,
});

fArray (SecureArray)

const secureArr = fArray(["item1", "item2"], {
    encryptionKey: "your-key",
});

fObject (SecureObject)

const secureObj = fObject(
    {
        key: "value",
    },
    {
        enableEncryption: true,
    }
);

Utility Functions

generateSecureToken

const token = generateSecureToken(32, "base64url");

Hash Operations

const hash = Hash.create("data", {
    algorithm: "sha256",
    outputFormat: "hex",
});

Configuration

Security Configuration

interface SecurityConfig {
    encryption?: {
        algorithm?: "aes-256-gcm" | "chacha20-poly1305";
        keyDerivation?: "pbkdf2" | "argon2" | "scrypt";
        iterations?: number;
    };

    memory?: {
        secureWipe?: boolean;
        protectedAllocation?: boolean;
        maxBufferSize?: number;
    };

    logging?: {
        auditTrail?: boolean;
        tamperEvident?: boolean;
        logLevel?: "debug" | "info" | "warn" | "error";
    };

    validation?: {
        strictMode?: boolean;
        sanitizeInputs?: boolean;
        maxInputLength?: number;
    };
}

Performance

XyPriss Security is optimized for high-performance applications:

• Encryption: 10,000+ operations/second (AES-256-GCM)
• Hashing: 50,000+ operations/second (SHA-256)
• Memory: Zero-copy operations where possible
• CPU: Optimized algorithms with SIMD support

Security Guarantees

• Memory Safety: Automatic secure memory wiping
• Timing Safety: Constant-time operations for sensitive data
• Quantum Resistance: Post-quantum cryptographic algorithms
• Side-Channel Protection: Resistance to timing and cache attacks
• Tamper Evidence: Cryptographic integrity verification

Contributing

Contributions are welcome. Please see our Contributing Guide.

License

MIT License - see LICENSE file for details.

Support

• Documentation
• GitHub Issues
• Security Advisories