Professional proxy re-encryption library based on Curve25519 (ECC) for Rust and WebAssembly.
Built-in.Retina.Display.mp4
Proxy Re-Encryption allows a semi-trusted proxy to transform ciphertext from one key to another without learning the plaintext.
Alice encrypts → Transform Key → Proxy transforms → Bob decrypts
(Alice grants) (Zero knowledge)
Core Technology: Curve25519 (ECC) - Modern elliptic curve cryptography, NOT RSA
Key Benefits:
- 🔒 Zero-trust proxy - Proxy never sees plaintext
- 🔑 Key isolation - Alice's key never leaves her device
- 🎯 Flexible delegation - Grant/revoke access dynamically
- 📤 One-to-many sharing - Share with multiple recipients efficiently
Alice Business Server Proxy Server Bob
│ │ │ │
│ 1. Encrypt │ │ │
│ encrypt(data, │ │ │
│ alice.pubKey) │ │ │
│ │ │ │
│ 2. Upload │ │ │
├─────────────────►│ │ │
│ Ciphertext + │ Store encrypted │ │
│ Capsule │ data │ │
│ │ │ │
│ 3. Grant Access │ │ │
│ transformKey = │ │ │
│ generateTransformKey( │ │
│ alice.privKey,│ │ │
│ bob.pubKey) │ │ │
│ │ │ │
│ 4. Send Key │ │ │
├─────────────────►│ │ │
│ │ │ │
│ │ 5. Request Transform│ │
│ ├────────────────────►│ │
│ │ Ciphertext + │ │
│ │ TransformKey │ │
│ │ │ │
│ │ │ 6. Transform │
│ │ │ (Zero Knowledge) │
│ │ │ ⚠️ CANNOT see │
│ │ │ plaintext │
│ │ │ │
│ │ 7. Transformed │ │
│ │◄────────────────────┤ │
│ │ Ciphertext │ │
│ │ (for Bob) │ │
│ │ │ │
│ │ 8. Bob requests access │
│ │◄───────────────────────────────────────┤
│ │ │ │
│ │ 9. Send Transformed │ │
│ ├───────────────────────────────────────►│
│ │ │ │
│ │ │ 10. Decrypt │
│ │ │ decryptDelegated(
│ │ │ bob.privKey) │
│ │ │ │
│ │ │ ┌──────────┐ │
│ │ │ │Plaintext │◄───┤
│ │ │ └──────────┘ │
Key Points:
• Alice's private key never leaves her device
• Proxy transforms without seeing plaintext
• Bob decrypts without Alice's key
• Business server stores encrypted data only
import init, { EncryptSDK } from 'rekrypt';
await init();
const sdk = new EncryptSDK();
// Generate keypair
const alice = sdk.generateKeypair();
// Encrypt
const data = new TextEncoder().encode('Secret');
const encrypted = sdk.encrypt(data, alice.public_key);
// Decrypt
const decrypted = sdk.decrypt(encrypted.capsule, alice.private_key, encrypted.c_data);package main
/*
#cgo LDFLAGS: -L./rekrypt-ffi/lib/linux-x64 -lrekrypt_ffi
#include <stdint.h>
extern int rekrypt_version();
*/
import "C"
import "fmt"
func main() {
version := C.rekrypt_version()
fmt.Printf("Rekrypt version: %d\n", version)
}📚 More examples: See docs/EXAMPLES.md for complete examples and docs/API.md for API reference.
# pnpm -> nodejs/browser
pnpm add @stevenleep/rekrypt
# Cargo
cargo add rekrypt- 📘 API Reference - Complete API documentation
- 💡 Usage Examples - Code examples for all platforms
- 🏗️ Architecture & Design - System architecture and cryptographic design
- 🔐 Security Guide - Security best practices
- 📊 Streaming Guide - Large file handling
- 🔧 Internal Implementation - Deep dive into implementation details
- 🚀 Deployment Guide - Production deployment and scaling
- 🔨 Cross-Compilation Guide - Build FFI for multiple platforms
- 📝 Publishing Guide - How to publish documentation and packages
- Rust API Docs: Run
make doc-openor visit https://docs.rs/rekrypt (after publishing) - GitHub Pages: https://stevenleep.github.io/rekrypt/ (auto-deployed on push)
- ✅ All modern browsers (Chrome, Firefox, Safari, Edge)
- ✅ Node.js with WASM support
- ✅ Deno and Bun
Rekrypt provides native FFI libraries for multiple platforms:
| Platform | Architecture | Status |
|---|---|---|
| Linux | x86_64 (Intel/AMD) | ✅ Supported |
| Linux | ARM64 (ARMv8) | ✅ Supported |
| Windows | x86_64 (64-bit) | ✅ Supported |
| macOS | x86_64 (Intel) | ✅ Supported |
| macOS | ARM64 (Apple Silicon) | ✅ Supported |
Language Bindings: C, C++, Go (CGO), Python (ctypes), Node.js (FFI), Rust, and any language with C FFI support.
📚 See rekrypt-ffi/ for FFI usage examples and CROSS_COMPILE.md for cross-compilation guide.
This project provides a unified Makefile for building all components:
# Quick start - build everything
make all
# Or build specific components
make build-wasm # WebAssembly package
make build-ffi # FFI library (for Go/Python/C++)
make build-server # Go transform server
# Cross-compile FFI for multiple platforms
make install-targets # Install cross-compilation tools
make cross-compile # Build for all platforms
make cross-linux-x64 # Linux x86_64
make cross-windows-x64 # Windows x64
make cross-macos-arm64 # macOS Apple Silicon
make cross-help # Show cross-compilation help
# Run tests
make test # All tests
make test-ffi # FFI tests only
# Development
make dev-server # Run Go server in dev mode
make clean # Clean all artifacts
make help # Show all available commands📚 For more details, see CROSS_COMPILE.md for cross-compilation and DEPLOYMENT.md for production builds.
AGPL-3.0
Copyright (C) 2025 stenvenleep