• Public
  • Public/Protected
  • All

Package encryption


Encryption functions used by Stacks.js packages.


npm install @stacks/encryption

Encrypt and decrypt string

import { encryptECIES, decryptECIES } from '@stacks/encryption';
import { Buffer } from '@stacks/common';

const privateKey = 'a5c61c6ca7b3e7e55edee68566aeab22e4da26baa285c7bd10e8d2218aa3b229';
const publicKey = '027d28f9951ce46538951e3697c62588a87f1f1f295de4a14fdd4c780fc52cfe69';

const testString = 'all work and no play makes jack a dull boy';

// Encrypt string with public key
const cipherObj = await encryptECIES(publicKey, Buffer.from(testString), true);

// Decrypt the cipher with private key to get the message
const deciphered = await decryptECIES(privateKey, cipherObj);

Sign content using ECDSA

import { signECDSA, verifyECDSA } from '@stacks/encryption';

const privateKey = 'a5c61c6ca7b3e7e55edee68566aeab22e4da26baa285c7bd10e8d2218aa3b229';
const testString = 'all work and no play makes jack a dull boy';

const sigObj = signECDSA(privateKey, testString);
// Verify content using ECDSA
const result = verifyECDSA(testString, sigObj.publicKey, sigObj.signature);
console.log(result); // true

encryptMnemonic and decryptMnemonic

import { Buffer } from '@stacks/common';
import { encryptMnemonic, decryptMnemonic } from '@stacks/encryption';

const rawPhrase = 'march eager husband pilot waste rely exclude taste twist donkey actress scene';
const rawPassword = 'rawPassword';
const mockSalt = Buffer.from('ff'.repeat(16), 'hex');

// Encrypt a raw mnemonic phrase to be password protected
const encoded = await encryptMnemonic(rawPhrase, rawPassword, { getRandomBytes: () => mockSalt });

// Decrypt an encrypted mnemonic phrase with a password
const decoded = await decryptMnemonic(encoded.toString('hex'), rawPassword);


Private key to address

import { getPublicKeyFromPrivate, publicKeyToAddress } from '@stacks/encryption';

const privateKey = '00cdce6b5f87d38f2a830cae0da82162e1b487f07c5affa8130f01fe1a2a25fb01';
const expectedAddress = '1WykMawQRnLh7SWmmoRL4qTDNCgAsVRF1';

const publicKey = getPublicKeyFromPrivate(privateKey);
const address = publicKeyToAddress(publicKey);
console.log(address === expectedAddress); // true

Make private key

import { makeECPrivateKey, publicKeyToAddress } from '@stacks/encryption';
import { SECP256K1Client } from 'jsontokens';

const privateKey = makeECPrivateKey();
// Private key is also usable with the jsontokens package
const publicKey = SECP256K1Client.derivePublicKey(privateKey);
const address = publicKeyToAddress(publicKey);


Type Aliases

GetRandomBytes: ((count: number) => Buffer)

Type declaration

    • (count: number): Buffer
    • Optional function to generate cryptographically secure random bytes


      • count: number

      Returns Buffer


  • Returns Promise<Sha2Hash>

  • decodeMessage(encodedMessage: Buffer): Buffer
  • Parameters

    • encodedMessage: Buffer

    Returns Buffer

  • decryptContent(content: string, options?: { privateKey?: string }): Promise<string | Buffer>
  • Decrypts data encrypted with encryptContent with the transit private key.


    • content: string

      encrypted content.

    • Optional options: { privateKey?: string }
      • Optional privateKey?: string

        the hex string of the ECDSA private key to use for decryption. If not provided, will use user's appPrivateKey.

    Returns Promise<string | Buffer>

    decrypted content.

  • encodeMessage(message: string | Buffer): Buffer
  • Parameters

    • message: string | Buffer

    Returns Buffer

  • Encrypts the data provided with the app public key.


    Returns Promise<string>

    Stringified ciphertext object

  • getBase64OutputLength(inputByteLength: number): number
  • Calculate the base64 encoded string length for a given input length. This is equivalent to the byte length when the string is ASCII or UTF8-8 encoded.


    • inputByteLength: number

    Returns number

  • hashMessage(message: string): Buffer
  • Parameters

    • message: string

    Returns Buffer

  • hashSha256Sync(data: Buffer): Buffer
  • Parameters

    • data: Buffer

    Returns Buffer

  • hashSha512Sync(data: Buffer): Buffer
  • Parameters

    • data: Buffer

    Returns Buffer

  • randomBytes(bytesLength?: number): Buffer
  • Use utils.randomBytes to replace randombytes dependency Generates a buffer with random bytes of given length


    • Optional bytesLength: number

    Returns Buffer

    For return type compatibility converting utils.randomBytes return value to buffer

  • verifyMessageSignature(__namedParameters: VerifyMessageSignatureArgs): boolean
  • Verify message signature with recoverable public key


    The Clarity compatible verifyMessageSignatureRsv is preferred


    • __namedParameters: VerifyMessageSignatureArgs

    Returns boolean

  • verifyMessageSignatureRsv(__namedParameters: VerifyMessageSignatureArgs): boolean
  • Verifies a Clarity compatible signed message using a public key. The signature option needs to be in RSV format.


    • __namedParameters: VerifyMessageSignatureArgs

    Returns boolean

  • verifySignature(signature: Sig, msgHash: Hex, publicKey: PubKey, opts?: VOpts): boolean
  • Parameters

    • signature: Sig
    • msgHash: Hex
    • publicKey: PubKey
    • Optional opts: VOpts

    Returns boolean

Generated using TypeDoc