Encryption
Objekt provides end-to-end, client-side encryption via the @objekt.sh/ecies package. Content is encrypted before it leaves your machine — the server never sees plaintext.
Key Features
- Multi-recipient — Encrypt once, wrap the key for multiple recipients
- Multi-curve — secp256k1 (EVM, Bitcoin, Cosmos) and X25519 (Solana, TON, Sui)
- View keys — Generate shareable decryption keys without sharing wallets
- CBOR envelope — Self-describing binary format with CAIP-10 recipient addressing
- Access metadata — Embedded x402 reveal URLs for pay-to-decrypt
Supported Chains
| Namespace | Curve | Chains |
|---|---|---|
| EIP155 | secp256k1 | Ethereum, Base, Polygon, Arbitrum, ... |
| BIP122 | secp256k1 | Bitcoin |
| Cosmos | secp256k1 | Cosmos Hub, Osmosis, ... |
| Tron | secp256k1 | Tron |
| Solana | X25519 | Solana |
| TON | X25519 | TON |
| Sui | X25519 | Sui |
How It Works
Plaintext + nonce → [AES-256-GCM] → Content ciphertext
Recipient 1 pubkey + AES key → [ECIES secp256k1] → Wrapped key #1
Recipient 2 pubkey + AES key → [ECIES X25519] → Wrapped key #2
View key pubkey + AES key → [ECIES secp256k1] → Wrapped key #3
CBOR envelope = Tag("objekt") + version + MIME + recipients + ciphertextA random AES-256 key encrypts the content once. That key is then wrapped individually for each recipient using curve-appropriate ECIES (ECDH + HKDF-SHA256 + AES-256-GCM). Any recipient can independently decrypt.