peanutgraphic/bloxy-crypto

BLOXY zero-knowledge envelope-encryption primitive — client-held KEK, per-record DEKs, BIP39 recovery, MOCK mode for seeders. Server stores opaque ciphertext only.

Maintainers

Package info

github.com/Peanut-Graphic/bloxy-crypto

pkg:composer/peanutgraphic/bloxy-crypto

Statistics

Installs: 356

Dependents: 2

Suggesters: 0

Stars: 0

Open Issues: 0

Security

Advisories: 0

Aikido package health analysis

v1.0.0 2026-05-14 14:48 UTC

Requires

Requires (Dev)

proprietary 5a6fe76e697a5d15c6d378fc5abca7a9e441d6b9

cryptolaravelzero-knowledgeenvelope-encryptionbloxy

This package is auto-updated.

Last update: 2026-05-27 01:17:29 UTC

README

Zero-knowledge envelope-encryption primitive for BLOXY. A client-held KEK wraps a per-record DEK; the server only ever holds opaque ciphertext. BIP39 generates the 24-word recovery phrase; a MOCK mode lets seeders and tests run without real key material.

Crypto pairs with bloxy-passkey on the auth side — the passkey ceremony's PRF output is what derives the KEK in production — and is consumed by every Peanut app that stores user-encrypted data (Tracy is the reference implementation).

Install

composer require peanutgraphic/bloxy-crypto

Service provider auto-registers (Bloxy\Crypto\BloxyCryptoServiceProvider). Requires ext-sodium.

Stack

PHP 8.3 · ext-sodium · Laravel 12 · depends on peanutgraphic/bloxy-core.

Local development

composer install
vendor/bin/pest

Sibling-checkout development is wired via a path repository pointing at ../core-php, so if you're working on bloxy-core in parallel you can clone both side by side and changes resolve through symlink without re-publishing.

Releases

Tagged on GitHub and published to Packagist as peanutgraphic/bloxy-crypto. License is proprietary.

Part of the Peanut Graphic ecosystem.