AES-GCM decrypt raw data, returning the decrypted ArrayBuffer

AES-GCM encrypt raw data, returning IV and ciphertext bytes

Convert standard base64 to base64url (no padding). Works on both strings and Uint8Array (bytes are first encoded to base64).

Compute HMAC-SHA256 using Web Crypto API, returning raw ArrayBuffer

Compute ticket token index using HMAC for blind lookups Similar to slug_index for events - allows lookup without decrypting

Constant-time string comparison to prevent timing attacks Always iterates over the longer string and XORs the lengths so that different-length inputs don't leak via an early return.

Decrypt a string value encrypted with encrypt() Expects format: enc:1:$base64iv:$base64ciphertext

Decrypt attendee PII using the private key Used in admin views after obtaining private key from session

Decrypt binary data encrypted with encryptBytes(). Expects ENCB binary format: magic + version + IV + ciphertext.

Decrypt data with a symmetric key

Derive a Key Encryption Key (KEK) from password hash and DB_ENCRYPTION_KEY Uses PBKDF2 with the password hash as input and DB_ENCRYPTION_KEY as salt

Encrypt a string value using AES-256-GCM via Web Crypto API Returns format: enc:1:$base64iv:$base64ciphertext Note: ciphertext includes auth tag appended (Web Crypto API does this automatically)

Encrypt attendee PII using the public key from settings This can be called without authentication (for public ticket forms)

Encrypt binary data with AES-256-GCM using compact binary format. Output: ENCB + version byte + 12-byte IV + ciphertext (with GCM auth tag). Overhead is only 33 bytes (vs ~76% bloat in the legacy text format).

Encrypt data with a symmetric key (for wrapping private key with DATA_KEY)

Format IV + ciphertext as a prefixed base64 string

Convert base64 string to Uint8Array

Generate a random 256-bit symmetric key for data encryption

Generate an RSA key pair for asymmetric encryption Returns { publicKey, privateKey } as exportable JWK strings

Generate a cryptographically secure random token Uses Web Crypto API getRandomValues

Generate a 5-byte uppercase hex ticket token for public ticket URLs

Get the most recently generated CSRF token (for synchronous JSX rendering)

Get the encryption key bytes from environment variable (sync validation only) Expects DB_ENCRYPTION_KEY to be a base64-encoded 256-bit (32 byte) key

Derive the private key from session credentials Used to decrypt attendee PII in admin views Results are cached per session token for 10 seconds

Generate random bytes using Web Crypto API

Hash a password using PBKDF2 Returns format: pbkdf2:iterations:$base64salt:$base64hash

Hash a session token using SHA-256 Used to store session lookups without exposing the actual token

HMAC-SHA256 hash using DB_ENCRYPTION_KEY Used for blind indexes and hashing limited keyspace values Returns deterministic output for same input (unlike encrypt)

Convert ArrayBuffer to base64 string

Convert ArrayBuffer to hex string

Decrypt data using hybrid encryption Expects format: hyb:1:$base64WrappedKey:$base64iv:$base64ciphertext Results are cached in a bounded LRU (ciphertext -> plaintext)

Encrypt data using hybrid encryption (RSA + AES)

Import a CryptoKey from DB_ENCRYPTION_KEY.

Import a private key from JWK string

Import a public key from JWK string

Check whether a token uses the signed format

Parse a prefixed encrypted payload into IV and ciphertext bytes. Validates the prefix and separator; throws on invalid format.

Constant-time string comparison to prevent timing attacks

Explicitly set or clear the encryption key for testing. Bypasses Deno.env to avoid races between parallel test workers. Automatically clears all crypto caches (encryption, HMAC, and any registered via onEncryptionKeyChange).

Explicitly enable/disable fast PBKDF2 for testing without env var races

Explicitly set RSA key size for testing without env var races

Create a signed CSRF token: s1.{timestamp}.{nonce}.{hmac}

Decrypt a prefixed AES-GCM payload with the given key.

Encrypt plaintext with an AES-GCM key, returning prefixed format: enc:1:$base64iv:$base64ciphertext

Convert Uint8Array to base64 string

Unwrap a symmetric key Expects format: wk:1:$base64iv:$base64wrapped

Unwrap a key using a session token

Validate encryption key is present and valid Call this on startup to fail fast if key is missing

Verify a password against a hash Uses constant-time comparison to prevent timing attacks

Verify a signed CSRF token's signature and expiry

Wrap a symmetric key with another key using AES-GCM Returns format: wk:1:$base64iv:$base64wrapped

Wrap a key using a session token (derives a wrapping key from the token)

Default message for invalid/expired CSRF form submissions