Skip to content
@3ncr

3ncr

README.md

3ncr.org

A standard for string encryption / decryption — algorithms plus a storage format — designed for encrypting tokens in configuration files, but usable for any UTF-8 string.

Version 1 uses AES-256-GCM for authenticated encryption with a 12-byte random IV and a 16-byte GCM tag:

3ncr.org/1#<base64(iv[12] || ciphertext || tag[16])>

Example:

3ncr.org/1#GBNhVAcPC83EgKB+TnH1cZbJbkMhbP0GsJ1ctSZZXTErnScw

The envelope is KDF-agnostic — it does not prescribe how the 32-byte AES key is obtained. Libraries accept a raw 32-byte key and expose Argon2id convenience factories for low-entropy secrets (passwords). A legacy PBKDF2-SHA3 constructor survives in Go, Node, and PHP for decrypting data produced before the Argon2id decision; new-language implementations ship only the three recommended tiers (raw key, SHA3-256, Argon2id).

Full specification + canonical test vectors: https://3ncr.org/1/ Browser demo: https://3ncr.org/1/demo/

Official implementations

Language Repo CI Registry Min toolchain
Go tokencrypt CI Go Reference Go 1.25
Node.js nodencrypt CI npm Node 20
PHP tokencrypt-php CI Packagist PHP 8.1
Python tokencrypt-python CI PyPI Python 3.9
Rust tokencrypt-rust CI crates.io Rust 1.85
Java tokencrypt-java CI Maven Central JDK 17
C# / .NET tokencrypt-csharp CI NuGet .NET 8
Ruby tokencrypt-ruby CI Gem Ruby 3.1

Quick install

go get github.com/3ncr/tokencrypt
npm install nodencrypt
composer require 3ncr/tokencrypt-php
pip install 3ncr           # imports as `threencr` (PyPI dist names accept digits, Python identifiers don't)
cargo add threencr          # crates.io rejects digit-first names, so the Rust crate is `threencr`
gem install 3ncr           # imports as `Threencr::TokenCrypt`

Java (Maven Central) and C# / .NET (NuGet) coordinates are pending first publish.

API

Every library exposes the same two-method API:

  • encrypt3ncr(plaintext) -> string — returns a 3ncr.org/1#… envelope.
  • decryptIf3ncr(input) -> string — decrypts 3ncr.org/1#… input; returns any other input unchanged.

Exact naming varies per language (TokenCrypt, NodenCrypt, etc.); see each README for constructor details.

All libraries are MIT-licensed.

Reporting a vulnerability

Every 3ncr repository has Private Vulnerability Reporting enabled — use the Security tab on the repo and click Report a vulnerability to open a private draft advisory visible only to maintainers. Please do not file public issues for suspected security problems. See each repo's SECURITY.md for the disclosure policy and response-time expectations.

Maintainer

Maintained by Andrian Budantsov.

Popular repositories Loading

  1. tokencrypt-php tokencrypt-php Public

    3ncr.org implementation for PHP

    PHP 2 1

  2. tokencrypt tokencrypt Public

    3ncr.org golang implementation

    Go 2

  3. nodencrypt nodencrypt Public

    3ncr.org for node.js

    TypeScript 2

  4. 3ncr.org 3ncr.org Public

    public website

    HTML 2

  5. tokencrypt-python tokencrypt-python Public

    3ncr.org v1 string encryption for Python

    Python 2

  6. tokencrypt-rust tokencrypt-rust Public

    3ncr.org v1 string encryption for Rust

    Rust 2

Repositories

Showing 10 of 10 repositories

People

This organization has no public members. You must be a member to see who’s a part of this organization.

Top languages

Loading…

Most used topics

Loading…