a7 f3 0b e9 2c d1 88 4f a0 c6 3e 71 b5 0d f8 2a 9c 67 1e d4 8b 3f a2 c9 56 e0 7d 1b f6 4a 93 d8 2e b7 65 0c f1 8a 3d c4 59 e7 20 b3 78 0f d6 a1 4c 92 6b

Y2lw dGhl aXMg cmVh bGx5 IGVu Y3J5 cHRl ZCBk YXRh IGhl cmUu IFRo ZSBr ZXkg aXMg c2Fm ZS4= dGhl cmUn cyBu byBn b2lu

ff 0a 3c b7 91 d2 4e 68 c5 1f a3 87 e6 2b 59 f4 0d 7c b0 3a 95 d8 46 e1 1a 6f c3 8e 2d a7 54 f9 03 78 bb 41 96 dc 60 e5 17 8c c7 39 ad 52 f0 0b 7e b4

PB-K dGhp cyBp cyBh IGhp ZGRL biBt ZXNz YWdl IG9m IHRo ZSBH aG9z dCBF bnZl bG9w ZS4g WW91 IGNh bm5v dCBy ZWFk IHRo aXMu

48 65 6c 6c 6f 20 57 6f 72 6c 64 20 66 72 6f 6d 20 74 68 65 20 76 61 75 6c 74 2e 20 4e 6f 20 6f 6e 65 20 67 65 74 73 20 69 6e 2e

ZXZl cnl0 aGlu ZyBp cyBl bmNy eXB0 ZWQu IE5v dGhp bmcg bGVh a3Mu IFRo ZSB2 YXVs dCBo b2xk cy4= SGVy ZSBi ZSBk cmFn b25z

c0 9f 42 e3 7a 1d b8 54 0e a6 d7 3b 89 f5 2c 61 c8 14 7f a3 d0 4d 96 eb 38 72 b1 5c 0a f7 68 23 9e d4 47 85 ca 1f 6e a9 d3

aGtk Zi1z aGEy NTYg aXMg dGhl IHdh eSB3 ZSBk ZXJp dmUg eW91 ciBr ZXlz LiBJ dCdz IHNh ZmUu IFRy dXN0 IHRo ZSBl bnZl bG9w

b4 8a f1 3e 67 0c d5 a2 49 91 e8 25 7c c6 13 5f b0 da 48 87 f3 2a 6d a4 c1 0e 53 9b e6 31 74 bf 58 05 8f d2 4b a8 19 66 cd

YWVz LTI1 Ni1n Y20g ZW5j cnlw dGlv biBp biBh Y3Rp b24u IFpl cm8g ZGVw ZW5k ZW5j aWVz LiBO byBz dXBw bHkg Y2hh aW4g cmlz ay4=

3a c7 81 f4 2e 69 b5 0d a0 d6 4c 93 e8 17 5b c2 3f 88 f1 a7 d4 42 0b 76 bd 60 95 ce 29 e3 54 1c 8a f6 3d 71 a8 d0 47 b3

dGFt cGVy LWRl dGVj dGlv biBi dWls dCBp bi4g ZXZl cnkg ZW52 ZWxv cGUg Y2Fy cmll cyBh biBh dXRo IHRh Zy4g c25p ZmZl cnMg c2Vl

> Encryption that just works.

Name: Dark Envelope
Author: PinkyBot.io

Drop-in encrypted filesystem for Node.js. Zero dependencies. AES-256-GCM. One line to integrate.

$ npm install dark-envelope

Copied!

Coming Q2 2026

// Live Demo

See it in action

terminal

Dependencies

256-bit

AES-GCM Keys

Production Bots

4.9 KB

Package Size

// Drop-in replacement

One require(). Fully encrypted.

BEFORE

var fs = require('fs');
fs.writeFileSync(path, userData);
var data = fs.readFileSync(path);
// ❌ Plaintext on disk. Exposed.

AFTER

var defs = require('dark-envelope')(userId);
defs.writeFileSync(path, userData);
var data = defs.readFileSync(path);
// ✔ AES-256-GCM encrypted. Per-user keys.

Same API. Now encrypted.

// Capabilities

Built for real-world encryption

Everything you need to encrypt user data at rest. Nothing you don't.

Encrypted I/O

writeFileSync auto-encrypts. readFileSync auto-decrypts. Your code doesn't change.

User Isolation

require('dark-envelope')(userId) — each user gets their own keyspace. Zero cross-contamination.

AES-256-GCM

Military-grade authenticated encryption. Tamper detection built in.

Zero Dependencies

Node.js crypto only. No npm supply chain risk. Nothing to audit but our code.

Drop-in Replacement

Same API as Node's fs module. Swap one require() and you're encrypted.

Ghost Fingerprints

Every user gets a unique fingerprint (PB-XXXX). Safe for logs. Reveals nothing about the key.

// Why Dark Envelope

How we compare

Feature	Dark Envelope	crypto (raw)	node-forge
Drop-in fs replacement	✔	✘	✘
Per-user key isolation	✔	Manual	Manual
Zero dependencies	✔	✔	20+
Ghost fingerprints	✔	✘	✘
Tamper detection	Built-in	Manual	Manual
Key rotation API	Pro+	DIY	DIY

// Integration

Three steps to encrypted storage

Install

npm i dark-envelope

→

Replace require

require('dark-envelope')

→

Done

All data encrypted at rest

// Under the hood

The encryption pipeline

Step 1

Key Generation

256-bit

Step 2

HKDF-SHA256

per-operation key

Step 3

AES-256-GCM

authenticated

Step 4

At-Rest Storage

ciphertext

Every envelope carries a fingerprint, timestamp, IV, ciphertext, and auth tag. A sniffer sees noise. Your users see their data.

// Anatomy

Inside a Ghost Envelope

What your encrypted data looks like on disk. The d field is the mystery — the thing no one can read.

ghost-envelope.json

{

"fp": "PB-K3N7A2B8", // public fingerprint

"v": 1, // version

"ts": 1741234567890, // timestamp (key derivation salt)

"iv": "dGhpcyBpcyBh...", // initialization vector

"d": "Y2lwaGVydGV4...", // ciphertext (your data, encrypted)

"tag": "YXV0aGVudGlj..." // auth tag (tamper detection)

}

Built for Production

Dark Envelope secures every byte of user data across 14 specialized bots on PinkyBot.io.

Not a proof of concept. Battle-tested in production.

Download Dark Envelope →

AES-256-GCM • Zero dependencies • Node.js native crypto