SOFTWARE

STRCrypt

Secure Trusted Rust Cryptography

One library that gives you both Korean and international standard cryptographic algorithms.

v0.1.1Updated 2026-04Rust Core + Python, Node.js, Java Bindings · MIT

Download v0.1.1 Coming soon

Linux x86_64 · .tar.gz
Windows x86_64 · .zip

cargo cargo install strcrypt
pip pip install strcrypt
npm npm install strcrypt
Maven com.strcrypt:strcrypt

OS-specific CLI binaries and bindings for 4 languages will become available to download alongside the GitHub release. The package manager commands show the expected format as of release.

Architecture

ArchitectureA single Rust core owns all algorithm implementations and is exposed through 4 channels (CLI, 3 language bindings, RDBMS SQL functions). KcmvpApproved mode permits only ARIA/SEED/LEA, while NonApproved mode additionally allows AEGIS/AES/ASCON.

Project Nature

STRCrypt was built to reduce the risk of plaintext data exposure in Cubiware's internal projects, and we release it under the MIT License so anyone with the same need can use it. Instead of separately applying for KCMVP module certification, we open a verification path by publishing the source on GitHub. There are no restrictions on use, redistribution, or embedding, and we run it as an OSS project that welcomes external contributions (Issues/PRs).

The Problem We Solve

Korean government and public environments must handle both KCMVP standards (SEED, ARIA, LEA) and international standards (AES, AEGIS, ASCON) together. The cost of integrating and verifying separate libraries for each algorithm is high, and it is difficult to guarantee consistent operation across a multi-language environment involving Python, Node.js, and Java.

Usage

The CLI binary and 3 language bindings are layered with the same API shape on top of the Rust core library (libstrcrypt.so / strcrypt.dll). All bindings support the same 8 algorithms along with AAD, batch processing, parallel batch processing, and file streaming.

CLI

# Register a 32-byte key in environment variables (Release build required)
export STRCRYPT_KEY="your-32-byte-secret-key"

# Check hardware, supported algorithms, and key status
strcrypt info

# Encrypt specifying the algorithm (Default output file: strcrypt_enc.bin)
strcrypt -a aria256gcm encrypt "Hello"

# Decrypt from file (Auto-detect algorithm)
strcrypt decrypt --from-file -i strcrypt_enc.bin

Python

import strcrypt

# Basic encryption/decryption (AEGIS-128L default algorithm)
ct = strcrypt.encrypt("Hello")
pt = strcrypt.decrypt(ct)

# Specify algorithm and AAD
ct = strcrypt.encrypt_with_algorithm_and_aad(
    "Hello", "aria256gcm", b"context"
)

# Batch / Parallel batch
enc = strcrypt.encrypt_batch(["msg1", "msg2"])
enc = strcrypt.encrypt_batch_parallel(["msg1", "msg2"])

Node.js

const strcrypt = require('strcrypt');

// Basic encryption/decryption
const ct = strcrypt.encrypt("Hello");   // Buffer
const pt = strcrypt.decrypt(ct);             // string

// Specify algorithm and AAD
const enc = strcrypt.encryptWithAlgorithmAndAad(
  "Hello", "aria256gcm", Buffer.from("ctx")
);

// Batch / Parallel batch
const arr = strcrypt.encryptBatch(["msg1", "msg2"]);
const par = strcrypt.encryptBatchParallel(["msg1", "msg2"]);

Java

import com.strcrypt.StrCrypt;
import java.util.Arrays;

// Basic encryption/decryption
byte[] ct = StrCrypt.encrypt("Hello");
String pt = StrCrypt.decrypt(ct);

// Specify algorithm and AAD
byte[] enc = StrCrypt.encryptWithAlgorithmAndAad(
    "Hello", "aria256gcm", "ctx".getBytes()
);

// Batch / Parallel batch
List<byte[]> arr = StrCrypt.encryptBatch(
    Arrays.asList("msg1", "msg2")
);

The above are excerpts of core call patterns. For the full API—including automatic algorithm detection, AAD, key wrapping (RFC 3394 / 5649), and file streaming—please refer to the README and enclosed documentation.

Supported Algorithms (8 Types)

KCMVP Verification Target (3)

ARIA-256-GCM Korean KCMVP standard block cipher + GCM AEAD (Library default verification target)
SEED-128-GCM TTAS.KO-12.0004/R1 Korean standard block cipher + GCM
LEA-128-GCM TTAK.KO-12.0223 Korean lightweight block cipher (ARX) + GCM

International Standards (5)

AEGIS-128L IETF CFRG, AES-NI acceleration (Library default)
AEGIS-256 IETF CFRG, 256-bit key strength
AES-256-GCM NIST/FIPS standard, hardware acceleration
AES-256-GCM-SIV Nonce reuse safety
ASCON-128 NIST SP 800-232 lightweight cryptography standard

During decryption, the algorithm is automatically detected from the ciphertext header.

Features

Two Operation Modes — KcmvpApproved / NonApproved (Enforces algorithm selection by policy)
Self-Test Gates — HASH_DRBG, PBKDF2, KBKDF
HMAC-SHA256 module integrity verification
Automatic memory sanitization (Zeroize)
AAD, Batch, Parallel Batch, File Streaming
Key Wrapping (RFC 3394, 5649)
Single-binary operation even on CPUs without AES-NI support

Specifications & Measurement Environment

Version: v0.1.1
License: MIT
Platform: Linux · Windows (x86_64)
Language Bindings: Python, Node.js, Java (Native bindings)
Last Updated: 2026-04
Processing Performance: Selects the processing path by hardware-acceleration availability and data size for encryption/decryption
Binding Compatibility: A shared single Rust core means encrypting in Python, Node.js, or Java produces 100% identical ciphertext that decrypts interchangeably across all three

Security & Compliance

License: MIT (Open to external use, free for commercial use and redistribution)
Korean Standard: KCMVP Verification Target — ARIA-256-GCM, SEED-128-GCM, LEA-128-GCM (TTAS.KO/TTAK.KO)
International Standard: NIST/FIPS, IETF CFRG, NIST SP 800-232, RFC 8452
Operation Mode: KcmvpApproved (Korean standard only), NonApproved (International standard)
Module Certification: KCMVP module certification not acquired — Verification path provided via GitHub source release (Environments requiring certification must apply independently)
Verification: 190+ Integration Tests, Criterion Benchmarks, cargo-fuzz
Tech Support: We provide adopters with an official distribution channel and run ongoing technical support, including vulnerability patches

Getting Started

Receive the official distribution package and set up your environment
Import CLI or bindings — Python, Node.js, Java
Select mode — KcmvpApproved for environments applying Korean KCMVP, otherwise NonApproved
Apply to operations — Batch encryption/decryption, DB column deterministic encryption (SIV), File streaming

Resources

GitHub Repository Source open Coming soon

Anyone can freely use, redistribute, and embed it under the MIT License. External contributions (Issues/PRs) are also welcome. Please refer to the Download section in the Hero above to download the executable packages.

Considering Cubiware for your organization?

We will guide you through setup and rollout tailored to your requirements and operating environment. Reach out for a demo or a proposal.