What's new in Encra
Every release, in one place. New hooks, server upgrades, crypto improvements, and SDK fixes.
Added useE2EFile() — encrypt File/Blob up to 50 MB end-to-end. One encrypted copy per recipient device.
Added useE2EForm() — encrypt individual form fields before submission. Per-field unique nonces, ideal for HIPAA forms.
E2EChatProvider context wrapper — set apiKey and serverUrl once for all hooks in the tree.
EncraClient — framework-agnostic client for Node.js, Svelte, Vue, and vanilla JS with full feature parity to @encra/react.
encryptFile() / decryptFile() — file encryption on EncraClient, matching useE2EFile() behavior.
encryptFields() / decryptFields() — form field encryption on EncraClient, matching useE2EForm() behavior.
useE2EChat() — real-time E2E encrypted chat over WebSocket. Handles key generation, registration, and Double Ratchet automatically.
Exponential backoff reconnect with jitter. Reconnects automatically after network interruptions.
Multi-device send — encrypts once per registered device so all of the recipient's devices receive the message.
Ratchet state persisted to IndexedDB. Sessions survive page reloads without rekeying.
npx encra init — detects your framework (Next.js, Vite, React Native, Node.js) and writes .env.example plus a starter component.
npx encra keygen — generate an X25519 key pair with fingerprint output. Useful for testing and CI.
npx encra ping — health check against any Encra server. Verifies API key auth and reports latency.
encryptField() / decryptField() — standalone field-level encryption with no server or React dependency. URL-safe base64 output.
generateFieldKey() — CSPRNG 32-byte symmetric key for field encryption.
generateFingerprint() — Signal-style safety numbers using BLAKE2b-256. Compare out-of-band to verify identity.
DoubleRatchet.fromExport() — restore ratchet state from a serialised snapshot. Enables session resumption across restarts.
generateKeyPair(), exportKey(), importKey() — X25519 key pairs serialised as URL-safe base64.
deriveSharedSecret() — X25519 ECDH. Both sides independently derive the same 32-byte secret; the server never sees it.
encrypt() / decrypt() — XSalsa20-Poly1305 authenticated encryption with random nonce per call.
DoubleRatchet — full Double Ratchet Algorithm with forward secrecy, break-in recovery, and out-of-order message support (MAX_SKIP=1000).
POST /v1/keys and GET /v1/keys/:userId — public key registration and lookup with multi-device support.
WebSocket relay /v1/relay — real-time encrypted message delivery with offline queue (PostgreSQL) and Redis pub/sub for horizontal scaling.
GET /health — DB latency, Redis status, and uptime. Returns 503 when the database is unreachable.
Production hardening — helmet security headers, express-rate-limit (200 req/min global, 20 req/min on key registration), pino structured logging, graceful shutdown.