# Encrypt buffer

The Wax library provides a robust set of tools for handling encryption and decryption within the Hive ecosystem. This includes both methods for direct encryption/decryption as well as using the ITransaction interface to handle encrypted operations.

Public Keys in Hive

One important detail to note is that public keys within the Hive ecosystem start with the prefix STM.

# Using Direct Encryption and Decryption Methods

The signer's encryptData and decryptData methods allow for straightforward encryption and decryption operations with explicit public keys. You provide the content as a string to be encrypted/decrypted, and the public key(s) used for encryption/decryption. Below are examples covering the case with one and two keys (sender key and receiver key):

# One key encryption

Test it yourself: src/typescript/encryption/encrypt-buffer/one-key.ts

/* Import preconfigured beekeeper data specific to snippet examples */
const { signer1, publicKey1 } = globalThis.snippetsBeekeeperData;

const content = "This is a secret message.";

// Encrypt the content - sender side
// Note that signer1 holds the private key for publicKey1
const encryptedContent = await signer1.encryptData(content, publicKey1);

// Decrypt the content - receiver side
const decryptedContent = await signer1.decryptData(encryptedContent);

console.log(decryptedContent); // This is a secret message.

Not implemented yet — planned for a future release.

# Two keys encryption

Test it yourself: src/typescript/encryption/encrypt-buffer/multiple-keys.ts

/* Import preconfigured beekeeper data specific to snippet examples */
const { signer1, signer2, publicKey2 } = globalThis.snippetsBeekeeperData;

const content = "This is a secret message.";

// Pre-encrypt data for the second signer - sender side
const encryptedContent = await signer1.encryptData(content, publicKey2);

// Decrypt the content - receiver side
const decryptedContent = await signer2.decryptData(encryptedContent);

console.log(decryptedContent); // This is a secret message.

Not implemented yet — planned for a future release.

A second public key is passed to the encryption method in this example for later use during decryption - matching public key to the private key in the wallet.

Using private keys

The public key you are providing to the signer's encryptData/decryptData methods should correspond to private keys that are available in your signer instance. If the requested private key for the given public key is not found in the signer, an exception will be thrown.