Cryptography

Algorithms exposed by the Web Crypto API

nx.js implements the Web Crypto API, which allows your application to perform cryptographic operations such as encryption and decryption.

Cryptography functions

Below is a checklist of the currently implemented standardized algorithms provided by the SubtleCrypto API in nx.js:

• digest(): create a fixed-length, collision-resistant digest of some data.
  • ✅ "SHA-1" (but don't use this in cryptographic applications)
  • ✅ "SHA-256"
  • ✅ "SHA-384"
  • ✅ "SHA-512"
• encrypt() and decrypt(): encrypt and decrypt data.
  • ✅ "AES-CBC"
  • ❌ "AES-CTR"
  • ❌ "AES-GCM"
  • ❌ "RSA-OAEP"
• sign() and verify(): sign and verify data.
  • ❌ None - not currently implemented

Non-Standard Algorithms

The following non-standard / extension algorithms are also supported:

• encrypt() and decrypt(): encrypt and decrypt data.
  • ✅ "AES-XTS"

AES-XTS

The AES-XTS algorithm is supported in nx.js for encryption and decryption, which is commonly used for disk encryption. It is included in nx.js primarily to decrypt the header of .nca files.

The implementation of this algorithm in nx.js also includes support for Nintendo's non-standard "tweak" mode (endianness is reversed, see here), which is used by the Switch to encrypt data.