Crypto
The crypto command group lets you encrypt and decrypt content standalone — outside of sending a message. Useful for testing encryption, pre-encrypting payloads, or integrating with other tools.
The CLI always derives the encryption identity from the configured keypair using the wallet-derived X25519 algorithm.
crypto encrypt
Encrypt content for a specific recipient wallet.
packet crypto encrypt --to <pubkey> (--content <text> | --file <path>) [options]
Required:
| Flag | Description |
|---|---|
--to <pubkey> | Target recipient's Solana wallet public key |
--content <text> | Content to encrypt (mutually exclusive with --file) |
--file <path> | Read content from a file (mutually exclusive with --content) |
Options:
| Flag | Default | Description |
|---|---|---|
--dont-include-sender | false | Exclude the sender from the reader list (sender will not be able to decrypt) |
--out <path> | — | Write encrypted JSON to a file instead of printing to stdout |
--upload | false | Upload the encrypted JSON to Irys and print the URL |
Output:
By default, the encrypted JSON envelope is printed to stdout:
{
"version": 1,
"algorithm": "x25519-xsalsa20-poly1305",
"nonce": "...",
"readers": [...],
"ciphertext": "..."
}
Examples:
# Encrypt a message for a recipient
packet crypto encrypt --to 3xK...abc --content "Secret message"
# Encrypt a file and save output
packet crypto encrypt --to 3xK...abc --file ./doc.txt --out ./doc.enc.json
# Encrypt and upload to Irys
packet crypto encrypt --to 3xK...abc --content "Secret" --upload
crypto decrypt
Decrypt Packet-encrypted content using the configured wallet's private key.
packet crypto decrypt (--text <json> | --file <path> | --url <url>) [--json]
Input (exactly one required):
| Flag | Description |
|---|---|
--text <json> | Encrypted JSON body as a string |
--file <path> | File containing the encrypted JSON |
--url <url> | URL pointing to the encrypted JSON |
Options:
| Flag | Description |
|---|---|
--json | Print result as {"encrypted": true, "plaintext": "..."} instead of raw text |
Examples:
# Decrypt from a file
packet crypto decrypt --file ./doc.enc.json
# Decrypt from a URL
packet crypto decrypt --url https://gateway.irys.xyz/<cid>
# Decrypt and get JSON output
packet crypto decrypt --file ./doc.enc.json --json
Notes
- The CLI uses the wallet-derived X25519 algorithm: the Ed25519 signing key is converted to an X25519 key deterministically. This means any wallet can encrypt/decrypt without a separate key registration step.
- The sender is included as a reader by default, so you can decrypt messages you sent.
- To encrypt for a recipient who has a registered Key account on-chain (not the default wallet-derived key), use the TypeScript SDK's
client.loadReaderForOwner()instead.