MO
moai-security-encryption
Enterprise Encryption Security with AI-powered cryptographic architecture, Context7 integration, and intelligent encryption orchestration for data protection
Install
mkdir -p .claude/skills/moai-security-encryption && curl -L -o skill.zip "https://agentskills.codes/api/skills/download/14672" && unzip -o skill.zip -d .claude/skills/moai-security-encryption && rm skill.zipInstalls to .claude/skills/moai-security-encryption
Activation
This is the description your AI agent reads to decide when to run this skill — the better it matches your request, the more reliably it fires.
Enterprise Encryption Security with AI-powered cryptographic architecture, Context7 integration, and intelligent encryption orchestration for data protection157 charsno explicit “when” trigger
About this skill
Enterprise Encryption Security Expert v4.0.0
Skill Metadata
| Field | Value |
|---|---|
| Skill Name | moai-security-encryption |
| Version | 4.0.0 (2025-11-13) |
| Tier | Enterprise Security Expert |
| AI-Powered | ✅ Context7 Integration, Intelligent Architecture |
| Auto-load | On demand when encryption keywords detected |
What It Does
Enterprise Encryption Security expert with AI-powered cryptographic architecture, Context7 integration, and intelligent encryption orchestration for comprehensive data protection.
Revolutionary v4.0.0 capabilities:
- 🤖 AI-Powered Encryption Architecture using Context7 MCP for latest cryptographic patterns
- 📊 Intelligent Key Management with automated rotation and lifecycle optimization
- 🚀 Advanced Cryptographic Implementation with AI-driven algorithm selection
- 🔗 Enterprise Security Framework with zero-configuration encryption deployment
- 📈 Predictive Security Analytics with threat assessment and compliance monitoring
When to Use
Automatic triggers:
- Encryption implementation and cryptographic security discussions
- Data protection and privacy compliance requirements analysis
- Key management and rotation strategy planning
- Secure communication and storage implementation
Manual invocation:
- Designing enterprise encryption architectures with optimal security
- Implementing comprehensive key management systems
- Planning cryptographic algorithms and security protocols
- Optimizing encryption performance and compliance
Quick Reference (Level 1)
Modern Encryption Stack (November 2025)
Core Cryptographic Algorithms
- AES-256-GCM: Symmetric encryption with authenticated encryption
- RSA-4096: Asymmetric encryption for key exchange and digital signatures
- ECC P-384: Elliptic curve cryptography for efficiency
- SHA-384: Cryptographic hashing for integrity verification
- HMAC-SHA256: Message authentication codes
Key Management Systems
- HashiCorp Vault: Enterprise secrets management
- AWS KMS: Cloud-based key management service
- Azure Key Vault: Microsoft cloud key management
- Kubernetes Secrets: Container-native secret storage
- Hardware Security Modules (HSM): Hardware-based key protection
Implementation Standards
- FIPS 140-2/3: Federal Information Processing Standards
- NIST SP 800-57: Key management guidelines
- PCI DSS: Payment card industry security standards
- GDPR: Data protection and privacy regulation
- HIPAA: Healthcare information protection
Security Features
- End-to-End Encryption: Complete data protection lifecycle
- Key Rotation: Automated key renewal and secure rotation
- Zero-Knowledge Architecture: Privacy-preserving encryption
- Quantum-Resistant: Preparation for quantum computing threats
- Audit Logging: Comprehensive security event tracking
Core Implementation (Level 2)
Encryption Architecture Intelligence
# AI-powered encryption architecture optimization with Context7
class EncryptionArchitectOptimizer:
def __init__(self):
self.context7_client = Context7Client()
self.crypto_analyzer = CryptographicAnalyzer()
self.security_validator = SecurityValidator()
async def design_optimal_encryption_architecture(self,
requirements: SecurityRequirements) -> EncryptionArchitecture:
"""Design optimal encryption architecture using AI analysis."""
# Get latest cryptographic documentation via Context7
crypto_docs = await self.context7_client.get_library_docs(
context7_library_id='/cryptography/docs',
topic="encryption algorithms key management security 2025",
tokens=3000
)
security_docs = await self.context7_client.get_library_docs(
context7_library_id='/security/docs',
topic="data protection compliance best practices 2025",
tokens=2000
)
# Optimize cryptographic algorithms
algorithm_selection = self.crypto_analyzer.select_optimal_algorithms(
requirements.data_classification,
requirements.performance_requirements,
crypto_docs
)
# Validate security requirements
security_configuration = self.security_validator.configure_security(
requirements.compliance_frameworks,
requirements.threat_model,
security_docs
)
return EncryptionArchitecture(
algorithm_configuration=algorithm_selection,
key_management_system=self._design_key_management(requirements),
security_framework=security_configuration,
implementation_patterns=self._select_implementation_patterns(requirements),
compliance_integration=self._ensure_compliance(requirements),
performance_optimization=self._optimize_performance(requirements)
)
Advanced Encryption Implementation
// Enterprise-grade encryption with TypeScript
import crypto from 'crypto';
import { promisify } from 'util';
const randomBytes = promisify(crypto.randomBytes);
const pbkdf2 = promisify(crypto.pbkdf2);
interface EncryptionConfig {
algorithm: string;
keyLength: number;
ivLength: number;
tagLength: number;
iterations: number;
saltLength: number;
}
export class AdvancedEncryptionManager {
private config: EncryptionConfig;
private keyManager: KeyManager;
constructor(config: Partial<EncryptionConfig> = {}) {
this.config = {
algorithm: 'aes-256-gcm',
keyLength: 32,
ivLength: 16,
tagLength: 16,
iterations: 100000,
saltLength: 32,
...config,
};
this.keyManager = new KeyManager();
}
async encrypt(plaintext: string, keyId?: string): Promise<EncryptedData> {
try {
// Get or derive encryption key
const key = await this.keyManager.getKey(keyId);
// Generate random salt and IV
const salt = await randomBytes(this.config.saltLength);
const iv = await randomBytes(this.config.ivLength);
// Create cipher
const cipher = crypto.createCipher(this.config.algorithm, key);
cipher.setAAD(salt); // Additional authenticated data
let encrypted = cipher.update(plaintext, 'utf8', 'hex');
encrypted += cipher.final('hex');
const tag = cipher.getAuthTag();
return {
encrypted,
salt: salt.toString('hex'),
iv: iv.toString('hex'),
tag: tag.toString('hex'),
algorithm: this.config.algorithm,
keyId,
timestamp: new Date().toISOString(),
};
} catch (error) {
throw new Error(`Encryption failed: ${error.message}`);
}
}
async decrypt(encryptedData: EncryptedData): Promise<string> {
try {
// Get decryption key
const key = await this.keyManager.getKey(encryptedData.keyId);
// Create decipher
const decipher = crypto.createDecipher(
encryptedData.algorithm,
key
);
// Set parameters
decipher.setAAD(Buffer.from(encryptedData.salt, 'hex'));
decipher.setAuthTag(Buffer.from(encryptedData.tag, 'hex'));
let decrypted = decipher.update(encryptedData.encrypted, 'hex', 'utf8');
decrypted += decipher.final('utf8');
return decrypted;
} catch (error) {
throw new Error(`Decryption failed: ${error.message}`);
}
}
async encryptFile(
inputPath: string,
outputPath: string,
keyId?: string
): Promise<FileEncryptionResult> {
const fs = require('fs').promises;
try {
// Read file
const fileData = await fs.readFile(inputPath);
const fileStats = await fs.stat(inputPath);
// Generate salt and IV
const salt = await randomBytes(this.config.saltLength);
const iv = await randomBytes(this.config.ivLength);
// Get encryption key
const key = await this.keyManager.getKey(keyId);
// Create cipher
const cipher = crypto.createCipher(this.config.algorithm, key);
cipher.setAAD(salt);
// Encrypt file in streaming mode
const inputStream = fs.createReadStream(inputPath);
const outputStream = fs.createWriteStream(outputPath);
// Write header
outputStream.write(JSON.stringify({
salt: salt.toString('hex'),
iv: iv.toString('hex'),
algorithm: this.config.algorithm,
originalSize: fileStats.size,
keyId,
}) + '\n');
// Pipe encryption
inputStream.pipe(cipher).pipe(outputStream);
return new Promise((resolve, reject) => {
outputStream.on('finish', () => {
resolve({
outputPath,
originalSize: fileStats.size,
encryptedSize: fileStats.size + this.config.saltLength + this.config.ivLength,
keyId,
});
});
outputStream.on('error', reject);
});
} catch (error) {
throw new Error(`File encryption failed: ${error.message}`);
}
}
}
// Advanced key management system
class KeyManager {
private keyStore: Map<string, CryptoKey> = new Map();
private rotationSchedule: Map<string, Date> = new Map();
async generateKey(keyId: string, algorithm: string = 'aes-256-gcm'): Promise<string> {
const key = await randomBytes(32); // 256-bit key
// Store key securely (in production, use HSM or KMS)
this.keyStore.set(keyId, key);
// Set rotation schedule (30 days)
const rotationDate = new Date();
rotationDate.setDate(rotationDate.getDate() + 30);
this.rotationSchedule.set(keyId, rotationDate);
return keyId;
}
async getKey(keyId?: string): Promise<Buffer> {
if (!keyId) {
---
*Content truncated.*