agentskills.codes
MO

moai-security-encryption

Enterprise Encryption Security with AI-powered cryptographic architecture, Context7 integration, and intelligent encryption orchestration for data protection

Install

mkdir -p .claude/skills/moai-security-encryption && curl -L -o skill.zip "https://agentskills.codes/api/skills/download/14672" && unzip -o skill.zip -d .claude/skills/moai-security-encryption && rm skill.zip

Installs to .claude/skills/moai-security-encryption

Activation

This is the description your AI agent reads to decide when to run this skill — the better it matches your request, the more reliably it fires.

Enterprise Encryption Security with AI-powered cryptographic architecture, Context7 integration, and intelligent encryption orchestration for data protection
157 charsno explicit “when” trigger

About this skill

Enterprise Encryption Security Expert v4.0.0

Skill Metadata

FieldValue
Skill Namemoai-security-encryption
Version4.0.0 (2025-11-13)
TierEnterprise Security Expert
AI-Powered✅ Context7 Integration, Intelligent Architecture
Auto-loadOn demand when encryption keywords detected

What It Does

Enterprise Encryption Security expert with AI-powered cryptographic architecture, Context7 integration, and intelligent encryption orchestration for comprehensive data protection.

Revolutionary v4.0.0 capabilities:

  • 🤖 AI-Powered Encryption Architecture using Context7 MCP for latest cryptographic patterns
  • 📊 Intelligent Key Management with automated rotation and lifecycle optimization
  • 🚀 Advanced Cryptographic Implementation with AI-driven algorithm selection
  • 🔗 Enterprise Security Framework with zero-configuration encryption deployment
  • 📈 Predictive Security Analytics with threat assessment and compliance monitoring

When to Use

Automatic triggers:

  • Encryption implementation and cryptographic security discussions
  • Data protection and privacy compliance requirements analysis
  • Key management and rotation strategy planning
  • Secure communication and storage implementation

Manual invocation:

  • Designing enterprise encryption architectures with optimal security
  • Implementing comprehensive key management systems
  • Planning cryptographic algorithms and security protocols
  • Optimizing encryption performance and compliance

Quick Reference (Level 1)

Modern Encryption Stack (November 2025)

Core Cryptographic Algorithms

  • AES-256-GCM: Symmetric encryption with authenticated encryption
  • RSA-4096: Asymmetric encryption for key exchange and digital signatures
  • ECC P-384: Elliptic curve cryptography for efficiency
  • SHA-384: Cryptographic hashing for integrity verification
  • HMAC-SHA256: Message authentication codes

Key Management Systems

  • HashiCorp Vault: Enterprise secrets management
  • AWS KMS: Cloud-based key management service
  • Azure Key Vault: Microsoft cloud key management
  • Kubernetes Secrets: Container-native secret storage
  • Hardware Security Modules (HSM): Hardware-based key protection

Implementation Standards

  • FIPS 140-2/3: Federal Information Processing Standards
  • NIST SP 800-57: Key management guidelines
  • PCI DSS: Payment card industry security standards
  • GDPR: Data protection and privacy regulation
  • HIPAA: Healthcare information protection

Security Features

  • End-to-End Encryption: Complete data protection lifecycle
  • Key Rotation: Automated key renewal and secure rotation
  • Zero-Knowledge Architecture: Privacy-preserving encryption
  • Quantum-Resistant: Preparation for quantum computing threats
  • Audit Logging: Comprehensive security event tracking

Core Implementation (Level 2)

Encryption Architecture Intelligence

# AI-powered encryption architecture optimization with Context7
class EncryptionArchitectOptimizer:
    def __init__(self):
        self.context7_client = Context7Client()
        self.crypto_analyzer = CryptographicAnalyzer()
        self.security_validator = SecurityValidator()
    
    async def design_optimal_encryption_architecture(self, 
                                                   requirements: SecurityRequirements) -> EncryptionArchitecture:
        """Design optimal encryption architecture using AI analysis."""
        
        # Get latest cryptographic documentation via Context7
        crypto_docs = await self.context7_client.get_library_docs(
            context7_library_id='/cryptography/docs',
            topic="encryption algorithms key management security 2025",
            tokens=3000
        )
        
        security_docs = await self.context7_client.get_library_docs(
            context7_library_id='/security/docs',
            topic="data protection compliance best practices 2025",
            tokens=2000
        )
        
        # Optimize cryptographic algorithms
        algorithm_selection = self.crypto_analyzer.select_optimal_algorithms(
            requirements.data_classification,
            requirements.performance_requirements,
            crypto_docs
        )
        
        # Validate security requirements
        security_configuration = self.security_validator.configure_security(
            requirements.compliance_frameworks,
            requirements.threat_model,
            security_docs
        )
        
        return EncryptionArchitecture(
            algorithm_configuration=algorithm_selection,
            key_management_system=self._design_key_management(requirements),
            security_framework=security_configuration,
            implementation_patterns=self._select_implementation_patterns(requirements),
            compliance_integration=self._ensure_compliance(requirements),
            performance_optimization=self._optimize_performance(requirements)
        )

Advanced Encryption Implementation

// Enterprise-grade encryption with TypeScript
import crypto from 'crypto';
import { promisify } from 'util';

const randomBytes = promisify(crypto.randomBytes);
const pbkdf2 = promisify(crypto.pbkdf2);

interface EncryptionConfig {
  algorithm: string;
  keyLength: number;
  ivLength: number;
  tagLength: number;
  iterations: number;
  saltLength: number;
}

export class AdvancedEncryptionManager {
  private config: EncryptionConfig;
  private keyManager: KeyManager;

  constructor(config: Partial<EncryptionConfig> = {}) {
    this.config = {
      algorithm: 'aes-256-gcm',
      keyLength: 32,
      ivLength: 16,
      tagLength: 16,
      iterations: 100000,
      saltLength: 32,
      ...config,
    };

    this.keyManager = new KeyManager();
  }

  async encrypt(plaintext: string, keyId?: string): Promise<EncryptedData> {
    try {
      // Get or derive encryption key
      const key = await this.keyManager.getKey(keyId);
      
      // Generate random salt and IV
      const salt = await randomBytes(this.config.saltLength);
      const iv = await randomBytes(this.config.ivLength);
      
      // Create cipher
      const cipher = crypto.createCipher(this.config.algorithm, key);
      cipher.setAAD(salt); // Additional authenticated data
      
      let encrypted = cipher.update(plaintext, 'utf8', 'hex');
      encrypted += cipher.final('hex');
      
      const tag = cipher.getAuthTag();
      
      return {
        encrypted,
        salt: salt.toString('hex'),
        iv: iv.toString('hex'),
        tag: tag.toString('hex'),
        algorithm: this.config.algorithm,
        keyId,
        timestamp: new Date().toISOString(),
      };
    } catch (error) {
      throw new Error(`Encryption failed: ${error.message}`);
    }
  }

  async decrypt(encryptedData: EncryptedData): Promise<string> {
    try {
      // Get decryption key
      const key = await this.keyManager.getKey(encryptedData.keyId);
      
      // Create decipher
      const decipher = crypto.createDecipher(
        encryptedData.algorithm,
        key
      );
      
      // Set parameters
      decipher.setAAD(Buffer.from(encryptedData.salt, 'hex'));
      decipher.setAuthTag(Buffer.from(encryptedData.tag, 'hex'));
      
      let decrypted = decipher.update(encryptedData.encrypted, 'hex', 'utf8');
      decrypted += decipher.final('utf8');
      
      return decrypted;
    } catch (error) {
      throw new Error(`Decryption failed: ${error.message}`);
    }
  }

  async encryptFile(
    inputPath: string,
    outputPath: string,
    keyId?: string
  ): Promise<FileEncryptionResult> {
    const fs = require('fs').promises;
    
    try {
      // Read file
      const fileData = await fs.readFile(inputPath);
      const fileStats = await fs.stat(inputPath);
      
      // Generate salt and IV
      const salt = await randomBytes(this.config.saltLength);
      const iv = await randomBytes(this.config.ivLength);
      
      // Get encryption key
      const key = await this.keyManager.getKey(keyId);
      
      // Create cipher
      const cipher = crypto.createCipher(this.config.algorithm, key);
      cipher.setAAD(salt);
      
      // Encrypt file in streaming mode
      const inputStream = fs.createReadStream(inputPath);
      const outputStream = fs.createWriteStream(outputPath);
      
      // Write header
      outputStream.write(JSON.stringify({
        salt: salt.toString('hex'),
        iv: iv.toString('hex'),
        algorithm: this.config.algorithm,
        originalSize: fileStats.size,
        keyId,
      }) + '\n');
      
      // Pipe encryption
      inputStream.pipe(cipher).pipe(outputStream);
      
      return new Promise((resolve, reject) => {
        outputStream.on('finish', () => {
          resolve({
            outputPath,
            originalSize: fileStats.size,
            encryptedSize: fileStats.size + this.config.saltLength + this.config.ivLength,
            keyId,
          });
        });
        
        outputStream.on('error', reject);
      });
    } catch (error) {
      throw new Error(`File encryption failed: ${error.message}`);
    }
  }
}

// Advanced key management system
class KeyManager {
  private keyStore: Map<string, CryptoKey> = new Map();
  private rotationSchedule: Map<string, Date> = new Map();

  async generateKey(keyId: string, algorithm: string = 'aes-256-gcm'): Promise<string> {
    const key = await randomBytes(32); // 256-bit key
    
    // Store key securely (in production, use HSM or KMS)
    this.keyStore.set(keyId, key);
    
    // Set rotation schedule (30 days)
    const rotationDate = new Date();
    rotationDate.setDate(rotationDate.getDate() + 30);
    this.rotationSchedule.set(keyId, rotationDate);
    
    return keyId;
  }

  async getKey(keyId?: string): Promise<Buffer> {
    if (!keyId) {

---

*Content truncated.*

Search skills

Search the agent skills registry