{ "schemaVersion": "1.0", "item": { "slug": "cifer-security", "name": "cifer", "source": "tencent", "type": "skill", "category": "AI 智能", "sourceUrl": "https://clawhub.ai/TIP-citron/cifer-security", "canonicalUrl": "https://clawhub.ai/TIP-citron/cifer-security", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/cifer-security", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=cifer-security", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "reference.md", "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/cifer-security" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/cifer-security", "agentPageUrl": "https://openagent3.xyz/skills/cifer-security/agent", "manifestUrl": "https://openagent3.xyz/skills/cifer-security/agent.json", "briefUrl": "https://openagent3.xyz/skills/cifer-security/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Overview", "body": "CIFER SDK provides quantum-resistant encryption (ML-KEM-768 + AES-256-GCM) for blockchain apps. Secrets are on-chain key pairs: public key on IPFS, private key sharded across enclaves.\n\nPackage: cifer-sdk (npm)\nChains: Ethereum Mainnet (1), Sepolia (11155111), Ternoa (752025)\nBlackbox URL: https://cifer-blackbox.ternoa.dev:3010\n\nFor the full API reference, see reference.md." }, { "title": "Quick Setup", "body": "npm install cifer-sdk ethers dotenv\n\npackage.json must have \"type\": \"module\" for ESM imports.\n\nimport 'dotenv/config';\nimport { createCiferSdk, keyManagement, blackbox } from 'cifer-sdk';\nimport { Wallet, JsonRpcProvider } from 'ethers';" }, { "title": "Step 1: Initialize SDK", "body": "const sdk = await createCiferSdk({\n blackboxUrl: 'https://cifer-blackbox.ternoa.dev:3010',\n});\n\nconst chainId = 1; // Ethereum Mainnet (or 11155111 for Sepolia, 752025 for Ternoa)\nconst controllerAddress = sdk.getControllerAddress(chainId);\nconst rpcUrl = sdk.getRpcUrl(chainId);\n\nsdk.getSupportedChainIds() returns all available chains." }, { "title": "Step 2: Create Wallet Signer (Server-Side)", "body": "const provider = new JsonRpcProvider(rpcUrl);\nconst wallet = new Wallet(process.env.PRIVATE_KEY, provider);\n\n// Signer adapter — this is what the SDK expects\nconst signer = {\n async getAddress() { return wallet.address; },\n async signMessage(message) { return wallet.signMessage(message); },\n};\n\nFor browser wallets, use the built-in adapter instead:\n\nimport { Eip1193SignerAdapter } from 'cifer-sdk';\nconst signer = new Eip1193SignerAdapter(window.ethereum);" }, { "title": "Step 3: Create a Secret", "body": "A secret costs a fee in native token. Check balance first.\n\nconst fee = await keyManagement.getSecretCreationFee({\n chainId, controllerAddress, readClient: sdk.readClient,\n});\n\nconst txIntent = keyManagement.buildCreateSecretTx({ chainId, controllerAddress, fee });\n\nconst tx = await wallet.sendTransaction({\n to: txIntent.to,\n data: txIntent.data,\n value: txIntent.value,\n});\nconst receipt = await tx.wait();\nconst secretId = keyManagement.extractSecretIdFromReceipt(receipt.logs);" }, { "title": "Step 4: Wait for Secret Sync", "body": "After creation, the enclave cluster generates keys (~30-120s on mainnet).\n\nlet ready = false;\nwhile (!ready) {\n ready = await keyManagement.isSecretReady(\n { chainId, controllerAddress, readClient: sdk.readClient },\n secretId,\n );\n if (!ready) await new Promise(r => setTimeout(r, 5000));\n}\n\nOr read the full state:\n\nconst state = await keyManagement.getSecret(\n { chainId, controllerAddress, readClient: sdk.readClient },\n secretId,\n);\n// state.owner, state.delegate, state.isSyncing, state.publicKeyCid" }, { "title": "Step 5: Encrypt Text", "body": "const encrypted = await blackbox.payload.encryptPayload({\n chainId,\n secretId,\n plaintext: 'Your secret message',\n signer,\n readClient: sdk.readClient,\n blackboxUrl: sdk.blackboxUrl,\n});\n// Returns: { cifer, encryptedMessage }" }, { "title": "Step 6: Decrypt Text", "body": "Caller must be secret owner or delegate.\n\nconst decrypted = await blackbox.payload.decryptPayload({\n chainId,\n secretId,\n encryptedMessage: encrypted.encryptedMessage,\n cifer: encrypted.cifer,\n signer,\n readClient: sdk.readClient,\n blackboxUrl: sdk.blackboxUrl,\n});\n// Returns: { decryptedMessage }" }, { "title": "Step 7: Encrypt File", "body": "File operations are async jobs. Works with Blob in Node.js 18+.\n\nimport { readFile, writeFile } from 'fs/promises';\n\nconst buffer = await readFile('myfile.pdf');\nconst blob = new Blob([buffer], { type: 'application/pdf' });\n\n// Start encrypt job\nconst job = await blackbox.files.encryptFile({\n chainId, secretId, file: blob, signer,\n readClient: sdk.readClient, blackboxUrl: sdk.blackboxUrl,\n});\n\n// Poll until done\nconst status = await blackbox.jobs.pollUntilComplete(job.jobId, sdk.blackboxUrl, {\n intervalMs: 2000,\n maxAttempts: 120,\n onProgress: (j) => console.log(`${j.progress}%`),\n});\n\n// Download encrypted .cifer file (no auth needed for encrypt jobs)\nconst encBlob = await blackbox.jobs.download(job.jobId, { blackboxUrl: sdk.blackboxUrl });\nawait writeFile('myfile.pdf.cifer', Buffer.from(await encBlob.arrayBuffer()));" }, { "title": "Step 8: Decrypt File", "body": "const encBuffer = await readFile('myfile.pdf.cifer');\nconst encBlob = new Blob([encBuffer]);\n\nconst decJob = await blackbox.files.decryptFile({\n chainId, secretId, file: encBlob, signer,\n readClient: sdk.readClient, blackboxUrl: sdk.blackboxUrl,\n});\n\nconst decStatus = await blackbox.jobs.pollUntilComplete(decJob.jobId, sdk.blackboxUrl, {\n intervalMs: 2000, maxAttempts: 120,\n});\n\n// Download decrypted file (auth REQUIRED for decrypt jobs)\nconst decBlob = await blackbox.jobs.download(decJob.jobId, {\n blackboxUrl: sdk.blackboxUrl,\n chainId, secretId, signer, readClient: sdk.readClient,\n});\nawait writeFile('myfile-decrypted.pdf', Buffer.from(await decBlob.arrayBuffer()));" }, { "title": "List Existing Secrets", "body": "const secrets = await keyManagement.getSecretsByWallet(\n { chainId, controllerAddress, readClient: sdk.readClient },\n wallet.address,\n);\n// secrets.owned: bigint[] — secrets you own\n// secrets.delegated: bigint[] — secrets delegated to you" }, { "title": "Delegation", "body": "Set a delegate (can decrypt but not encrypt or modify):\n\nconst txIntent = keyManagement.buildSetDelegateTx({\n chainId, controllerAddress, secretId, newDelegate: '0xDelegateAddress',\n});\nawait wallet.sendTransaction({ to: txIntent.to, data: txIntent.data });\n\nRemove delegation:\n\nconst txIntent = keyManagement.buildRemoveDelegationTx({\n chainId, controllerAddress, secretId,\n});" }, { "title": "Important Notes", "body": "Minimum SDK version: Use cifer-sdk@0.3.1 or later. Earlier versions had incorrect function selectors.\nPayload size limit: Text encryption max ~16KB (encryptPayload). Use file encryption for larger data.\nBlock freshness: The SDK auto-retries up to 3 times if the block number becomes stale.\nSecret sync time: ~30-60s on Ternoa, ~60-120s on Ethereum mainnet.\nAuth for file download: Encrypt job downloads need no auth. Decrypt job downloads require signer + readClient.\nFee: Secret creation requires a fee in native token (e.g. ~0.0005 ETH on mainnet). Query getSecretCreationFee() first.\nPrivate keys: Never expose private keys in frontend code. Use server-side signer for Node.js." }, { "title": "Error Handling", "body": "import { isCiferError, isBlockStaleError } from 'cifer-sdk';\n\ntry {\n await blackbox.payload.encryptPayload({ ... });\n} catch (error) {\n if (isBlockStaleError(error)) {\n // RPC returning stale blocks, SDK already retried 3x\n } else if (error instanceof SecretNotReadyError) {\n // Wait and retry\n } else if (isCiferError(error)) {\n console.error(error.code, error.message);\n }\n}" }, { "title": "Complete Minimal Example", "body": "import 'dotenv/config';\nimport { createCiferSdk, keyManagement, blackbox } from 'cifer-sdk';\nimport { Wallet, JsonRpcProvider } from 'ethers';\n\nconst sdk = await createCiferSdk({ blackboxUrl: 'https://cifer-blackbox.ternoa.dev:3010' });\nconst chainId = 1;\nconst controllerAddress = sdk.getControllerAddress(chainId);\nconst provider = new JsonRpcProvider(sdk.getRpcUrl(chainId));\nconst wallet = new Wallet(process.env.PRIVATE_KEY, provider);\nconst signer = {\n async getAddress() { return wallet.address; },\n async signMessage(msg) { return wallet.signMessage(msg); },\n};\n\n// Create secret\nconst fee = await keyManagement.getSecretCreationFee({ chainId, controllerAddress, readClient: sdk.readClient });\nconst txIntent = keyManagement.buildCreateSecretTx({ chainId, controllerAddress, fee });\nconst tx = await wallet.sendTransaction({ to: txIntent.to, data: txIntent.data, value: txIntent.value });\nconst receipt = await tx.wait();\nconst secretId = keyManagement.extractSecretIdFromReceipt(receipt.logs);\n\n// Wait for sync\nlet ready = false;\nwhile (!ready) {\n ready = await keyManagement.isSecretReady({ chainId, controllerAddress, readClient: sdk.readClient }, secretId);\n if (!ready) await new Promise(r => setTimeout(r, 5000));\n}\n\n// Encrypt & decrypt\nconst enc = await blackbox.payload.encryptPayload({\n chainId, secretId, plaintext: 'Hello CIFER!', signer,\n readClient: sdk.readClient, blackboxUrl: sdk.blackboxUrl,\n});\nconst dec = await blackbox.payload.decryptPayload({\n chainId, secretId, encryptedMessage: enc.encryptedMessage, cifer: enc.cifer,\n signer, readClient: sdk.readClient, blackboxUrl: sdk.blackboxUrl,\n});\nconsole.log(dec.decryptedMessage); // \"Hello CIFER!\"" } ], "body": "CIFER SDK — Complete Integration Guide\nOverview\n\nCIFER SDK provides quantum-resistant encryption (ML-KEM-768 + AES-256-GCM) for blockchain apps. Secrets are on-chain key pairs: public key on IPFS, private key sharded across enclaves.\n\nPackage: cifer-sdk (npm) Chains: Ethereum Mainnet (1), Sepolia (11155111), Ternoa (752025) Blackbox URL: https://cifer-blackbox.ternoa.dev:3010\n\nFor the full API reference, see reference.md.\n\nQuick Setup\nnpm install cifer-sdk ethers dotenv\n\n\npackage.json must have \"type\": \"module\" for ESM imports.\n\nimport 'dotenv/config';\nimport { createCiferSdk, keyManagement, blackbox } from 'cifer-sdk';\nimport { Wallet, JsonRpcProvider } from 'ethers';\n\nStep 1: Initialize SDK\nconst sdk = await createCiferSdk({\n blackboxUrl: 'https://cifer-blackbox.ternoa.dev:3010',\n});\n\nconst chainId = 1; // Ethereum Mainnet (or 11155111 for Sepolia, 752025 for Ternoa)\nconst controllerAddress = sdk.getControllerAddress(chainId);\nconst rpcUrl = sdk.getRpcUrl(chainId);\n\n\nsdk.getSupportedChainIds() returns all available chains.\n\nStep 2: Create Wallet Signer (Server-Side)\nconst provider = new JsonRpcProvider(rpcUrl);\nconst wallet = new Wallet(process.env.PRIVATE_KEY, provider);\n\n// Signer adapter — this is what the SDK expects\nconst signer = {\n async getAddress() { return wallet.address; },\n async signMessage(message) { return wallet.signMessage(message); },\n};\n\n\nFor browser wallets, use the built-in adapter instead:\n\nimport { Eip1193SignerAdapter } from 'cifer-sdk';\nconst signer = new Eip1193SignerAdapter(window.ethereum);\n\nStep 3: Create a Secret\n\nA secret costs a fee in native token. Check balance first.\n\nconst fee = await keyManagement.getSecretCreationFee({\n chainId, controllerAddress, readClient: sdk.readClient,\n});\n\nconst txIntent = keyManagement.buildCreateSecretTx({ chainId, controllerAddress, fee });\n\nconst tx = await wallet.sendTransaction({\n to: txIntent.to,\n data: txIntent.data,\n value: txIntent.value,\n});\nconst receipt = await tx.wait();\nconst secretId = keyManagement.extractSecretIdFromReceipt(receipt.logs);\n\nStep 4: Wait for Secret Sync\n\nAfter creation, the enclave cluster generates keys (~30-120s on mainnet).\n\nlet ready = false;\nwhile (!ready) {\n ready = await keyManagement.isSecretReady(\n { chainId, controllerAddress, readClient: sdk.readClient },\n secretId,\n );\n if (!ready) await new Promise(r => setTimeout(r, 5000));\n}\n\n\nOr read the full state:\n\nconst state = await keyManagement.getSecret(\n { chainId, controllerAddress, readClient: sdk.readClient },\n secretId,\n);\n// state.owner, state.delegate, state.isSyncing, state.publicKeyCid\n\nStep 5: Encrypt Text\nconst encrypted = await blackbox.payload.encryptPayload({\n chainId,\n secretId,\n plaintext: 'Your secret message',\n signer,\n readClient: sdk.readClient,\n blackboxUrl: sdk.blackboxUrl,\n});\n// Returns: { cifer, encryptedMessage }\n\nStep 6: Decrypt Text\n\nCaller must be secret owner or delegate.\n\nconst decrypted = await blackbox.payload.decryptPayload({\n chainId,\n secretId,\n encryptedMessage: encrypted.encryptedMessage,\n cifer: encrypted.cifer,\n signer,\n readClient: sdk.readClient,\n blackboxUrl: sdk.blackboxUrl,\n});\n// Returns: { decryptedMessage }\n\nStep 7: Encrypt File\n\nFile operations are async jobs. Works with Blob in Node.js 18+.\n\nimport { readFile, writeFile } from 'fs/promises';\n\nconst buffer = await readFile('myfile.pdf');\nconst blob = new Blob([buffer], { type: 'application/pdf' });\n\n// Start encrypt job\nconst job = await blackbox.files.encryptFile({\n chainId, secretId, file: blob, signer,\n readClient: sdk.readClient, blackboxUrl: sdk.blackboxUrl,\n});\n\n// Poll until done\nconst status = await blackbox.jobs.pollUntilComplete(job.jobId, sdk.blackboxUrl, {\n intervalMs: 2000,\n maxAttempts: 120,\n onProgress: (j) => console.log(`${j.progress}%`),\n});\n\n// Download encrypted .cifer file (no auth needed for encrypt jobs)\nconst encBlob = await blackbox.jobs.download(job.jobId, { blackboxUrl: sdk.blackboxUrl });\nawait writeFile('myfile.pdf.cifer', Buffer.from(await encBlob.arrayBuffer()));\n\nStep 8: Decrypt File\nconst encBuffer = await readFile('myfile.pdf.cifer');\nconst encBlob = new Blob([encBuffer]);\n\nconst decJob = await blackbox.files.decryptFile({\n chainId, secretId, file: encBlob, signer,\n readClient: sdk.readClient, blackboxUrl: sdk.blackboxUrl,\n});\n\nconst decStatus = await blackbox.jobs.pollUntilComplete(decJob.jobId, sdk.blackboxUrl, {\n intervalMs: 2000, maxAttempts: 120,\n});\n\n// Download decrypted file (auth REQUIRED for decrypt jobs)\nconst decBlob = await blackbox.jobs.download(decJob.jobId, {\n blackboxUrl: sdk.blackboxUrl,\n chainId, secretId, signer, readClient: sdk.readClient,\n});\nawait writeFile('myfile-decrypted.pdf', Buffer.from(await decBlob.arrayBuffer()));\n\nList Existing Secrets\nconst secrets = await keyManagement.getSecretsByWallet(\n { chainId, controllerAddress, readClient: sdk.readClient },\n wallet.address,\n);\n// secrets.owned: bigint[] — secrets you own\n// secrets.delegated: bigint[] — secrets delegated to you\n\nDelegation\n\nSet a delegate (can decrypt but not encrypt or modify):\n\nconst txIntent = keyManagement.buildSetDelegateTx({\n chainId, controllerAddress, secretId, newDelegate: '0xDelegateAddress',\n});\nawait wallet.sendTransaction({ to: txIntent.to, data: txIntent.data });\n\n\nRemove delegation:\n\nconst txIntent = keyManagement.buildRemoveDelegationTx({\n chainId, controllerAddress, secretId,\n});\n\nImportant Notes\nMinimum SDK version: Use cifer-sdk@0.3.1 or later. Earlier versions had incorrect function selectors.\nPayload size limit: Text encryption max ~16KB (encryptPayload). Use file encryption for larger data.\nBlock freshness: The SDK auto-retries up to 3 times if the block number becomes stale.\nSecret sync time: ~30-60s on Ternoa, ~60-120s on Ethereum mainnet.\nAuth for file download: Encrypt job downloads need no auth. Decrypt job downloads require signer + readClient.\nFee: Secret creation requires a fee in native token (e.g. ~0.0005 ETH on mainnet). Query getSecretCreationFee() first.\nPrivate keys: Never expose private keys in frontend code. Use server-side signer for Node.js.\nError Handling\nimport { isCiferError, isBlockStaleError } from 'cifer-sdk';\n\ntry {\n await blackbox.payload.encryptPayload({ ... });\n} catch (error) {\n if (isBlockStaleError(error)) {\n // RPC returning stale blocks, SDK already retried 3x\n } else if (error instanceof SecretNotReadyError) {\n // Wait and retry\n } else if (isCiferError(error)) {\n console.error(error.code, error.message);\n }\n}\n\nComplete Minimal Example\nimport 'dotenv/config';\nimport { createCiferSdk, keyManagement, blackbox } from 'cifer-sdk';\nimport { Wallet, JsonRpcProvider } from 'ethers';\n\nconst sdk = await createCiferSdk({ blackboxUrl: 'https://cifer-blackbox.ternoa.dev:3010' });\nconst chainId = 1;\nconst controllerAddress = sdk.getControllerAddress(chainId);\nconst provider = new JsonRpcProvider(sdk.getRpcUrl(chainId));\nconst wallet = new Wallet(process.env.PRIVATE_KEY, provider);\nconst signer = {\n async getAddress() { return wallet.address; },\n async signMessage(msg) { return wallet.signMessage(msg); },\n};\n\n// Create secret\nconst fee = await keyManagement.getSecretCreationFee({ chainId, controllerAddress, readClient: sdk.readClient });\nconst txIntent = keyManagement.buildCreateSecretTx({ chainId, controllerAddress, fee });\nconst tx = await wallet.sendTransaction({ to: txIntent.to, data: txIntent.data, value: txIntent.value });\nconst receipt = await tx.wait();\nconst secretId = keyManagement.extractSecretIdFromReceipt(receipt.logs);\n\n// Wait for sync\nlet ready = false;\nwhile (!ready) {\n ready = await keyManagement.isSecretReady({ chainId, controllerAddress, readClient: sdk.readClient }, secretId);\n if (!ready) await new Promise(r => setTimeout(r, 5000));\n}\n\n// Encrypt & decrypt\nconst enc = await blackbox.payload.encryptPayload({\n chainId, secretId, plaintext: 'Hello CIFER!', signer,\n readClient: sdk.readClient, blackboxUrl: sdk.blackboxUrl,\n});\nconst dec = await blackbox.payload.decryptPayload({\n chainId, secretId, encryptedMessage: enc.encryptedMessage, cifer: enc.cifer,\n signer, readClient: sdk.readClient, blackboxUrl: sdk.blackboxUrl,\n});\nconsole.log(dec.decryptedMessage); // \"Hello CIFER!\"" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/TIP-citron/cifer-security", "publisherUrl": "https://clawhub.ai/TIP-citron/cifer-security", "owner": "TIP-citron", "version": "0.3.1", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/cifer-security", "downloadUrl": "https://openagent3.xyz/downloads/cifer-security", "agentUrl": "https://openagent3.xyz/skills/cifer-security/agent", "manifestUrl": "https://openagent3.xyz/skills/cifer-security/agent.json", "briefUrl": "https://openagent3.xyz/skills/cifer-security/agent.md" } }