Skip to main content
Developer SDK

Zero-Knowledge Encryption. Any Language. Any Platform.

Your existing systems store data in plaintext. The Zeromatics SDK adds end-to-end encryption without replacing anything — in the language you already use.

One Architecture. Every Language.

Same zero-knowledge protocol, native SDKs for every major platform.

C#
.NET / Blazor / MAUI
JS
JavaScript / TypeScript
Py
Python
Go
Golang
Rs
Rust
Jv
Java / Kotlin

All SDKs implement the same IPlatformCryptoProvider protocol. Same encryption output across every language.

An Encryption Layer Between App and Database

// Before: plaintext on server
db.save(record.name) # "John Doe"
db.save(record.national_id) # "35201-1234567-9"
db.save(record.salary) # "450000"
// After: with Zeromatics SDK (any language)
db.save(zk.encrypt(record.name)) # "0x7a3f...b291"
db.save(zk.encrypt(record.national_id)) # "0xe1c9...4f82"
db.save(zk.encrypt(record.salary)) # "0x5d8a...c7e0"
// Search without decryption
db.where(name_sig == zk.hmac("john doe"))
// Returns encrypted rows → decrypt client-side

Why SDK?

No System Replacement

Governments and enterprises spent millions on existing systems. The SDK makes them secure without ripping them out.

Browser, Mobile, Server, Desktop

WebAssembly for browsers. Native libraries for mobile. Server-side for APIs. Same encryption protocol everywhere.

Searchable Encryption

HMAC-SHA512/256 signatures let you query encrypted data. The database matches signatures — never sees plaintext.

FIPS 140-3 Compliance Mode

Switch crypto backends with a config flag. Standard mode (X25519/XChaCha20) or FIPS mode (P-384/AES-256-GCM). Same API.

SDK Components

Client Encryption

Field-level encrypt/decrypt. XChaCha20-Poly1305 with unique nonces. Runs entirely on the client — server never sees plaintext.

Key Management

3-tier key hierarchy derived from credentials. Organization-scoped. Deterministic — same password always derives same keys.

PKI & Certificates

Built-in certificate authority. Ed25519 signed user certificates. Hash-chained event logs for full auditability.

Secure Key Wrapping

X25519 sealed boxes for per-user key distribution. Grant or revoke access instantly without re-encrypting any data.

Cryptographic Stack

Layer Standard Mode FIPS Mode Key Size
Symmetric Encryption XChaCha20-Poly1305 AES-256-GCM 256-bit
Key Exchange X25519 (Curve25519) ECDH P-384 256 / 384-bit
Digital Signatures Ed25519 ECDSA P-384 256 / 384-bit
Password KDF Argon2id (128MB) PBKDF2-HMAC-SHA512 256-bit output
Search Signatures HMAC-SHA512/256 256-bit
Post-Quantum (Hybrid) ML-KEM + ML-DSA (framework ready) --

Ready to Make Your Systems Unbreachable?

Get SDK access, integration guidance, and a technical deep-dive with our engineering team.

Request SDK Access