# ADR-025: Password-based encryption via PBKDF2

## Status

Accepted

## Context

Encryption can use PBKDF2 key derivation from a password string or direct AES-GCM with raw key bytes. The hub uses password-based encryption.

## Decision

Use the PBKDF2 pattern for consistency with the hub. The "password" in practice is a base64-encoded 32-byte random key from `generateEncryptionKey()`. PBKDF2 adds security per-encryption (each encryption gets a unique salt), but adds ~100ms latency per operation.

If performance becomes an issue, add an `encryptRaw()` function that skips PBKDF2 for raw key inputs.

## Consequences

- Consistent with hub's crypto implementation
- ~100ms per encrypt/decrypt due to PBKDF2 iterations
- v1 key version uses 100,000 PBKDF2 iterations
- Web Crypto API only — no external crypto dependencies

## References

- [encrypted-data.md](../encrypted-data.md)