Tiny Cryptography MCP Server

Overview

The Tiny Cryptography MCP Server is a lightweight, Express.js‑based service that exposes a suite of cryptographic primitives via the Model Context Protocol (MCP). By offering key‑pair generation, shared‑secret derivation, and AES‑CCM encryption/decryption through well‑defined MCP tools, it enables AI assistants to perform end‑to‑end secure communication with external systems or other agents without embedding sensitive keys in the model itself. This abstraction is especially valuable for developers building AI‑driven workflows that require confidentiality, integrity, and authenticity—such as encrypted message passing between chatbots, secure data exchange in multi‑tenant applications, or private user‑to‑user messaging over public networks.

At its core, the server implements four main tools: generateKeyPair, which creates an SJCL P‑256 elliptic‑curve key pair while keeping the private key confidential; deriveSharedSecret, which computes a shared secret from one party’s private key and the other’s public key; encrypt, which protects payloads using SJCL AES‑CCM with the derived secret; and decrypt, which reverses that process. These operations are exposed through MCP’s standard request/response format, allowing any compliant language model to invoke them as if they were native functions. The server also supports Server‑Sent Events (SSE) for real‑time, low‑latency communication—a critical feature when an AI model needs to stream encrypted updates or listen for key exchange events without polling.

Developers can integrate this MCP server into a variety of AI workflows. For instance, an LLM orchestrator might use generateKeyPair to bootstrap a secure channel with another assistant, exchange public keys over the network, and then use encrypt/decrypt to protect subsequent message exchanges. In a multi‑tenant SaaS platform, each tenant could obtain its own key pair from the MCP server, ensuring that data shared between tenants remains isolated. The SSE endpoint further enables event‑driven architectures where the model reacts instantly to cryptographic events, such as a key compromise alert or a new session initiation.

What sets this server apart is its reliance on the Stanford JavaScript Crypto Library (SJCL), a battle‑tested cryptographic toolkit that guarantees strong security properties while remaining fully client‑side compatible. By packaging SJCL operations behind MCP, the server sidesteps common pitfalls of manual cryptography—key mishandling, insecure defaults, or inconsistent padding—providing developers with a single source of truth for all cryptographic needs. The result is a robust, standards‑compliant foundation that lets AI assistants focus on high‑level reasoning while delegating sensitive operations to a proven, auditable backend.