A Common Approach to IP Address Encryption
IPCrypt is a simple, open specification for encrypting and obfuscating IP addresses, balancing privacy considerations with practical network operations.
What is IPCrypt?
IPCrypt is a simple, open specification that defines methods for encrypting and obfuscating IP addresses. It offers both deterministic format-preserving and non-deterministic approaches that work with both IPv4 and IPv6 addresses.
Unlike truncation that destroys data irreversibly and hashing that cannot be reversed, IPCrypt provides cryptographically secure, reversible encryption designed for high-performance processing at network speeds.
Simplicity is a core value in IPCrypt's design. Rather than trying to create new cryptographic methods, we've used established standards that are well-understood and widely available, making it easier for anyone to implement.
Key Features
Privacy Protection
Prevent exposure of sensitive user information to third parties without key access, addressing data minimization concerns from RFC6973.
Format Preservation
Deterministic mode produces valid IP addresses, enabling encrypted addresses to flow through existing infrastructure without modification.
Correlation Protection
Non-deterministic modes use random tweaks to produce different ciphertexts for the same IP, preventing pattern analysis.
Privacy-Preserving Analytics
Count unique clients, implement rate limiting, and perform deduplication directly on encrypted addresses without revealing original values.
Seamless Integration
Use encrypted IPs as privacy-preserving identifiers when interacting with untrusted services, cloud providers, or external platforms.
High Performance
All variants operate on exactly 128 bits, achieving single-block encryption speed critical for network-rate processing.
See IPCrypt in Action
Each mode offers different privacy and operational characteristics. See how the same IP addresses transform:
ipcrypt-deterministic
Format-preservingValid IP addresses, same input always produces same output
ipcrypt-pfx
Prefix-preservingMaintains network structure, same prefix when IPs share prefix
ipcrypt-nd
Non-deterministicCompact 24-byte output, different each time
ipcrypt-ndx
Extended non-deterministic32-byte output, unlimited operations per key
Community Implementations
Freely Available in Many Programming Languages
IPCrypt has been implemented in Python, C, Rust, JavaScript, Go, Java, Lua, Swift, Elixir, Ruby, Kotlin, AWK, Dart, Zig, PHP, D, and more, making it accessible to developers across different platforms.
Each implementation is open source and follows the same specification, allowing developers to choose the language that best fits their project.
Browse All ImplementationsInteractive Playground
Try IPCrypt in Your Browser
Experience IPCrypt directly in your browser with our interactive playground. Encrypt and decrypt IP addresses using different modes, generate random keys and tweaks, and see the results instantly.
The playground uses the JavaScript implementation of IPCrypt, allowing you to test all four encryption modes with both IPv4 and IPv6 addresses.
Try the PlaygroundJoin the Community
Interested in using or contributing to IPCrypt? Explore our resources, try the interactive playground, or check out the open source implementations. All are freely available for anyone to use.