aptos-labs
diff --git a/‎CHANGELOG.md‎
Lines changed: 4 additions & 3 deletions b/‎CHANGELOG.md‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎package.json‎
Lines changed: 1 addition & 0 deletions b/‎package.json‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎pnpm-lock.yaml‎
Lines changed: 8 additions & 0 deletions b/‎pnpm-lock.yaml‎
Lines changed: 8 additions & 0 deletions
@@ -6,10 +6,11 @@ All notable changes to the Aptos TypeScript SDK will be captured in this file. T
 
 ## Added
 
-- Add Aptos Keystore: encrypted private key storage standard based on Ethereum's Web3 Secret Storage Definition (keystore v3)
+- Add Aptos Keystore: encrypted private key storage standard based on Ethereum's Web3 Secret Storage Definition
   - Supports all Aptos key types: Ed25519, Secp256k1, Secp256r1
-  - Password-based or key-file-based encryption using scrypt (default) or PBKDF2-HMAC-SHA256 KDFs
-  - AES-128-CTR cipher with SHA-256 MAC for password verification
+  - AES-256-GCM authenticated encryption (no separate MAC needed)
+  - Argon2id KDF by default (via `hash-wasm`), with scrypt and PBKDF2-HMAC-SHA256 as alternatives
+  - Password-based or key-file-based encryption
   - Portable JSON format designed for cross-SDK compatibility (TypeScript, Rust, Python, Go, etc.)
   - New exports: `encryptKeystore`, `decryptKeystore`, `AptosKeyStore`, `KeystorePrivateKey`, `KeystoreEncryptOptions`
 
 
@@ -58,6 +58,7 @@
     "@scure/bip32": "^1.4.0",
     "@scure/bip39": "^1.3.0",
     "eventemitter3": "^5.0.4",
+    "hash-wasm": "^4.12.0",
     "js-base64": "^3.7.7",
     "jwt-decode": "^4.0.0",
     "poseidon-lite": "^0.2.0"