Since Hugo does not support encryption functions, many Hugo themes that claim to encrypt posts typically employ pseudo-encryption or code obfuscation.
I implemented true post encryption using a different approach:
-
Add a
passwordfield to the front-matter of each post. -
Generate the static site with Hugo (at this point, even the RSS feed will display “This content is encrypted” for encrypted posts).
-
Use a script to iterate through all posts in the
public/postdirectory. Based on the characteristics of the main content and the directory’sdivtags, encrypt all internal content using AES-GCM and store it as an attribute within thediv. -
Write a JavaScript decryption script as a partial reference. After the main content is encrypted and hidden, a password input box will appear in the content area. This decryption script uses the WebCrypto API and leverages hardware acceleration by default, making decryption extremely fast.
Demo post: MHW Mod Development (password:123456) | HackYourHeart Demo
Note: Run the encryption script after generating the Hugo site. If you then use hugo server to preview locally, you’ll find that the content hasn’t been encrypted, because hugo server detects file changes and automatically regenerates them. Therefore, first start hugo server, and once the server is running, execute the encryption script.
Note: Some JavaScript files are dynamically loaded using the ‘DOMContentLoaded’ event. If the encrypted JavaScript cannot find the relevant elements, it will not be triggered. Therefore, when writing a decryption script, you must execute these JavaScript files after successful decryption.