So now I’m confused about what you’re asking for.
IMHO, the only time it makes sense to encrypt anything in on-device storage is when:
- your specific threat concern is “blackhat steals device”
- you are willing to make users enter a secret (such as a password) every time the app is launched
(NB: “device” here is used in the broad sense of “whatever is running the app”, so it would cover a PC running in a browser, where stuff is stored to IndexedDB for example)
If you are trying to store something on a user’s device that (a) you don’t want the user to be able to access, but (b) your app running on that user’s device must be able to access (which is what I fear that @distante is doing), forget it. That is impossible, and any encryption employed serves only to needlessly complicate development, providing only an illusion of security.
If you’re still here, and your use case still matches what I’m talking about, then I suspect that one reason Cordova secure storage got EOLed is that as of today, WebCrypto is usable in major browsers. I mentioned scrypt earlier in this thread as my preferred KDF (there are others). If you have no particular symmetric algorithm preference for the actual encryption, I would recommend AES-GCM. The source for that live browser compatibility table has example code.