Class DhkemSecp256k1HkdfSha256Experimental

The DHKEM(secp256k1, HKDF-SHA256) for HPKE KEM implementing KemInterface.

This class is implemented using @noble/curves.

The public keys are assumed to be compressed.

The instance of this class can be specified to the CipherSuiteParams as follows:

Example: Use with `@hpke/core`:

import {
  Aes128Gcm,
  CipherSuite,
  HkdfSha256,
} from "@hpke/core";
import { DhkemSecp256k1HkdfSha256 } from "@hpke/dhkem-secp256k1";

const suite = new CipherSuite({
  kem: new DhkemSecp256k1HkdfSha256(),
  kdf: new HkdfSha256(),
  aead: new Aes128Gcm(),
});

Note that it is experimental and not standardized.

Hierarchy

  • Dhkem
    • DhkemSecp256k1HkdfSha256

Constructors

constructor

Properties

_kdf _prim encSize id privateKeySize publicKeySize secretSize

Methods

decap deriveKeyPair deserializePrivateKey deserializePublicKey encap generateKeyPair importKey serializePrivateKey serializePublicKey

Constructors

constructor

Properties

Protected Experimental_kdf

_kdf: KdfInterface

Protected Experimental_prim

_prim: DhkemPrimitives

ExperimentalencSize

encSize: number = 33

33

Experimentalid

id: KemId = KemId.DhkemSecp256k1HkdfSha256

KemId.DhkemSecp256k1HkdfSha256 (0x0013) EXPERIMENTAL

ExperimentalprivateKeySize

privateKeySize: number = 32

32

ExperimentalpublicKeySize

publicKeySize: number = 33

33

ExperimentalsecretSize

secretSize: number = 32

32

Methods

decap

  • decap(params: RecipientContextParams): Promise<ArrayBuffer>
    Experimental

    Recovers the ephemeral symmetric key from its encapsulated representation enc.

    If the error occurred, throws DecapError.

    Parameters

    • params: RecipientContextParams

      A set of parameters for the recipient context.

    Returns Promise<ArrayBuffer>

    A shared secret as the output of the decapsulation step.

    Throws

    DecapError

deriveKeyPair

  • deriveKeyPair(ikm: ArrayBuffer): Promise<CryptoKeyPair>
    Experimental

    Derives a key pair from the byte string ikm.

    If the error occurred, throws DeriveKeyPairError.

    Parameters

    • ikm: ArrayBuffer

      An input keying material.

    Returns Promise<CryptoKeyPair>

    A key pair derived.

    Throws

    DeriveKeyPairError

deserializePrivateKey

  • deserializePrivateKey(key: ArrayBuffer): Promise<CryptoKey>
    Experimental

    Deserializes a private key as a byte string of length Nsk to CryptoKey.

    If the error occurred, throws DeserializeError.

    Parameters

    • key: ArrayBuffer

      A key as bytes.

    Returns Promise<CryptoKey>

    A CryptoKey.

    Throws

    DeserializeError

deserializePublicKey

  • deserializePublicKey(key: ArrayBuffer): Promise<CryptoKey>
    Experimental

    Deserializes a public key as a byte string of length Npk to CryptoKey.

    If the error occurred, throws DeserializeError.

    Parameters

    • key: ArrayBuffer

      A key as bytes.

    Returns Promise<CryptoKey>

    A CryptoKey.

    Throws

    DeserializeError

encap

  • encap(
        params: SenderContextParams,
    ): Promise<{ enc: ArrayBuffer; sharedSecret: ArrayBuffer }>
    Experimental

    Generates an ephemeral, fixed-length symmetric key and a fixed-length encapsulation of the key that can be decapsulated by the holder of the private key corresponding to pkR.

    If the error occurred, throws EncapError.

    Parameters

    • params: SenderContextParams

      A set of parameters for the sender context.

    Returns Promise<{ enc: ArrayBuffer; sharedSecret: ArrayBuffer }>

    A shared secret and an encapsulated key as the output of the encapsulation step.

    Throws

    EncapError

generateKeyPair

  • generateKeyPair(): Promise<CryptoKeyPair>
    Experimental

    Generates a key pair.

    If the error occurred, throws NotSupportedError.

    Returns Promise<CryptoKeyPair>

    A key pair generated.

    Throws

    NotSupportedError

importKey

  • importKey(
        format: "raw" | "jwk",
        key: ArrayBuffer | JsonWebKey,
        isPublic?: boolean,
    ): Promise<CryptoKey>
    Experimental

    Imports a public or private key and converts to a CryptoKey.

    Since key parameters for createSenderContext or createRecipientContext are CryptoKey format, you have to use this function to convert provided keys to CryptoKey.

    Basically, this is a thin wrapper function of SubtleCrypto.importKey.

    If the error occurred, throws DeserializeError.

    Parameters

    • format: "raw" | "jwk"

      For now, 'raw' and 'jwk' are supported.

    • key: ArrayBuffer | JsonWebKey

      A byte string of a raw key or A JsonWebKey object.

    • isPublic: boolean = true

      The indicator whether the provided key is a public key or not, which is used only for 'raw' format.

    Returns Promise<CryptoKey>

    A public or private CryptoKey.

    Throws

    DeserializeError

serializePrivateKey

  • serializePrivateKey(key: CryptoKey): Promise<ArrayBuffer>
    Experimental

    Serializes a private key as CryptoKey to a byte string of length Nsk.

    If the error occurred, throws SerializeError.

    Parameters

    • key: CryptoKey

      A CryptoKey.

    Returns Promise<ArrayBuffer>

    A key as bytes.

    Throws

    SerializeError

serializePublicKey

  • serializePublicKey(key: CryptoKey): Promise<ArrayBuffer>
    Experimental

    Serializes a public key as CryptoKey to a byte string of length Npk.

    If the error occurred, throws SerializeError.

    Parameters

    • key: CryptoKey

      A CryptoKey.

    Returns Promise<ArrayBuffer>

    A key as bytes.

    Throws

    SerializeError

Settings

Member Visibility

On This Page

Constructors
Properties
Methods