@hpke/hpke-js
    Preparing search index...

    Class CipherSuite

    The Hybrid Public Key Encryption (HPKE) ciphersuite, which supports all of the ciphersuites defined in RFC9180.

    The class consists of the @hpke/core, @hpke/chcha20poly1305, @hpke/dhkem-x25519 and @hpke/dhkem-x448 internally.

    This class provides following functions:

    • [DEPRECATED] Generates a key pair for the cipher suite.
    • [DEPRECATED] Derives a key pair for the cipher suite.
    • [DEPRECATED] Imports and converts a key to a CryptoKey.
    • Creates encryption contexts both for senders and recipients.
    • Provides single-shot encryption API.

    The calling of the constructor of this class is the starting point for HPKE operations for both senders and recipients.

    import { AeadId, CipherSuite, KdfId, KemId } from "@hpke/hpke-js";

    const suite = new CipherSuite({
      kem: KemId.DhkemP256HkdfSha256,
      kdf: KdfId.HkdfSha256,
      aead: AeadId.Aes128Gcm,
    });

    import { AeadId, CipherSuite, KdfId } from "@hpke/hpke-js";
    // Use an extension module.
    import {
      HybridkemX25519Kyber768,
    } from "@hpke/hybridkem-x25519-kyber768";

    const suite = new CipherSuite({
      kem: new HybridkemX25519Kyber768(),
      kdf: KdfId.HkdfSha256,
      aead: AeadId.Aes128Gcm,
    });

    Hierarchy

    • CipherSuite
      • CipherSuite
    Index

    Constructors

    constructor

    Properties

    _api _kem

    Accessors

    aead kdf kem

    Methods

    _setup createRecipientContext createSenderContext deriveKeyPair generateKeyPair importKey open seal

    Constructors

    Properties

    Protected_api

    _api: SubtleCrypto = undefined

    Protected_kem

    _kem: KemInterface

    Accessors

    Methods

    Protected_setup

    • Imports a public or private key and converts to a CryptoKey.

      Since key parameters for createSenderContext or createRecipientContext are CryptoKey format, you have to use this function to convert provided keys to CryptoKey.

      Basically, this is a thin wrapper function of SubtleCrypto.importKey.

      If the error occurred, throws DeserializeError.

      Parameters

      • format: "raw" | "jwk"

        For now, 'raw' and 'jwk' are supported.

      • key: ArrayBuffer | JsonWebKey

        A byte string of a raw key or A JsonWebKey object.

      • isPublic: boolean = true

        The indicator whether the provided key is a public key or not, which is used only for 'raw' format.

      Returns Promise<CryptoKey>

      A public or private CryptoKey.

      Use KemInterface.generateKeyPair instead.

      DeserializeError

    • Decrypts a message from a sender.

      If the error occurred, throws DecapError | DeserializeError | OpenError | ValidationError.

      Parameters

      • params: RecipientContextParams

        A set of parameters for building a recipient encryption context.

      • ct: ArrayBuffer

        An encrypted text as bytes to be decrypted.

      • aad: ArrayBuffer = ...

        Additional authenticated data as bytes fed by an application.

      Returns Promise<ArrayBuffer>

      A decrypted plain text as bytes.

      DecapError, DeserializeError, OpenError, ValidationError

    Settings

    Member Visibility

    On This Page

    Constructors
    Properties
    Accessors
    Methods