Repository
Current version released
3 years ago
Versions
- 1.2.9Latest
- 1.2.8
- 1.2.7
- 1.2.6
- 1.2.5
- 1.2.4
- 1.2.3
- 1.2.2
- 1.2.1
- 1.2.0
- 1.1.1
- 1.1.0
- 1.0.4
- 1.0.3
- 1.0.2
- 1.0.1
- 1.0.0
- 0.22.2
- 0.22.1
- 0.22.0
- 0.21.0
- 0.20.0
- 0.19.0
- v0.18.5
- 0.18.5
- v0.18.4
- 0.18.4
- v0.18.3
- 0.18.3
- 0.18.2
- v0.18.2
- 0.18.1
- v0.18.1
- 0.18.0
- v0.18.0
- 0.17.2
- v0.17.2
- v0.17.1
- v0.17.0
- v0.16.0
- v0.15.0
- v0.14.0
- 0.13.0
- 0.12.1
- 0.12.0
- v0.11.5
- v0.11.4
- v0.11.3
- v0.11.2
- v0.11.1
- v0.11.0
- v0.10.2
- v0.10.1
- v0.10.0
- v0.9.1
- v0.9.0
- v0.8.0
- v0.7.1
- v0.7.0
- v0.6.0
- v0.5.1
- v0.5.0
- v0.4.1
- v0.4.0
- v0.3.1
- v0.3.0
- v0.2.4
- v0.2.3
- v0.2.2
- v0.2.1
hpke-js
A TypeScript Hybrid Public Key Encryption (HPKE) implementation build on top of Web Cryptography API. This library works for both browser-based applications and node.js based applications.
Index
Supported Features
HPKE Modes
| Modes | Browser | Node.js |
|---|---|---|
| Base | β | β |
| PSK | β | β |
| Auth | β | β |
| AuthPSK |
Key Encapsulation Machanisms (KEMs)
| KEMs | Browser | Node.js |
|---|---|---|
| DHKEM (P-256, HKDF-SHA256) | β | β |
| DHKEM (P-384, HKDF-SHA384) | β | β |
| DHKEM (P-521, HKDF-SHA512) | β | β |
| DHKEM (X25519, HKDF-SHA256) | ||
| DHKEM (X448, HKDF-SHA512) |
Key Derivation Functions (KDFs)
| KDFs | Browser | Node.js |
|---|---|---|
| HKDF-SHA256 | β | β |
| HKDF-SHA384 | β | β |
| HKDF-SHA512 | β | β |
Authenticated Encryption with Associated Data (AEAD) Functions
| AEADs | Browser | Node.js |
|---|---|---|
| AES-128-GCM | β | β |
| AES-256-GCM | β | β |
| ChaCha20Poly1305 | ||
| Export Only | β | β |
Installation
Install with npm:
npm install hpkeUsage
This section shows some typical usage examples. See API Documentation for details.
Base mode
On browser:
// The global name is "hpke".
// setup
const suite = new hpke.CipherSuite({
kem: hpke.Kem.DhkemP256HkdfSha256,
kdf: hpke.Kdf.HkdfSha256,
aead: hpke.Aead.Aes128Gcm
});
const rkp = await suite.generateKeyPair();
const sender = await suite.createSenderContext({
recipientPublicKey: rkp.publicKey
});
const recipient = await suite.createRecipientContext({
recipientKey: rkp,
enc: sender.enc,
});
// encrypt
const ct = await sender.seal(new TextEncoder().encode("my-secret-message"));
// decrypt
const pt = await recipient.open(ct);
// new TextDecoder().decode(pt) === "my-secret-message"PSK mode
On browser:
// The global name is "hpke".
// setup
const suite = new hpke.CipherSuite({
kem: hpke.Kem.DhkemP256HkdfSha256,
kdf: hpke.Kdf.HkdfSha256,
aead: hpke.Aead.Aes128Gcm
});
const rkp = await suite.generateKeyPair();
const sender = await suite.createSenderContext({
recipientPublicKey: rkp.publicKey,
psk: {
id: new TextEncoder().encode("our-pre-shared-key-id"),
key: new TextEncoder().encode("our-pre-shared-key"),
}
});
const recipient = await suite.createRecipientContext({
recipientKey: rkp,
enc: sender.enc,
psk: {
id: new TextEncoder().encode("our-pre-shared-key-id"),
key: new TextEncoder().encode("our-pre-shared-key"),
}
});
// encrypt
const ct = await sender.seal(new TextEncoder().encode("my-secret-message"));
// decrypt
const pt = await recipient.open(ct);
// new TextDecoder().decode(pt) === "my-secret-message"Auth mode
On browser:
// The global name is "hpke".
// setup
const suite = new hpke.CipherSuite({
kem: hpke.Kem.DhkemP256HkdfSha256,
kdf: hpke.Kdf.HkdfSha256,
aead: hpke.Aead.Aes128Gcm
});
const rkp = await suite.generateKeyPair();
const skp = await suite.generateKeyPair();
const sender = await suite.createSenderContext({
recipientPublicKey: rkp.publicKey,
senderKey: skp
});
const recipient = await suite.createRecipientContext({
recipientKey: rkp,
enc: sender.enc,
senderPublicKey: skp.publicKey
});
// encrypt
const ct = await sender.seal(new TextEncoder().encode("my-secret-message"));
// decrypt
const pt = await recipient.open(ct);
// new TextDecoder().decode(pt) === "my-secret-message"AuthPSK mode
On browser:
// The global name is "hpke".
// setup
const suite = new hpke.CipherSuite({
kem: hpke.Kem.DhkemP256HkdfSha256,
kdf: hpke.Kdf.HkdfSha256,
aead: hpke.Aead.Aes128Gcm
});
const rkp = await suite.generateKeyPair();
const skp = await suite.generateKeyPair();
const sender = await suite.createSenderContext({
recipientPublicKey: rkp.publicKey,
senderKey: skp,
psk: {
id: new TextEncoder().encode("our-pre-shared-key-id"),
key: new TextEncoder().encode("our-pre-shared-key"),
}
});
const recipient = await suite.createRecipientContext({
recipientKey: rkp,
enc: sender.enc,
senderPublicKey: skp.publicKey,
psk: {
id: new TextEncoder().encode("our-pre-shared-key-id"),
key: new TextEncoder().encode("our-pre-shared-key"),
}
});
// encrypt
const ct = await sender.seal(new TextEncoder().encode("my-secret-message"));
// decrypt
const pt = await recipient.open(ct);
// new TextDecoder().decode(pt) === "my-secret-message"Contributing
We welcome all kind of contributions, filing issues, suggesting new features or sending PRs.