Repository
Current version released
3 years ago
Versions
- 1.2.9Latest
- 1.2.8
- 1.2.7
- 1.2.6
- 1.2.5
- 1.2.4
- 1.2.3
- 1.2.2
- 1.2.1
- 1.2.0
- 1.1.1
- 1.1.0
- 1.0.4
- 1.0.3
- 1.0.2
- 1.0.1
- 1.0.0
- 0.22.2
- 0.22.1
- 0.22.0
- 0.21.0
- 0.20.0
- 0.19.0
- v0.18.5
- 0.18.5
- v0.18.4
- 0.18.4
- v0.18.3
- 0.18.3
- 0.18.2
- v0.18.2
- 0.18.1
- v0.18.1
- 0.18.0
- v0.18.0
- 0.17.2
- v0.17.2
- v0.17.1
- v0.17.0
- v0.16.0
- v0.15.0
- v0.14.0
- 0.13.0
- 0.12.1
- 0.12.0
- v0.11.5
- v0.11.4
- v0.11.3
- v0.11.2
- v0.11.1
- v0.11.0
- v0.10.2
- v0.10.1
- v0.10.0
- v0.9.1
- v0.9.0
- v0.8.0
- v0.7.1
- v0.7.0
- v0.6.0
- v0.5.1
- v0.5.0
- v0.4.1
- v0.4.0
- v0.3.1
- v0.3.0
- v0.2.4
- v0.2.3
- v0.2.2
- v0.2.1
hpke-js
[](https://npm.im/hpke-js)
[](https://codecov.io/gh/dajiaji/hpke-js)
A TypeScript Hybrid Public Key Encryption (HPKE) implementation build on top of Web Cryptography API. This library works on both web browsers and Node.js (**currently, Deno is not supported**).
Index
Supported Features
HPKE Modes
| Modes | Browser | Node.js | Deno |
|---|---|---|---|
| Base | β | β | |
| PSK | β | β | |
| Auth | β | β | |
| AuthPSK | β | β |
Key Encapsulation Machanisms (KEMs)
| KEMs | Browser | Node.js | Deno |
|---|---|---|---|
| DHKEM (P-256, HKDF-SHA256) | β | β | |
| DHKEM (P-384, HKDF-SHA384) | β | β | |
| DHKEM (P-521, HKDF-SHA512) | β | β | |
| DHKEM (X25519, HKDF-SHA256) | |||
| DHKEM (X448, HKDF-SHA512) |
Key Derivation Functions (KDFs)
| KDFs | Browser | Node.js | Deno |
|---|---|---|---|
| HKDF-SHA256 | β | β | |
| HKDF-SHA384 | β | β | |
| HKDF-SHA512 | β | β |
Authenticated Encryption with Associated Data (AEAD) Functions
| AEADs | Browser | Node.js | Deno |
|---|---|---|---|
| AES-128-GCM | β | β | |
| AES-256-GCM | β | β | |
| ChaCha20Poly1305 | |||
| Export Only | β | β |
Installation
Install with npm:
npm install hpke-jsUsage
This section shows some typical usage examples.
Base mode
On Node.js:
const { Kem, Kdf, Aead, CipherSuite } = require("hpke-js");
async function doHpke() {
// setup
const suite = new CipherSuite({
kem: Kem.DhkemP256HkdfSha256,
kdf: Kdf.HkdfSha256,
aead: Aead.Aes128Gcm
});
const rkp = await suite.generateKeyPair();
const sender = await suite.createSenderContext({
recipientPublicKey: rkp.publicKey
});
const recipient = await suite.createRecipientContext({
recipientKey: rkp,
enc: sender.enc,
});
// encrypt
const ct = await sender.seal(new TextEncoder().encode("my-secret-message"));
// decrypt
const pt = await recipient.open(ct);
console.log("decrypted: ", new TextDecoder().decode(pt));
// decripted: my-secret-message
}
doHpke();PSK mode
On Node.js:
const { Kem, Kdf, Aead, CipherSuite } = require("hpke-js");
async function doHpke() {
// setup
const suite = new CipherSuite({
kem: Kem.DhkemP256HkdfSha256,
kdf: Kdf.HkdfSha256,
aead: Aead.Aes128Gcm
});
const rkp = await suite.generateKeyPair();
const sender = await suite.createSenderContext({
recipientPublicKey: rkp.publicKey,
psk: {
id: new TextEncoder().encode("our-pre-shared-key-id"),
key: new TextEncoder().encode("our-pre-shared-key"),
}
});
const recipient = await suite.createRecipientContext({
recipientKey: rkp,
enc: sender.enc,
psk: {
id: new TextEncoder().encode("our-pre-shared-key-id"),
key: new TextEncoder().encode("our-pre-shared-key"),
}
});
// encrypt
const ct = await sender.seal(new TextEncoder().encode("my-secret-message"));
// decrypt
const pt = await recipient.open(ct);
console.log("decrypted: ", new TextDecoder().decode(pt));
// decripted: my-secret-message
}
doHpke();Auth mode
On Node.js:
const { Kem, Kdf, Aead, CipherSuite } = require("hpke-js");
async function doHpke() {
// setup
const suite = new CipherSuite({
kem: Kem.DhkemP256HkdfSha256,
kdf: Kdf.HkdfSha256,
aead: Aead.Aes128Gcm
});
const rkp = await suite.generateKeyPair();
const skp = await suite.generateKeyPair();
const sender = await suite.createSenderContext({
recipientPublicKey: rkp.publicKey,
senderKey: skp
});
const recipient = await suite.createRecipientContext({
recipientKey: rkp,
enc: sender.enc,
senderPublicKey: skp.publicKey
});
// encrypt
const ct = await sender.seal(new TextEncoder().encode("my-secret-message"));
// decrypt
const pt = await recipient.open(ct);
console.log("decrypted: ", new TextDecoder().decode(pt));
// decripted: my-secret-message
}
doHpke();AuthPSK mode
On Node.js:
const { Kem, Kdf, Aead, CipherSuite } = require("hpke-js");
async function doHpke() {
// setup
const suite = new CipherSuite({
kem: Kem.DhkemP256HkdfSha256,
kdf: Kdf.HkdfSha256,
aead: Aead.Aes128Gcm
});
const rkp = await suite.generateKeyPair();
const skp = await suite.generateKeyPair();
const sender = await suite.createSenderContext({
recipientPublicKey: rkp.publicKey,
senderKey: skp,
psk: {
id: new TextEncoder().encode("our-pre-shared-key-id"),
key: new TextEncoder().encode("our-pre-shared-key"),
}
});
const recipient = await suite.createRecipientContext({
recipientKey: rkp,
enc: sender.enc,
senderPublicKey: skp.publicKey,
psk: {
id: new TextEncoder().encode("our-pre-shared-key-id"),
key: new TextEncoder().encode("our-pre-shared-key"),
}
});
// encrypt
const ct = await sender.seal(new TextEncoder().encode("my-secret-message"));
// decrypt
const pt = await recipient.open(ct);
console.log("decrypted: ", new TextDecoder().decode(pt));
// decripted: my-secret-message
}
doHpke();Contributing
We welcome all kind of contributions, filing issues, suggesting new features or sending PRs.