Class CipherSuite

The Hybrid Public Key Encryption (HPKE) ciphersuite, which is implemented using only Web Cryptography API.

This class is the same as @hpke/core#CipherSuiteNative as follows: which supports only the ciphersuites that can be implemented on the native Web Cryptography API. Therefore, the following cryptographic algorithms are not supported for now:

  • DHKEM(X25519, HKDF-SHA256)
  • DHKEM(X448, HKDF-SHA512)
  • ChaCha20Poly1305

In addtion, the HKDF functions contained in this CipherSuiteNative class can only derive keys of the same length as the hashSize.

If you want to use the unsupported cryptographic algorithms above or derive keys longer than the hashSize, please use hpke-js#CipherSuite.

This class provides following functions:

The calling of the constructor of this class is the starting point for HPKE operations for both senders and recipients.

Example: Use only ciphersuites supported by Web Cryptography API.

import {
  Aes128Gcm,
  DhkemP256HkdfSha256,
  HkdfSha256,
  CipherSuite,
} from "@hpke/core";

const suite = new CipherSuite({
  kem: new DhkemP256HkdfSha256(),
  kdf: new HkdfSha256(),
  aead: new Aes128Gcm(),
});

Example: Use a ciphersuite which is currently not supported by Web Cryptography API.

import { Aes128Gcm, HkdfSha256, CipherSuite } from "@hpke/core";
import { DhkemX25519HkdfSha256 } from "@hpke/dhkem-x25519";
const suite = new CipherSuite({
  kem: new DhkemX25519HkdfSha256(),
  kdf: new HkdfSha256(),
  aead: new Aes128Gcm(),
});

Hierarchy (View Summary)

Constructors

constructor

Properties

_api _kem

Accessors

aead kdf kem

Methods

_setup createRecipientContext createSenderContext open seal

Constructors

constructor

Properties

Protected_api

_api: undefined | SubtleCrypto

Protected_kem

_kem: KemInterface

Accessors

aead

  • get aead(): AeadInterface

  • Gets the AEAD context of the ciphersuite.

    Returns AeadInterface

kdf

  • get kdf(): KdfInterface

  • Gets the KDF context of the ciphersuite.

    Returns KdfInterface

kem

  • get kem(): KemInterface

  • Gets the KEM context of the ciphersuite.

    Returns KemInterface

Methods

Protected_setup

  • _setup(): Promise<void>

  • Returns Promise<void>

createRecipientContext

createSenderContext

open

  • open(
        params: RecipientContextParams,
        ct: ArrayBuffer,
        aad?: ArrayBuffer,
    ): Promise<ArrayBuffer>

  • Decrypts a message from a sender.

    If the error occurred, throws DecapError | DeserializeError | OpenError | ValidationError.

    Parameters

    • params: RecipientContextParams

      A set of parameters for building a recipient encryption context.

    • ct: ArrayBuffer

      An encrypted text as bytes to be decrypted.

    • Optionalaad: ArrayBuffer

      Additional authenticated data as bytes fed by an application.

    Returns Promise<ArrayBuffer>

    A decrypted plain text as bytes.

    Throws

    DecapError, DeserializeError, OpenError, ValidationError

seal

  • seal(
        params: SenderContextParams,
        pt: ArrayBuffer,
        aad?: ArrayBuffer,
    ): Promise<CipherSuiteSealResponse>

  • Encrypts a message to a recipient.

    If the error occurred, throws EncapError | MessageLimitReachedError | SealError | ValidationError.

    Parameters

    • params: SenderContextParams

      A set of parameters for building a sender encryption context.

    • pt: ArrayBuffer

      A plain text as bytes to be encrypted.

    • Optionalaad: ArrayBuffer

      Additional authenticated data as bytes fed by an application.

    Returns Promise<CipherSuiteSealResponse>

    A cipher text and an encapsulated key as bytes.

    Throws

    EncapError, MessageLimitReachedError, SealError, ValidationError

Settings

Member Visibility

On This Page

Constructors
Properties
Accessors
Methods