Skip to main content
Deno 2 is finally here 🎉️
Learn more
Module

x/hpke/mod.ts>CipherSuite

A Hybrid Public Key Encryption (HPKE) module built on top of Web Cryptography API.
dajiaji/hpke-js
Latest
class CipherSuite
extends CipherSuiteNative
import { CipherSuite } from "https://deno.land/x/hpke@1.2.9/mod.ts";

The Hybrid Public Key Encryption (HPKE) ciphersuite, which supports all of the ciphersuites defined in RFC9180.

The class consists of the @hpke/core, @hpke/chcha20poly1305, @hpke/dhkem-x25519 and @hpke/dhkem-x448 internally.

This class provides following functions:

  • [DEPRECATED] Generates a key pair for the cipher suite.
  • [DEPRECATED] Derives a key pair for the cipher suite.
  • [DEPRECATED] Imports and converts a key to a CryptoKey.
  • Creates encryption contexts both for senders and recipients.
    • createSenderContext
    • createRecipientContext
  • Provides single-shot encryption API.
    • seal
    • open

The calling of the constructor of this class is the starting point for HPKE operations for both senders and recipients.

Examples

Use only ciphersuites supported internally.

import { AeadId, CipherSuite, KdfId, KemId } from "http://deno.land/x/hpke/mod.ts";

const suite = new CipherSuite({
  kem: KemId.DhkemP256HkdfSha256,
  kdf: KdfId.HkdfSha256,
  aead: AeadId.Aes128Gcm,
});

Use a ciphersuite consisting of an external module.

import { AeadId, CipherSuite, KdfId } from "http://deno.land/x/hpke/mod.ts";
// Use an extension module.
import {
  HybridkemX25519Kyber768,
} from "https://deno.land/x/hpke/x/hybridkem-x25519-kyber768/mod.ts";

const suite = new CipherSuite({
  kem: new HybridkemX25519Kyber768(),
  kdf: KdfId.HkdfSha256,
  aead: AeadId.Aes128Gcm,
});

Constructors

new
CipherSuite(params: CipherSuiteParams)

Methods

deprecated
deriveKeyPair(ikm: ArrayBuffer): Promise<CryptoKeyPair>

Derives a key pair for the cipher suite in the manner defined in RFC9180 Section 7.1.3.

If the error occurred, throws DeriveKeyPairError.

deprecated
generateKeyPair(): Promise<CryptoKeyPair>

Generates a key pair for the cipher suite.

If the error occurred, throws NotSupportedError.

deprecated
importKey(
format: "raw" | "jwk",
key: ArrayBuffer | JsonWebKey,
isPublic?,
): Promise<CryptoKey>

Imports a public or private key and converts to a CryptoKey.

Since key parameters for createSenderContext or createRecipientContext are CryptoKey format, you have to use this function to convert provided keys to CryptoKey.

Basically, this is a thin wrapper function of SubtleCrypto.importKey.

If the error occurred, throws DeserializeError.