Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →

@hpke/hybridkem-x-wing

Package Overview

Dependencies

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

@hpke/hybridkem-x-wing

A Hybrid Public Key Encryption (HPKE) module extension for X-Wing: general-purpose hybrid post-quantum KEM.

0.5.0
latest
Source
npm

Version published: 2 weeks ago

Maintainers: 1

Created: 3 weeks ago

Source

@hpke/hybridkem-x-wing

A TypeScript Hybrid Public Key Encryption (HPKE) module extension for X-Wing: general-purpose hybrid post-quantum KEM.

Documentation: jsr.io | pages (only for the latest ver.)

An example of use:

import { Aes256Gcm, CipherSuite, HkdfSha256 } from "@hpke/core";
import { XWing } from "@hpke/hybridkem-x-wing";

async function doHpke() {
  const suite = new CipherSuite({
    kem: new XWing(),
    kdf: new HkdfSha256(),
    aead: new Aes256Gcm(),
  });

  // NOTE: The following support for JWKs with the AKP key type is experimental.
  // Please be aware that the specifications are subject to change without notice.
  const jwkPub = {
    kty: "AKP",
    kid: "01",
    alg: "X-Wing",
    pub:
      "4iNrNajCSzmxCqEyOpapGaLO2IQAYzp7BxMXE_wUsrWxnPw9pfoaksSfJVE-D9MNaxYRyauWNdcIZyekt9IdNCROZpac8Vs7KnhTKfYbCWsnfqA3ODR5prVW3nIx_kt_qcmsJMBpmgAYpSU0AbrPqQXKgWVz5WotLgZ-m3KHUzuhOpN97bMfpEus7UB2mSNhADSuMeYZoXAkUZmzxcOYZIWf4bTJcXoHwwSVvfuYoKACzPVsEobO9QQd7ePETPFr9WLHRIUYAms9i5lAaAq9OKFXX9J7WNoGO_rDLDnDCGk3TAXBrrGJi2swPMaL5FU0buCvaZY2IkoUjKKuoQRjERxwn2m2nHDOhTh0ZpjExgqa7wAwx5JM7sQqXTaBb1RerhMpNGCzrLN-oOE9cOSqeGhto5ioOXwI6vloghE_5Pe61NpAsFAeHHU-_nMFPIcBToZhwzCZr-i-3kFKWxqifYOSs-Ex6acMEFWHgkDK0PQNX-PN-FI26tl-KpdEg2OygIyq_VFs0lBSxcNiVDwlF-Ss0OYOwHFjAJtkJfwyJ3rO5xwkurU-2fKedMZqCjVklVmY12uWqai1DRY1pNemfrQt9WRNMwRXKTqAQvU8x6aSiPF-1Vgn6Cso6CZlqGoU-9lmReyoFywET4O8DYwLTIYmmFYxyoevgpBo8TWJY8szNmTKSCdjujs7sghXf5umrGLCX3ZZJ0O2S-UZMXcUy0ECy3svmiWytPBhXeMd7NnKVQJtbaC2URGxb-Uv7tikh-FERiptupNyj1ALb_xJ5RVWnvJf7Rev9SBQc2glNSWGD1i-O-YclkYEpqyBTmk1WWQCpSCkZws9KEMYhmWT0VpLsBw14-WH7gxn0ogNbyQH-3pwcSuDjeuWxde_K0S89gOMy-M_vPUaVKWE_pAIPJHHptQ9T7FfSMYML9ZuCoqtStZOXEK7iHfA6-wrXjh8ipiP3CO-ueFsh1d4HgoUmcYeE4wh8hbCnQdpeYccqmlCuvwJBUS-6ZtUsWy5qaNk1iRtn0LM5TxmtZxFyPmukpmnXRUYDDyVIVGpG3oQdyQp3Ey65vzGIvqAGMY0OfiQYwuZKNtrt_lDiuQGXtNNc9SG8_UvkPCAfciN_djHKOlU8aw1wGwADOQaBYJYDju1e2cpcokKxeeYjnhQZXEW8bV9CAmq7ewL7eGuFIFIMRxvfjFzRuUYn7jNY1uYb4wL3SdkHFhLd4s6kRqAvhyWkquOG7sSg5VzzOGd8YO0WDW7tVBS-fxmoWeO8qNt6nhBHmyNYFAbTmBZLRNpipQ7UJGF25EuLqEL4GFxI2syfHFxYJTJZKaLAzd_UToFvNmcHzRlg7sFKXehChKt_HWANOVhfaTBJ2WF5XdOHzuZeLCdDpxE07yGFRxDqtGFcScXNAIjrDgdIRUKBClOl7sTu9ohtaGCttqWnhmn_QcnN_qOiApTwkKOPQSbfSGXQFKW3bNhkSp7z0gnztYR0Men2hBN3kMiCVM59kph1bsQj_C_TXgMrlCfsiwlaRQZP_c0kEJYEjfVIoKIJO4739B_sD8flC0uoXn-ci8GzAPeW2mFntsG7_OJsn3OWYRFcCFiI1k9S6MtmrrIzQSQQO9lNA",
    key_ops: [],
  };
  const pk = await suite.kem.importKey("jwk", jwkPub, true);
  // In addition to importing keys from external sources, you can also generate keys as follows:
  //   const rkp = await suite.kem.generateKeyPair();
  //   const rkp = await suite.kem.deriveKeyPair(random32bytesValue);

  const sender = await suite.createSenderContext({ recipientPublicKey: pk });

  const jwkPriv = {
    kty: "AKP",
    kid: "01",
    alg: "X-Wing",
    priv: "f5wrpOiPgn1hYEVQdgWFPtc7gJP277yI6xpurPpm7yY",
    key_ops: ["deriveBits"],
  };
  const sk = await suite.kem.importKey("jwk", jwkPriv, false);
  const recipient = await suite.createRecipientContext({
    recipientKey: sk,
    enc: sender.enc,
  });
  const encrypted = await sender.seal(
    new TextEncoder().encode("Hellow world!"),
  );
  const pt = await recipient.open(encrypted);

  // Hello world!
  console.log(new TextDecoder().decode(pt));
}

try {
  doHpke();
} catch (err: unknown) {
  console.log("failed:", (err as Error).message);
}

Index

Installation

@hpke/hybridkem-x-wing needs to be used with @hpke/core, which can be installed in the same manner as desribed below.

Node.js

You can install the package with npm, yarn or pnpm.

# Using npm:
npm install @hpke/hybridkem-x-wing
yarn add @hpke/hybridkem-x-wing
pnpm install @hpke/hybridkem-x-wing
# Using jsr:
npx jsr add @hpke/hybridkem-x-wing
yarn dlx jsr add @hpke/hybridkem-x-wing
pnpm dlx jsr add @@hpke/hybridkem-x-wing

The above manner can be used with other JavaScript runtimes that support npm, such as Cloudflare Workers and Bun.

Then, you can use the module from code like this:

import { Aes256Gcm, CipherSuite, HkdfSha256 } from "@hpke/core";
import { XWing } from "@hpke/hybridkem-x-wing";

Deno

For Deno, it is recommended to use the jsr.io registry.

deno add jsr:@hpke/hybridkem-x-wing

Web Browsers

Followings are how to use this module with typical CDNs. Other CDNs can be used as well.

Using esm.sh:

<!-- use a specific version -->
<script type="module">
  import {
    Aes256Gcm,
    CipherSuite,
    HkdfSha256,
  } from "https://esm.sh/@hpke/core@<SEMVER>";
  import { XWing } from "https://esm.sh/@hpke/hybridkem-x-wing@<SEMVER>";
  // ...
</script>

<!-- use the latest stable version -->
<script type="module">
  import {
    Aes256Gcm,
    CipherSuite,
    HkdfSha256,
  } from "https://esm.sh/@hpke/core";
  import { XWing } from "https://esm.sh/@hpke/hybridkem-x-wing";
  // ...
</script>

Using unpkg:

<!-- use a specific version -->
<script type="module">
  import {
    Aes256Gcm,
    CipherSuite,
    HkdfSha256,
  } from "https://unpkg.com/@hpke/core@<SEMVER>/esm/mod.js";
  import { XWing } from "https://unpkg.com/@hpke/hybridkem-x-wing@<SEMVER>/esm/mod.js";
  // ...
</script>

Usage

This section shows some typical usage examples.

Node.js

import { Aes256Gcm, CipherSuite, HkdfSha256 } from "@hpke/core";
import { XWing } from "@hpke/hybridkem-x-wing";

async function doHpke() {
  // setup
  const suite = new CipherSuite({
    kem: new XWing(),
    kdf: new HkdfSha256(),
    aead: new Aes256Gcm(),
  });

  const rkp = await suite.kem.generateKeyPair();

  // Note that the `ct` (ciphertext) resulting from X-Wing Encapsulate() is set to `sender.enc`.
  const sender = await suite.createSenderContext({
    recipientPublicKey: rkp.publicKey,
  });

  // encrypt
  const encrypted = await sender.seal(new TextEncoder().encode("Hello world!"));

  const recipient = await suite.createRecipientContext({
    recipientKey: rkp.privateKey,
    enc: sender.enc, // == `ct` (ciphertext) in the context of X-Wing
  });

  // decrypt
  const pt = await recipient.open(encrypted);

  // Hello world!
  console.log(new TextDecoder().decode(pt));
}

try {
  doHpke();
} catch (err) {
  console.log("failed:", err.message);
}

Deno

import { Aes256Gcm, CipherSuite, HkdfSha256 } from "@hpke/core";
import { XWing } from "@hpke/hybridkem-x-wing";

async function doHpke() {
  // setup
  const suite = new CipherSuite({
    kem: new XWing(),
    kdf: new HkdfSha256(),
    aead: new Aes256Gcm(),
  });

  const rkp = await suite.kem.generateKeyPair();

  // Note that the `ct` (ciphertext) resulting from X-Wing::Encapsulate() is set to `sender.enc`.
  const sender = await suite.createSenderContext({
    recipientPublicKey: rkp.publicKey,
  });

  // encrypt
  const encrypted = await sender.seal(new TextEncoder().encode("Hello world!"));

  const recipient = await suite.createRecipientContext({
    recipientKey: rkp.privateKey,
    enc: sender.enc, // == `ct` (ciphertext) in the context of X-Wing
  });

  // decrypt
  const pt = await recipient.open(encrypted);

  // Hello world!
  console.log(new TextDecoder().decode(pt));
}

try {
  doHpke();
} catch (_err: unknown) {
  console.log("failed.");
}

Web Browsers

<html>
  <head></head>
  <body>
    <script type="module">
      import {
        Aes256Gcm,
        CipherSuite,
        HkdfSha256,
      } from "https://esm.sh/@hpke/core";
      import { XWing } from "https://esm.sh/@hpke/hybridkem-x-wing";

      globalThis.doHpke = async () => {
        try {
          const suite = new CipherSuite({
            kem: new XWing(),
            kdf: new HkdfSha256(),
            aead: new Aes256Gcm(),
          });

          const rkp = await suite.kem.generateKeyPair();

          // Note that the `ct` resulting from X-Wing::Encapsulate() is set to `sender.enc`.
          const sender = await suite.createSenderContext({
            recipientPublicKey: rkp.publicKey,
          });
          // encrypt
          const encrypted = await sender.seal(
            new TextEncoder().encode("Hello world!"),
          );

          const recipient = await suite.createRecipientContext({
            recipientKey: rkp.privateKey, // rkp (CryptoKeyPair) is also acceptable.
            enc: sender.enc, // == `ct` (ciphertext) in the context of X-Wing
          });

          // decrypt
          const pt = await recipient.open(encrypted);

          // Hello world!
          alert(new TextDecoder().decode(pt));
        } catch (err) {
          alert("failed:", err.message);
        }
      };
    </script>
    <button type="button" onclick="doHpke()">do HPKE</button>
  </body>
</html>

Contributing

We welcome all kind of contributions, filing issues, suggesting new features or sending PRs.

Keywords

FAQs

What is @hpke/hybridkem-x-wing?

Is @hpke/hybridkem-x-wing well maintained?

Package last updated on 07 Nov 2024

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install