#encryption #hpke


runtime algorithmic selection for hybrid public key encryption

7 unstable releases (3 breaking)

Uses new Rust 2021

new 0.4.0 Sep 29, 2022
0.3.0 May 31, 2022
0.2.1 May 31, 2022
0.2.0 Apr 22, 2022
0.1.3 Apr 22, 2022

#141 in Cryptography

Download history 112/week @ 2022-06-12 89/week @ 2022-06-19 88/week @ 2022-06-26 107/week @ 2022-07-03 65/week @ 2022-07-10 100/week @ 2022-07-17 81/week @ 2022-07-24 111/week @ 2022-07-31 149/week @ 2022-08-07 286/week @ 2022-08-14 385/week @ 2022-08-21 312/week @ 2022-08-28 267/week @ 2022-09-04 302/week @ 2022-09-11 369/week @ 2022-09-18 606/week @ 2022-09-25

1,548 downloads per month
Used in 3 crates (via janus_core)

MPL-2.0 license

444 lines

Hybrid public key encryption with algorithms dispatched at runtime

This crate provides a generic-free interface to the hpke crate, a rust implementation of the draft RFC9180 hybrid public key encryption scheme. If you know the specific (aead, kdf, kem) triple at compile time, you should use the hpke crate directly.

Currently, this crate only exposes interfaces for the Base mode (0) described in the hpke draft, and within base mode, only stateless single-shot message encryption/decryption, as defined in RFC9180§6

WebAssembly ready

This crate is also published to npm as hpke as a typescript/javascript package, and can also be custom built for specific wasm use cases (omitting unused algorithms) with wasm-pack. For an example of using the library from node, see examples/example.ts

Nightly-only feature to work around a wasm-bindgen bug: cfg_eval

In order to opt out of algo-all for a wasm build, you must use nightly and enable the cfg_eval cargo feature. This is due to wasm-bindgen#2058. This is not necessary for use from rust, even when opting out of algo-all.

Available cargo features:

  • cfg_eval: allows this crate to be built on nightly rust for wasm without algo-all. Note that algo-all (all algorithms) will build for wasm on any channel without this feature. disabled by default. Attempting to build for wasm with a subset.

  • base-mode-open: Enables hpke base-mode one-shot open behavior (receiver functionality). Enabled by default.

  • base-mode-seal: Enables hpke base-mode one-shot seal behavior (sender functionality). Enabled by default.

  • algo-all: enables all aead, kdf, and kem algorithms. enabled by default.

  • aead-all: Enables aead-aes-gcm-128, aead-aes-gcm-256, and aead-chacha-20-poly-1305 algorithm features. Enabled by default.

  • kdf-all: Enables kdf-sha256, kdf-sha384, kdf-sha512 algorithm features. Enabled by default.

  • kem-all: Enables both kem-dh-p256-hkdf-sha256 and kem-x25519-hkdf-sha256 algorithm features. Enabled by default.

  • serde: enables derived serde serialization and deserialization for all public structs and enums. Disabled by default.

Example feature usage:

To depend on this crate from rust with all algorithms, base-mode-open, and base-mode-seal, use default features.

To depend on this crate from rust with all algorithms and serde enabled, but without base-mode-seal: default-features = false, features = ["algo-all", "base-mode-open", "serde"]

To build for wasm without kem-x25519-hkdf-sha256 or base-mode-open: wasm-pack build --no-default-features --features aead-all,kdf-all,kem-dh-p256-hkdf-sha256,base-mode-seal,cfg_eval

To build for wasm with all algorithms but without base-mode-open: wasm-pack build --no-default-features --features algo-all,base-mode-seal


~59K SLoC