11 releases (6 breaking)
0.7.0 | Jul 11, 2024 |
---|---|
0.5.1 | Aug 22, 2023 |
0.5.0 | Oct 4, 2022 |
0.3.0 | May 31, 2022 |
#472 in Cryptography
3,185 downloads per month
Used in 4 crates
(3 directly)
2MB
523 lines
Hybrid public key encryption with algorithms dispatched at runtime
This crate provides a generic-free interface to the hpke
crate, a rust implementation of the draft RFC9180 hybrid public key
encryption
scheme. If you know the specific (aead, kdf, kem) triple at compile
time, you should use the hpke
crate directly.
Currently, this crate only exposes interfaces for the Base mode (0) described in the hpke draft, and within base mode, only stateless single-shot message encryption/decryption, as defined in RFC9180§6
WebAssembly ready
This crate is also published to npm as hpke
as a
typescript/javascript package, and can also be custom built for
specific wasm use cases (omitting unused algorithms) with
wasm-pack
. For an example of using the library from
node, see examples/example.ts
Nightly-only feature to work around a wasm-bindgen bug: cfg_eval
In order to opt out of algo-all
for a wasm build, you must use
nightly and enable the cfg_eval
cargo feature. This is due to
wasm-bindgen#2058. This is not necessary for use
from rust, even when opting out of algo-all
.
Available cargo features:
-
cfg_eval
: allows this crate to be built on nightly rust for wasm withoutalgo-all
. Note thatalgo-all
(all algorithms) will build for wasm on any channel without this feature. disabled by default. Attempting to build for wasm with a subset. -
base-mode-open: Enables hpke base-mode one-shot open behavior (receiver functionality). Enabled by default.
-
base-mode-seal: Enables hpke base-mode one-shot seal behavior (sender functionality). Enabled by default.
-
algo-all: enables all aead, kdf, and kem algorithms. enabled by default.
-
aead-all: Enables
aead-aes-gcm-128
,aead-aes-gcm-256
, andaead-chacha-20-poly-1305
algorithm features. Enabled by default. -
kdf-all: Enables
kdf-sha256
,kdf-sha384
,kdf-sha512
algorithm features. Enabled by default. -
kem-all: Enables
kem-dh-p256-hkdf-sha256
,kem-dh-p384-hkdf-sha384
,kem-dh-p521-hkdf-sha512
, andkem-x25519-hkdf-sha256
algorithm features. Enabled by default. -
serde: enables derived serde serialization and deserialization for all public structs and enums. Disabled by default.
Example feature usage:
To depend on this crate from rust with all algorithms,
base-mode-open
, and base-mode-seal
, use default features.
To depend on this crate from rust with all algorithms and serde
enabled, but without base-mode-seal
: default-features = false, features = ["algo-all", "base-mode-open", "serde"]
To build for wasm without kem-x25519-hkdf-sha256
or
base-mode-open
: wasm-pack build --no-default-features --features aead-all,kdf-all,kem-dh-p256-hkdf-sha256,base-mode-seal,cfg_eval
To build for wasm with all algorithms but without base-mode-open:
wasm-pack build --no-default-features --features algo-all,base-mode-seal
Dependencies
~3.5–6MB
~79K SLoC