dajiaji / hpke-js Goto Github PK
View Code? Open in Web Editor NEWA Hybrid Public Key Encryption (HPKE) module built on top of Web Cryptography API.
Home Page: https://dajiaji.github.io/hpke-js/docs
License: MIT License
A Hybrid Public Key Encryption (HPKE) module built on top of Web Cryptography API.
Home Page: https://dajiaji.github.io/hpke-js/docs
License: MIT License
When compiling this library with https://github.com/vercel/ncc
I get this error when trying to invoke methods
Error: Cannot find module './src/errors.js'
Reproduction can be found here:
https://github.com/transmute-industries/jose-hpke/blob/main/package.json#L21
https://github.com/transmute-industries/jose-hpke/blob/main/package.json#L22
Seems like it could be related to tsconfig, es modules or the vercel compiler...
It might be nice to expose the HKDFs as utilities, so that libraries taking dependencies on suites defined in the module, can import the HKDFs they want to use directly from the same module... this would for example, help with https://datatracker.ietf.org/doc/draft-housley-lamps-cms-cek-hkdf-sha256/
in the case that a content encryption key needed to be generated for a suite that already used sha256
I am trying to export/serialize the public key with the following code:
import { Aes256Gcm, CipherSuite, HkdfSha512 } from "@hpke/core";
import { DhkemX448HkdfSha512 } from "@hpke/dhkem-x448";
async function doHpke() {
const suite = new CipherSuite({
kem: new DhkemX448HkdfSha512(),
kdf: new HkdfSha512(),
aead: new Aes256Gcm(),
});
const kemContext = await suite.kemContext();
// A recipient generates a key pair.
const rkp = await suite.kem.generateKeyPair();
const rawPubKey = await kemContext.serializePublicKey(rkp.publicKey);
console.log(rawPubKey)
// A sender encrypts a message with the recipient public key.
const sender = await suite.createSenderContext({
recipientPublicKey: rkp.publicKey,
});
const ct = await sender.seal(new TextEncoder().encode("Hello world!"));
I get the following error:
TypeError: suite.kemContext is not a function
Is there something I've overlooked?
Thank you
Hi folks! Thanks for a really useful implementation.
I recently wrote a brief specification for HPKE using DHKEM over secp256k1, for which IANA has allocated the codepoint 0x0016. (I am sorry to report that the code point 0x0013 used in this project's experimental implementation was already allocated to a different DHKEM variant, as you can see from the link above.)
It would be great if this project could update its experimental DHKEM-over-secp256k1 implementation to use this codepoint! I'm happy to submit a pull request---please let me know if/how I can be helpful.
It's sometimes necessary to encode and decode KEM public keys for transmission over the wire. There seems to be an API for doing this on the KemInterface
, but I don't see an obvious way to invoke that. If it's not already done, would it make sense to expose these APIs for use?
This happens when you try to run the examples in the readme directly with jest
.
I tried creating jest.config.js
, but it did not resolve the issue.
with:
module.exports = {
testEnvironment: 'node',
};
This is likely not a problem with your library, but rather with how jest
handles node modules / es modules by default.
"dependencies": {
"hpke-js": "^0.13.0"
},
"devDependencies": {
"jest": "^29.1.2"
}
Work around... don't use jest.
Great work so far on this implementation! What's your plan for X25519 KEM and Chacha20poly1305 encryption since support seems to be spotty in browser for these algorithms?
I'm looking to use this implementation to play around with Oblivious DNS over HTTPS, but the implementation I'm trying to interoperate with only supports the following crypto primitives (KEM: X25519HkdfSha256, KDF: HkdfSha256, AEAD: AesGcm128)
. Should I plan on these cryptographic primitives being limited to only certain JS environments or do you have an idea in mind of how to get them supported in every major environment (particularly concerned about browser env right now)?
_sync:2 Uncaught Error: Cannot find module './src/cipherSuite.js'
at webpackEmptyContext (_sync:2:10)
at eval (mod.js:30:28)
at eval (mod.js:17:17)
at eval (mod.js:26:3)
at ./node_modules/hpke-js/script/mod.js (main.js:372:1)
at __webpack_require__ (main.js:726:42)
at eval (app.js:40:17)
at ./app.js (main.js:19:1)
at __webpack_require__ (main.js:726:42)
at eval (index.js:2:62)
This error occurs when bundling with web pack, a typescript application, that included hpke-js.
I created a PoC here: #301
Anyone has used browserify with this hpke-js library for loading into a Chrome browser extension V3? @dajiaji
I'm running into a problem where I can't import {CipherSuite, KemId, KdfId, etc.} into a browser extension's background.js getting an error that the module does not provide an export named "CipherSuite, ..etc"
Previously hpke-js allows to create reverse direction context.
After v1.00, this feature is dropped.
However, so far (v1.2.3), there isn't a way to construct a new hpke context using exported key, nonce, etc.
Basically what want to do:
The step 2 does not seem to be supported by V1.2.3
I am wondering if we can expose APIs from Ciphersuite to make this possible?
E.g., add a new function called constructRecipientContext(key, base_nonce, seq, exporter_secret) and its variant for SenderContext: constructSenderContext(key, base_nonce, seq, exporter_secret) to CiphersuiteNative
I'd like to bring HPKE to web3 ecosystem. The curve secp256k1
is native on ethereum.
There's some existing js implementation of curve secp256k1
like secp256k1.
I believe that this curve is capable of KEM in HPKE.
I'm asking for your opinion of adding support of secp256k1
. Then I can start to work and submit a pr to this repo.
to activate dependabot.
The hpke-js on npm depends on deprecated noble/curves.
Could you please publish a new version on npm?
The new library is up to 1.64x faster than your current one.
Some protocols that build on top of HPKE, such as Oblivious HTTP, use the KDF and AEAD interfaces associated with a HPKE suite for various things. In the specific case of OHTTP, the KDF and AEAD interfaces are used to encapsulate HTTP responses (pseudocode copied from the draft):
secret = context.Export("message/bhttp response", Nk)
response_nonce = random(max(Nn, Nk))
salt = concat(enc, response_nonce)
prk = Extract(salt, secret)
aead_key = Expand(prk, "key", Nk)
aead_nonce = Expand(prk, "nonce", Nn)
ct = Seal(aead_key, aead_nonce, "", response)
enc_response = concat(response_nonce, ct)
I don't see an obvious was to get access to these interfaces through the things that hpke-js exposes. One could certainly reimplement the KDF and AEAD interfaces on top of WebCrypto, but it seems a lot less error prone if this library allowed the caller to just use the already-implemented functions directly.
@dajiaji, what do you think about exposing these? For context, I'm trying to implement a Javascript version of OHTTP, and this is the last bit that's required.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.