HPKE

An implementation of [HPKE (RFC 9180)] with flexible crypto backends.

From the RFC:

This scheme provides a variant of public-key encryption of arbitrary-sized plaintexts for a recipient public key. It also includes three authenticated variants, including one which authenticates possession of a pre-shared key, and two optional ones which authenticate possession of a KEM private key.

Supported HPKE modes

• Base
• PSK
• Auth
• AuthPSK

Supported cipher suites

KEM

• DH KEM x25519
• DH KEM P256

AEAD

• AES GCM 128
• AES GCM 256
• ChaCha20 Poly1305
• Exporter only

KDF

• HKDF SHA-256
• HKDF SHA-384
• HKDF SHA-512

Crypto Backends

This crate does not implement the cryptographic primitives itself. Instead it expects an implementation of the [HpkeCrypto] trait.