An implementation of HPKE (RFC 9180) with flexible crypto backends.
From the RFC:
This scheme provides a variant of public-key encryption of arbitrary-sized plaintexts for a recipient public key. It also includes three authenticated variants, including one which authenticates possession of a pre-shared key, and two optional ones which authenticate possession of a KEM private key.
- Base
- PSK
- Auth
- AuthPSK
- DH KEM x25519
- DH KEM P256
- AES GCM 128
- AES GCM 256
- ChaCha20 Poly1305
- Exporter only
- HKDF SHA-256
- HKDF SHA-384
- HKDF SHA-512
This crate does not implement the cryptographic primitives itself. Instead it expects an implementation of the HpkeCrypto trait.
Two backends are provided in this repository
- libcrux backend: a formally verified crypto backend but with limited ciphersuite support for now
- RustCrypto backend: a backend using well established crypto implementations