hpke/examples/03-exporter.ts at main · panva/hpke · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
import * as HPKE from '../index.ts'

const encoder = new TextEncoder()

// Cipher suite components (agreed upon by both sender and recipient upfront)
const suite = new HPKE.CipherSuite(
  HPKE.KEM_DHKEM_P256_HKDF_SHA256,
  HPKE.KDF_HKDF_SHA256,
  HPKE.AEAD_AES_128_GCM,
)

// Recipient: Generate a key pair
const recipientKeyPair = await suite.GenerateKeyPair()

// Sender: Setup sender context
const { encapsulatedSecret, ctx: senderCtx } = await suite.SetupSender(recipientKeyPair.publicKey)

// Recipient: Setup recipient context
const recipientCtx = await suite.SetupRecipient(recipientKeyPair, encapsulatedSecret)

// Both parties can export secrets using the same exporter context
const exporterContext1 = encoder.encode('encryption-key')
const exporterContext2 = encoder.encode('mac-key')

// Sender: Export secrets
const senderDerivedKey1 = await senderCtx.Export(exporterContext1, 32)
const senderDerivedKey2 = await senderCtx.Export(exporterContext2, 16)

// Recipient: Export the same secrets
const recipientDerivedKey1 = await recipientCtx.Export(exporterContext1, 32)
const recipientDerivedKey2 = await recipientCtx.Export(exporterContext2, 16)

// Verify both parties derived the same secrets
console.log(
  'Keys match:',
  senderDerivedKey1.every((byte, i) => byte === recipientDerivedKey1[i]) &&
    senderDerivedKey2.every((byte, i) => byte === recipientDerivedKey2[i]),
) // true

// These derived secrets can be used for:
// - Additional encryption keys
// - MAC keys
// - Session identifiers
// - Any application-specific cryptographic material
console.log('Derived key 1 length:', senderDerivedKey1.length) // 32
console.log('Derived key 2 length:', senderDerivedKey2.length) // 16