Thanks to visit codestin.com
Credit goes to github.com

Skip to content
/ hpke Public

Hybrid Public Key Encryption (HPKE) for Node.js, Browser, Cloudflare Workers, Deno, Bun, and other Web-interoperable runtimes

panva.github.io/hpke/

License

MIT license
25 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

panva/hpke

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

69 Commits
.github
.github
 
 
docs
docs
 
 
examples
examples
 
 
test
test
 
 
.gitignore
.gitignore
 
 
.prettierignore
.prettierignore
 
 
.prettierrc.json
.prettierrc.json
 
 
.versionrc.json
.versionrc.json
 
 
CHANGELOG.md
CHANGELOG.md
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
build.cjs
build.cjs
 
 
check-examples.sh
check-examples.sh
 
 
docs-theme.ts
docs-theme.ts
 
 
index.d.ts
index.d.ts
 
 
index.d.ts.map
index.d.ts.map
 
 
index.html
index.html
 
 
index.js
index.js
 
 
index.ts
index.ts
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
tsconfig.docs.json
tsconfig.docs.json
 
 
tsconfig.examples.json
tsconfig.examples.json
 
 
tsconfig.json
tsconfig.json
 
 
tsconfig.test.json
tsconfig.test.json
 
 
typedoc.json
typedoc.json
 
 

Repository files navigation

@panva/hpke

@panva/hpke is a JavaScript module for Hybrid Public Key Encryption (HPKE). This module is designed to work across various Web-interoperable runtimes including Node.js, browsers, Cloudflare Workers, Deno, Bun, and others.

💗 Help the project

Support from the community to continue maintaining and improving this module is welcome. If you find this module useful, please consider supporting this project by becoming a sponsor.

Dependencies: 0

@panva/hpke has no dependencies and it exports tree-shakeable ESM.

API Reference

@panva/hpke is distributed via npmjs.com, jsdelivr.com, and github.com.

Quick Start

import * as HPKE from '@panva/hpke'

// 1. Choose a cipher suite
const suite = new HPKE.CipherSuite(
  HPKE.KEM_DHKEM_P256_HKDF_SHA256,
  HPKE.KDF_HKDF_SHA256,
  HPKE.AEAD_AES_128_GCM,
)

// 2. Generate recipient key pair
const recipient = await suite.GenerateKeyPair()

// 3. Encrypt a message
const plaintext = new TextEncoder().encode('Hello, World!')
const { encapsulatedKey, ciphertext } = await suite.Seal(recipient.publicKey, plaintext)

// 4. Decrypt the message
const decrypted = await suite.Open(recipient.privateKey, encapsulatedKey, ciphertext)
console.log(new TextDecoder().decode(decrypted)) // "Hello, World!"

Examples

For more advanced examples, including how to integrate external cryptographic libraries, see the examples directory.

Supported Runtimes

This module is compatible with JavaScript runtimes that support the utilized Web API globals and standard built-in objects or are Node.js.

The following runtimes are supported (this is not an exhaustive list):

  • Bun
  • Browsers
  • Cloudflare Workers
  • Deno
  • Electron
  • Node.js

Please note that some suites may not be available depending on the runtime used.

Supported Algorithms

Algorithm implementations exposed by this module are built on top of Web Cryptography (and its extensions, e.g. Secure Curves, Modern Algorithms). Runtimes implementing Web Cryptography are not required to support all of its algorithms and so not all algorithms are available in all runtimes, see

This module is designed to be extensible, you can bring outside-built implementations of any KEM, KDF, or AEAD algorithm into any JavaScript runtime by conforming to the respective interfaces (KEM, KDF, or AEAD). This allows you to use alternative cryptographic libraries, native bindings, or specialized hardware implementations alongside the built-in Web Cryptography-based algorithms.

For extended algorithm support across all runtimes, see @panva/hpke-noble, which provides additional KEM, KDF, and AEAD implementations using Paul Miller's @noble cryptographic libraries. These implementations can be freely mixed and matched with the built-in algorithms.

Below are the algorithms built in (based on Web Cryptography) and their runtime support matrix.

KEM

Name ID Node.js Deno Bun Cloudflare Workers Browsers1
DHKEM(P-256, HKDF-SHA256) 0x0010
DHKEM(P-384, HKDF-SHA384) 0x0011
DHKEM(P-521, HKDF-SHA512) 0x0012
DHKEM(X25519, HKDF-SHA256) 0x0020
DHKEM(X448, HKDF-SHA512) 0x0021
ML-KEM-512 0x0040 2
ML-KEM-768 0x0041 2
ML-KEM-1024 0x0042 2
MLKEM768-P256 0x0050 2
MLKEM768-X25519 0x647a 2
MLKEM1024-P384 0x0051 2

KDF

Name ID Node.js Deno Bun Cloudflare Workers Browsers1
HKDF-SHA256 0x0001
HKDF-SHA384 0x0002
HKDF-SHA512 0x0003
SHAKE128 0x0010 2
SHAKE256 0x0011 2
TurboSHAKE128 0x0012
TurboSHAKE256 0x0013

AEAD

Name ID Node.js Deno Bun Cloudflare Workers Browsers1
AES-128-GCM 0x0001
AES-256-GCM 0x0002
ChaCha20Poly1305 0x0003 2
Export-only 0xffff

Supported Versions

Version Security Fixes 🔑 Other Bug Fixes 🐞 New Features ⭐
v0.x Security Policy

Specifications

Details

The algorithm implementations in @panva/hpke have been tested using test vectors from their respective specifications.

Footnotes

  1. Test browser compatibility live at https://panva.github.io/hpke/ 2 3

  2. Available in Node.js versions >= 24.7.0 2 3 4 5 6 7 8 9

About

Hybrid Public Key Encryption (HPKE) for Node.js, Browser, Cloudflare Workers, Deno, Bun, and other Web-interoperable runtimes

panva.github.io/hpke/

Topics

hpke

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity

Stars

25 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases 19

v1.0.3 Latest
Dec 21, 2025
+ 18 releases

Sponsor this project

 
Learn more about GitHub Sponsors

Contributors 3

  •  
  •  
  •  

Languages