AnotherHPKE

HPKE((Hybrid Public Key Encryption)) implementation in Python3 and package cryptography according to RFC 9180.

Usage

from src.anotherhpke import Ciphersuite, KemIds, KdfIds, AeadIds
import os

ciphersuite = Ciphersuite(KemIds.DHKEM_X25519_HKDF_SHA256, KdfIds.HKDF_SHA256, AeadIds.ChaCha20Poly1305)
sender_pri, sender_pub = ciphersuite.kem.derive_key_pair(os.urandom(32))
recipient_pri, recipient_pub = ciphersuite.kem.derive_key_pair(os.urandom(32))

# Sender side
enc, ctx = ciphersuite.SetupBaseS(recipient_pub)
encrypted = ctx.seal(b"plain text")

# Recipient side
ctx = ciphersuite.SetupBaseR(enc, recipient_pri)
decrypted = ctx.open(encrypted)

Feature Matrix

• Modes
  • mode_base
  • mode_psk
  • mode_auth
  • mode_auth_psk
• AEADs
  • AES-128-GCM
  • AES-256-GCM
  • ChaCha20Poly1305
  • AES-256-SIV (Draft only, don't recommend for production use, see this)
  • AES-512-SIV (Draft only, don't recommend for production use, see this)
  • Export only
• KEMs
  • DHKEM(P-256, HKDF-SHA256)
  • DHKEM(P-384, HKDF-SHA384)
  • DHKEM(P-521, HKDF-SHA512)
  • DHKEM(X25519, HKDF-SHA256)
  • DHKEM(X448, HKDF-SHA512)
  • DHKEM(CP-256, HKDF-SHA256)
  • DHKEM(CP-384, HKDF-SHA384)
  • DHKEM(CP-521, HKDF-SHA512)
  • DHKEM(secp256k1, HKDF-SHA256)
  • X25519Kyber768Draft00
• KDFs
  • HKDF-SHA256
  • HKDF-SHA384
  • HKDF-SHA512

Just FYI, our project have a working derive_key_pair function for each implemented KEMs.

Dependency

This project simply uses python3 with package cryptography.

• pip
  pip install cryptography

---

• conda
  conda install -c anaconda cryptography
  or
  conda install -c conda-forge cryptography

License

AGPL-3.0 license