A Python implementation of HPKE.
Project description
PyHPKE - A Python implementation of HPKE
PyHPKE is a HPKE (Hybrid Public Key Encryption) implementation written in Python.
You can install PyHPKE with pip:
$ pip install pyhpke
And then, you can use it as follows:
from pyhpke import AEADId, CipherSuite, KDFId, KEMId, KEMKey
# The sender side:
suite_s = CipherSuite.new(KEMId.DHKEM_P256_HKDF_SHA256, KDFId.HKDF_SHA256, AEADId.AES128_GCM)
pkr = KEMKey.from_jwk( # from_pem is also available.
{
"kid": "01",
"kty": "EC",
"crv": "P-256",
"x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
"y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
}
)
enc, sender = suite_s.create_sender_context(pkr)
ct = sender.seal(b"Hello world!")
# The recipient side:
suite_r = CipherSuite.new(KEMId.DHKEM_P256_HKDF_SHA256, KDFId.HKDF_SHA256, AEADId.AES128_GCM)
skr = KEMKey.from_jwk(
{
"kid": "01",
"kty": "EC",
"crv": "P-256",
"x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
"y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
"d": "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8",
}
)
recipient = suite_r.create_recipient_context(enc, skr)
pt = recipient.open(ct)
assert pt == b"Hello world!"
Index
Installation
You can install PySETO with pip:
$ pip install pyseto
Supported HPKE Modes and Cipher Suites
Modes
| Base | PSK | Auth | AuthPSK |
|---|---|---|---|
| ✅ | ✅ | ✅ | ✅ |
Key Encapsulation Machanisms (KEMs)
| KEMs | |
|---|---|
| DHKEM (P-256, HKDF-SHA256) | ✅ |
| DHKEM (P-384, HKDF-SHA384) | ✅ |
| DHKEM (P-521, HKDF-SHA512) | ✅ |
| DHKEM (X25519, HKDF-SHA256) | ✅ |
| DHKEM (X448, HKDF-SHA512) | ✅ |
Key Derivation Functions (KDFs)
| KDFs | |
|---|---|
| HKDF-SHA256 | ✅ |
| HKDF-SHA384 | ✅ |
| HKDF-SHA512 | ✅ |
Authenticated Encryption with Associated Data (AEAD) Functions
| AEADs | |
|---|---|
| AES-128-GCM | ✅ |
| AES-256-GCM | ✅ |
| ChaCha20Poly1305 | ✅ |
| Export Only | ✅ |
Usage
from pyhpke import AEADId, CipherSuite, KDFId, KEMId, KEMKey
# The sender side:
suite_s = CipherSuite.new(KEMId.DHKEM_P256_HKDF_SHA256, KDFId.HKDF_SHA256, AEADId.AES128_GCM)
pkr = KEMKey.from_jwk(
{
"kid": "01",
"kty": "EC",
"crv": "P-256",
"x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
"y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
}
)
enc, sender = suite_s.create_sender_context(pkr)
ct = sender.seal(b"Hello world!")
# The recipient side:
suite_r = CipherSuite.new(KEMId.DHKEM_P256_HKDF_SHA256, KDFId.HKDF_SHA256, AEADId.AES128_GCM)
skr = KEMKey.from_jwk(
{
"kid": "01",
"kty": "EC",
"crv": "P-256",
"x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
"y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
"d": "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8",
}
)
recipient = suite_r.create_recipient_context(enc, skr)
pt = recipient.open(ct)
assert pt == b"Hello world!"
API Reference
See Documentation.
Test
You can run tests from the project root after cloning with:
$ tox
Contributing
We welcome all kind of contributions, filing issues, suggesting new features or sending PRs.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
pyhpke-0.3.0.tar.gz
(1.7 MB
view hashes)
Built Distribution
pyhpke-0.3.0-py3-none-any.whl
(44.6 kB
view hashes)
