com.google.crypto.tink.hybrid.internal

Interface HpkeKem

@Immutable
public interface HpkeKem

Interface for Hybrid Public Key Encryption (HPKE) key encapsulation mechanism (KEM).

HPKE RFC is available at https://www.rfc-editor.org/rfc/rfc9180.html.

Method Summary

Modifier and Type	Method and Description
byte[]	authDecapsulate(byte[] encapsulatedKey, HpkeKemPrivateKey recipientPrivateKey, byte[] senderPublicKey) Extracts the shared secret from encapsulatedKey using recipientPrivateKey.
com.google.crypto.tink.hybrid.internal.HpkeKemEncapOutput	authEncapsulate(byte[] recipientPublicKey, HpkeKemPrivateKey senderPrivateKey) Similar to encapsulate, but the output additionally encodes an assurance that the KEM shared secret was generated by the holder of senderPrivateKey.
byte[]	decapsulate(byte[] encapsulatedKey, HpkeKemPrivateKey recipientPrivateKey) Extracts the shared secret from encapsulatedKey using recipientPrivateKey.
com.google.crypto.tink.hybrid.internal.HpkeKemEncapOutput	encapsulate(byte[] recipientPublicKey) Generates and encapsulates a shared secret using the recipientPublicKey.
byte[]	getKemId() Returns the HPKE KEM algorithm identifier for the underlying KEM implementation.

Method Detail

encapsulate

com.google.crypto.tink.hybrid.internal.HpkeKemEncapOutput encapsulate(byte[] recipientPublicKey)
                                                               throws GeneralSecurityException

Generates and encapsulates a shared secret using the recipientPublicKey. Returns a HpkeKemEncapOutput object that contains the raw shared secret and the encapsulated key. The HPKE RFC refers to this method as Encap(), which is used by the sender.

Throws:

GeneralSecurityException - when either the shared secret cannot be generated or the shared secret cannot be encapsulated.

decapsulate

byte[] decapsulate(byte[] encapsulatedKey,
                   HpkeKemPrivateKey recipientPrivateKey)
            throws GeneralSecurityException

Extracts the shared secret from encapsulatedKey using recipientPrivateKey. Returns the raw shared secret. The HPKE RFC refers to this method as Decap(), which is used by the recipient.

Throws:

GeneralSecurityException - if the shared secret cannot be extracted.

authEncapsulate

com.google.crypto.tink.hybrid.internal.HpkeKemEncapOutput authEncapsulate(byte[] recipientPublicKey,
                                                                          HpkeKemPrivateKey senderPrivateKey)
                                                                   throws GeneralSecurityException

Similar to encapsulate, but the output additionally encodes an assurance that the KEM shared secret was generated by the holder of senderPrivateKey. Returns a HpkeKemEncapOutput object that contains the raw shared secret and the encapsulated key. The HPKE RFC refers to this method as AuthEncap(), which is used by the sender.

Throws:

GeneralSecurityException - when either the shared secret cannot be generated or the shared secret cannot be encapsulated.

authDecapsulate

byte[] authDecapsulate(byte[] encapsulatedKey,
                       HpkeKemPrivateKey recipientPrivateKey,
                       byte[] senderPublicKey)
                throws GeneralSecurityException

Extracts the shared secret from encapsulatedKey using recipientPrivateKey. The recipient is assured that the KEM shared secret was generated by the holder of the private key corresponding to senderPublicKey. Returns the raw shared secret. The HPKE RFC refers to this method as AuthDecap(), which is used by the recipient.

Throws:

GeneralSecurityException - if the shared secret cannot be extracted.

getKemId

byte[] getKemId()
         throws GeneralSecurityException

Returns the HPKE KEM algorithm identifier for the underlying KEM implementation.

More details at https://www.rfc-editor.org/rfc/rfc9180.html#name-key-encapsulation-mechanism.

Throws:

GeneralSecurityException