HPKE

    A container for hybrid public key encryption (HPKE) operations.

    HPKE.swift:48
    enum HPKE

    Hybrid public key encryption (HPKE) uses a symmetric encryption algorithm to encrypt data, and encapsulates the symmetric encryption material using a public key encryption algorithm.

    HPKE ensures that the ciphertext wasn’t tampered with after its creation. It can also check the validity of additional cleartext data in apps where you need to send headers or other metadata as cleartext.

    HPKE optionally incorporates sender authentication, allowing the recipient to validate the authenticity of messages using the sender’s public key.

    HPKE is described in the Internet Research Task Force (IRTF) document RFC 9180.

    Sending and receiving messages

    • struct Sender

      A type that represents the sending side of an HPKE message exchange.

    • struct Recipient

      A type that represents the receiving side of an HPKE message exchange.

    Choosing cryptographic algorithms

    • struct Ciphersuite

      Cipher suites to use in hybrid public key encryption.

    • enum AEAD

      The authenticated encryption with associated data (AEAD) algorithms to use in HPKE.

    • enum KDF

      The key derivation functions to use in HPKE.

    • enum KEM

      The key encapsulation mechanisms to use in HPKE.

    • enum DHKEM

      A container for Diffie-Hellman key encapsulation mechanisms (KEMs).

    Handling errors

    • enum Errors

      Hybrid public key encryption (HPKE) errors that CryptoKit uses.