Pure Rust implementation of HPKE (https://www.rfc-editor.org/rfc/rfc9180.html)

Primary LanguageRust


Build & Test crates.io Docs Rust Version

An implementation of HPKE (RFC 9180) with flexible crypto backends.

From the RFC:

This scheme provides a variant of public-key encryption of arbitrary-sized plaintexts for a recipient public key. It also includes three authenticated variants, including one which authenticates possession of a pre-shared key, and two optional ones which authenticate possession of a KEM private key.

Supported HPKE modes

  • Base
  • PSK
  • Auth
  • AuthPSK

Supported cipher suites


  • DH KEM x25519
  • DH KEM P256


  • AES GCM 128
  • AES GCM 256
  • ChaCha20 Poly1305
  • Exporter only


  • HKDF SHA-256
  • HKDF SHA-384
  • HKDF SHA-512

Crypto Backends

This crate does not implement the cryptographic primitives itself. Instead it expects an implementation of the HpkeCrypto trait.