Summary: Methods | Inherited Methods

Hpke

Kotlin |Java

public class Hpke
extends Object

java.lang.Object
↳	android.crypto.hpke.Hpke

Provides access to implementations of HPKE hybrid cryptography as per RFC 9180.

Provider and HPKE suite selection are done via the getInstance methods, and then instances of senders and receivers can be created using newSender or {newReceiver}. Each sender and receiver is independent, i.e. does not share any encapsulated state with other senders or receivers created via this Hpke.

HPKE suites are composed of a key encapsulation mechanism (KEM), a key derivation function (KDF) and an authenticated cipher algorithm (AEAD) as defined in RFC 9180 section 7. NamedParameterSpecs for these can be found in KemParameterSpec, KdfParameterSpec and AeadParameterSpec. These can be composed into a full HPKE suite name used to request a particular implementation using Hpke.getSuiteName(KemParameterSpec, KdfParameterSpec, AeadParameterSpec).

See also:

Summary

Public methods
`static Hpke`	`getInstance(String suiteName)` Returns an Hpke instance configured for the requested HPKE suite, using the highest priority `Provider` which implements it.
`static Hpke`	`getInstance(String suiteName, String providerName)` Returns an Hpke instance configured for the requested HPKE suite, using the requested `Provider` by name.
`static Hpke`	`getInstance(String suiteName, Provider provider)` Returns an Hpke instance configured for the requested HPKE suite, using the requested `Provider`.
`Provider`	`getProvider()` Returns the `Provider` being used by this Hpke instance.
`static String`	`getSuiteName(KemParameterSpec kem, KdfParameterSpec kdf, AeadParameterSpec aead)` Generates a full HPKE suite name from the named parameter specifications of its components, which have names reflecting their usage in RFC 9180.
`byte[]`	`open(PrivateKey recipientKey, byte[] info, Message message, byte[] aad)` One shot API to open a single ciphertext using BASE mode (no authentication).
`Message`	`seal(PublicKey recipientKey, byte[] info, byte[] plaintext, byte[] aad)` One shot API to seal a single message using BASE mode (no authentication).

Inherited methods

From class


        
          java.lang.Object

`Object`	`clone()` Creates and returns a copy of this object.
`boolean`	`equals(Object obj)` Indicates whether some other object is "equal to" this one.
`void`	`finalize()` Called by the garbage collector on an object when garbage collection determines that there are no more references to the object.
`final Class<?>`	`getClass()` Returns the runtime class of this `Object`.
`int`	`hashCode()` Returns a hash code value for the object.
`final void`	`notify()` Wakes up a single thread that is waiting on this object's monitor.
`final void`	`notifyAll()` Wakes up all threads that are waiting on this object's monitor.
`String`	`toString()` Returns a string representation of the object.
`final void`	`wait(long timeoutMillis, int nanos)` Causes the current thread to wait until it is awakened, typically by being notified or interrupted, or until a certain amount of real time has elapsed.
`final void`	`wait(long timeoutMillis)` Causes the current thread to wait until it is awakened, typically by being notified or interrupted, or until a certain amount of real time has elapsed.
`final void`	`wait()` Causes the current thread to wait until it is awakened, typically by being notified or interrupted.

Public methods

getInstance

public static Hpke getInstance (String suiteName)

Returns an Hpke instance configured for the requested HPKE suite, using the highest priority Provider which implements it.

Use Hpke.getSuiteName(KemParameterSpec, KdfParameterSpec, AeadParameterSpec) for generating HPKE suite names from NamedParameterSpecs

Parameters
`suiteName`	`String`: the HPKE suite to use. This value cannot be `null`.

Returns
`Hpke`	an Hpke instance configured for the requested suite. This value cannot be `null`.

Throws
`NoSuchAlgorithmException`	if no Providers can be found for the requested suite

getInstance

public static Hpke getInstance (String suiteName, 
                String providerName)

Returns an Hpke instance configured for the requested HPKE suite, using the requested Provider by name.

Parameters
`suiteName`	`String`: the HPKE suite to use. This value cannot be `null`.
`providerName`	`String`: the name of the provider to use. This value cannot be `null`.

Returns
`Hpke`	an Hpke instance configured for the requested suite and Provider. This value cannot be `null`.

Throws
`IllegalArgumentException`	if providerName is null or empty
`NoSuchAlgorithmException`	if the named Provider does not implement this suite
`NoSuchProviderException`	if no Provider with the requested name can be found

getInstance

public static Hpke getInstance (String suiteName, 
                Provider provider)

Returns an Hpke instance configured for the requested HPKE suite, using the requested Provider.

Parameters
`suiteName`	`String`: the HPKE suite to use. This value cannot be `null`.
`provider`	`Provider`: the provider to use. This value cannot be `null`.

Returns
`Hpke`	an Hpke instance configured for the requested suite and Provider. This value cannot be `null`.

Throws
`IllegalArgumentException`	if provider is null
`NoSuchAlgorithmException`	if the Provider does not implement this suite
`NoSuchProviderException`

getProvider

public Provider getProvider ()

Returns the Provider being used by this Hpke instance.

Returns
`Provider`	the Provider. This value cannot be `null`.

getSuiteName

public static String getSuiteName (KemParameterSpec kem, 
                KdfParameterSpec kdf, 
                AeadParameterSpec aead)

Generates a full HPKE suite name from the named parameter specifications of its components, which have names reflecting their usage in RFC 9180.

Parameters
`kem`	`KemParameterSpec`: the key encapsulation mechanism to use. This value cannot be `null`.
`kdf`	`KdfParameterSpec`: the key derivation function to use. This value cannot be `null`.
`aead`	`AeadParameterSpec`: the AEAD cipher to use. This value cannot be `null`.

Returns
`String`	a fully composed HPKE suite name. This value cannot be `null`.

See also:

open

public byte[] open (PrivateKey recipientKey, 
                byte[] info, 
                Message message, 
                byte[] aad)

One shot API to open a single ciphertext using BASE mode (no authentication).

Parameters
`recipientKey`	`PrivateKey`: private key of the recipient. This value cannot be `null`.
`info`	`byte`: application-supplied information, may be null or empty
`message`	`Message`: the Message to open. This value cannot be `null`.
`aad`	`byte`: optional additional authenticated data, may be null or empty

Returns
`byte[]`	decrypted plaintext. This value cannot be `null`.

Throws
`GeneralSecurityException`	if the decryption fails
`InvalidKeyException`	if recipientKey is null or an unsupported key format

See also:

Opening and sealing

seal

public Message seal (PublicKey recipientKey, 
                byte[] info, 
                byte[] plaintext, 
                byte[] aad)

One shot API to seal a single message using BASE mode (no authentication).

Parameters
`recipientKey`	`PublicKey`: public key of the recipient. This value cannot be `null`.
`info`	`byte`: additional application-supplied information, may be null or empty
`plaintext`	`byte`: the message to send. This value cannot be `null`.
`aad`	`byte`: optional additional authenticated data, may be null or empty

Returns
`Message`	a Message object containing the encapsulated key, ciphertext and aad. This value cannot be `null`.

Throws
`InvalidKeyException`	if recipientKey is null or an unsupported key format

See also:

Opening and sealing