public class HPKEContext
extends java.lang.Object
HPKE.setup*R (recipient) factory methods, or — via the
HPKEContextWithEncapsulation subclass — by one of the
HPKE.setup*S (sender) factories.
The context is stateful: each seal(byte[], byte[]) /
open(byte[], byte[]) call advances an internal sequence number that
is XOR-mixed into the AEAD nonce per RFC 9180 §5.2, allowing a single
context to encrypt or decrypt many messages in order without nonce reuse.
export(byte[], int) derives auxiliary key material from the
exporter secret and is deterministic — repeated calls with the same
(exporterContext, L) return the same bytes.
Senders should use HPKEContextWithEncapsulation.getEncapsulation()
to obtain the enc octet string that must be transmitted alongside
the first ciphertext so the receiver can run the matching setup*R.
| Modifier and Type | Field and Description |
|---|---|
protected AEAD |
aead |
protected byte[] |
exporterSecret |
protected org.bouncycastle.crypto.hpke.HKDF |
hkdf |
protected byte[] |
suiteId |
| Modifier and Type | Method and Description |
|---|---|
byte[] |
expand(byte[] prk,
byte[] info,
int L) |
byte[] |
export(byte[] exportContext,
int L) |
byte[] |
extract(byte[] salt,
byte[] ikm) |
byte[] |
open(byte[] aad,
byte[] ct) |
byte[] |
open(byte[] aad,
byte[] ct,
int ctOffset,
int ctLength) |
byte[] |
seal(byte[] aad,
byte[] message) |
byte[] |
seal(byte[] aad,
byte[] pt,
int ptOffset,
int ptLength) |
protected final AEAD aead
protected final org.bouncycastle.crypto.hpke.HKDF hkdf
protected final byte[] exporterSecret
protected final byte[] suiteId
public byte[] export(byte[] exportContext,
int L)
public byte[] seal(byte[] aad,
byte[] message)
throws InvalidCipherTextException
InvalidCipherTextExceptionpublic byte[] seal(byte[] aad,
byte[] pt,
int ptOffset,
int ptLength)
throws InvalidCipherTextException
InvalidCipherTextExceptionpublic byte[] open(byte[] aad,
byte[] ct)
throws InvalidCipherTextException
InvalidCipherTextExceptionpublic byte[] open(byte[] aad,
byte[] ct,
int ctOffset,
int ctLength)
throws InvalidCipherTextException
InvalidCipherTextExceptionpublic byte[] extract(byte[] salt,
byte[] ikm)
public byte[] expand(byte[] prk,
byte[] info,
int L)