Class XChaCha20Poly1305

The XChaCha20Poly1305 class provides a suite of utilities for cryptographic operations using the XChaCha20-Poly1305 algorithm, a combination of the XChaCha20 stream cipher and the Poly1305 message authentication code (MAC). This class encompasses methods for key generation, encryption, decryption, and conversions between raw byte arrays and JSON Web Key (JWK) formats.

XChaCha20-Poly1305 is renowned for its high security and efficiency, especially in scenarios involving large data volumes or where data integrity and confidentiality are paramount. The extended nonce size of XChaCha20 reduces the risks of nonce reuse, while Poly1305 provides a strong MAC ensuring data integrity.

Key Features:

  • Key Generation: Generate XChaCha20-Poly1305 symmetric keys in JWK format.
  • Key Conversion: Transform keys between raw byte arrays and JWK formats.
  • Encryption: Encrypt data using XChaCha20-Poly1305, returning both ciphertext and MAC tag.
  • Decryption: Decrypt data and verify integrity using the XChaCha20-Poly1305 algorithm.

The methods in this class are asynchronous, returning Promises to accommodate various JavaScript environments.

Example

// Key Generation
const privateKey = await XChaCha20Poly1305.generateKey();

// Encryption
const data = new TextEncoder().encode('Messsage');
const nonce = utils.randomBytes(24); // 24-byte nonce
const additionalData = new TextEncoder().encode('Associated data');
const { ciphertext, tag } = await XChaCha20Poly1305.encrypt({
  data,
  nonce,
  additionalData,
  key: privateKey
});

// Decryption
const decryptedData = await XChaCha20Poly1305.decrypt({
  data: ciphertext,
  nonce,
  tag,
  additionalData,
  key: privateKey
});

// Key Conversion
const privateKeyBytes = await XChaCha20Poly1305.privateKeyToBytes({ privateKey });

Constructors

constructor

Methods

bytesToPrivateKey decrypt encrypt generateKey privateKeyToBytes

Constructors

constructor

Methods

Static bytesToPrivateKey

  • bytesToPrivateKey(params): Promise<Jwk>

  • Converts a raw private key in bytes to its corresponding JSON Web Key (JWK) format.

    Parameters

    • params: {
          privateKeyBytes: Uint8Array;
      }

      The parameters for the symmetric key conversion.

      • privateKeyBytes: Uint8Array

        The raw symmetric key as a Uint8Array.

    Returns Promise<Jwk>

    A Promise that resolves to the symmetric key in JWK format.

    Remarks

    This method takes a symmetric key represented as a byte array (Uint8Array) and converts it into a JWK object for use with the XChaCha20-Poly1305 algorithm. The process involves encoding the key into base64url format and setting the appropriate JWK parameters.

    The resulting JWK object includes the following properties:

    • kty: Key Type, set to 'oct' for Octet Sequence (representing a symmetric key).
    • k: The symmetric key, base64url-encoded.
    • kid: Key ID, generated based on the JWK thumbprint.

    Example

    const privateKeyBytes = new Uint8Array([...]); // Replace with actual symmetric key bytes
    const privateKey = await XChaCha20Poly1305.bytesToPrivateKey({ privateKeyBytes });

Static decrypt

  • decrypt(params): Promise<Uint8Array>

  • Decrypts the provided data using XChaCha20-Poly1305.

    Parameters

    • params: {
          additionalData?: Uint8Array;
          data: Uint8Array;
          key: Jwk;
          nonce: Uint8Array;
      }

      The parameters for the decryption operation.

      • Optional additionalData?: Uint8Array

        Optional additional authenticated data.

      • data: Uint8Array

        The encrypted data to decrypt including the authentication tag, represented as a Uint8Array.

      • key: Jwk

        The key to use for decryption, represented in JWK format.

      • nonce: Uint8Array

        The nonce used during the encryption process.

    Returns Promise<Uint8Array>

    A Promise that resolves to the decrypted data as a Uint8Array.

    Remarks

    This method performs XChaCha20-Poly1305 decryption on the given encrypted data using the specified key, nonce, and authentication tag. It supports optional additional authenticated data (AAD) for enhanced security. The nonce must be 24 bytes long, consistent with XChaCha20's specifications.

    Example

    const encryptedData = new Uint8Array([...]); // Encrypted data
    const nonce = new Uint8Array(24); // 24-byte nonce
    const additionalData = new Uint8Array([...]); // Optional AAD
    const key = { ... }; // A Jwk object representing the XChaCha20-Poly1305 key
    const decryptedData = await XChaCha20Poly1305.decrypt({
      data: encryptedData,
      nonce,
      additionalData,
      key
    });

Static encrypt

  • encrypt(params): Promise<Uint8Array>

  • Encrypts the provided data using XChaCha20-Poly1305.

    Parameters

    • params: {
          additionalData?: Uint8Array;
          data: Uint8Array;
          key: Jwk;
          nonce: Uint8Array;
      }

      The parameters for the encryption operation.

      • Optional additionalData?: Uint8Array

        Optional additional authenticated data.

      • data: Uint8Array

        The data to encrypt, represented as a Uint8Array.

      • key: Jwk

        The key to use for encryption, represented in JWK format.

      • nonce: Uint8Array

        A 24-byte nonce for the encryption process.

    Returns Promise<Uint8Array>

    A Promise that resolves to a byte array containing the encrypted data and the authentication tag.

    Remarks

    This method performs XChaCha20-Poly1305 encryption on the given data using the specified key and nonce. It supports optional additional authenticated data (AAD) for enhanced security. The nonce must be 24 bytes long, as per XChaCha20's specifications. The method returns the encrypted data along with an authentication tag as a Uint8Array, ensuring both confidentiality and integrity of the data.

    Example

    const data = new TextEncoder().encode('Messsage');
    const nonce = utils.randomBytes(24); // 24-byte nonce
    const additionalData = new TextEncoder().encode('Associated data'); // Optional AAD
    const key = { ... }; // A Jwk object representing an XChaCha20-Poly1305 key
    const encryptedData = await XChaCha20Poly1305.encrypt({
      data,
      nonce,
      additionalData,
      key
    });

Static generateKey

  • generateKey(): Promise<Jwk>

  • Generates a symmetric key for XChaCha20-Poly1305 in JSON Web Key (JWK) format.

    Returns Promise<Jwk>

    A Promise that resolves to the generated symmetric key in JWK format.

    Remarks

    This method creates a new symmetric key suitable for use with the XChaCha20-Poly1305 algorithm. The key is generated using cryptographically secure random number generation to ensure its uniqueness and security. The XChaCha20-Poly1305 algorithm requires a 256-bit key (32 bytes), and this method adheres to that specification.

    Key components included in the JWK:

    • kty: Key Type, set to 'oct' for Octet Sequence.
    • k: The symmetric key component, base64url-encoded.
    • kid: Key ID, generated based on the JWK thumbprint.

    Example

    const privateKey = await XChaCha20Poly1305.generateKey();

Static privateKeyToBytes

  • privateKeyToBytes(params): Promise<Uint8Array>

  • Converts a private key from JSON Web Key (JWK) format to a raw byte array (Uint8Array).

    This method takes a symmetric key in JWK format and extracts its raw byte representation. It decodes the 'k' parameter of the JWK value, which represents the symmetric key in base64url encoding, into a byte array.

    Parameters

    • params: {
          privateKey: Jwk;
      }

      The parameters for the symmetric key conversion.

      • privateKey: Jwk

        The symmetric key in JWK format.

    Returns Promise<Uint8Array>

    A Promise that resolves to the symmetric key as a Uint8Array.

    Example

    const privateKey = { ... }; // A symmetric key in JWK format
    const privateKeyBytes = await XChaCha20Poly1305.privateKeyToBytes({ privateKey });

Settings

Member Visibility

Theme

On This Page

constructorbytesToPrivateKeydecryptencryptgenerateKeyprivateKeyToBytes