Function encryptWithPublicKey

Asymmetric public key encryption also known as ECIES. The sender key pair will be randomly generated if not supplied. If it is randomly generated, then we are using an ephemeral sender.

Using a static sender key pair means there is no forward secrecy. If the private key of the sender or receiver is compromised, all messages are compromised.

Using an ephemeral sender key pair provides 1-way forward secrecy. Only if the private key of the receiver is compromised, all messages are compromised.

Using both ephemeral sender and receiver maintains forward secrecy. However this requires live negotiation between the sender and receiver.

This supports:

• ECDH-ES - ephemeral sender, static receiver
• ECDH-SS - static sender, static receiver

The static receiver could be ephemeral, but that depends on where you get the sender key pair.

More information: https://crypto.stackexchange.com/a/61760/102416

Under ECDH-SS, the result will have the following format: iv<24> || mac<16> || cipherText Note that the sender public key is not attached in the result. You can do that if you want to.

Under ECDH-ES, the result will have the following format: publicKeyX<32> || mac<16> || cipherText Where publicKeyX is the X25519 public key.

The returned buffers are guaranteed to unpooled. This means the underlying ArrayBuffer is safely transferrable.