Asymmetric public key encryption also known as ECIES.
The sender key pair will be randomly generated if not supplied.
If it is randomly generated, then we are using an ephemeral sender.
Using a static sender key pair means there is no forward secrecy.
If the private key of the sender or receiver is compromised, all messages
are compromised.
Using an ephemeral sender key pair provides 1-way forward secrecy.
Only if the private key of the receiver is compromised, all messages
are compromised.
Using both ephemeral sender and receiver maintains forward secrecy.
However this requires live negotiation between the sender and receiver.
This supports:
ECDH-ES - ephemeral sender, static receiver
ECDH-SS - static sender, static receiver
The static receiver could be ephemeral, but that depends on where you get
the sender key pair.
Under ECDH-SS, the result will have the following format:
iv<24> || mac<16> || cipherText
Note that the sender public key is not attached in the result.
You can do that if you want to.
Under ECDH-ES, the result will have the following format:
publicKeyX<32> || mac<16> || cipherText
Where publicKeyX is the X25519 public key.
The returned buffers are guaranteed to unpooled.
This means the underlying ArrayBuffer is safely transferrable.
Asymmetric public key encryption also known as ECIES. The sender key pair will be randomly generated if not supplied. If it is randomly generated, then we are using an ephemeral sender.
Using a static sender key pair means there is no forward secrecy. If the private key of the sender or receiver is compromised, all messages are compromised.
Using an ephemeral sender key pair provides 1-way forward secrecy. Only if the private key of the receiver is compromised, all messages are compromised.
Using both ephemeral sender and receiver maintains forward secrecy. However this requires live negotiation between the sender and receiver.
This supports:
The static receiver could be ephemeral, but that depends on where you get the sender key pair.
More information: https://crypto.stackexchange.com/a/61760/102416
Under ECDH-SS, the result will have the following format:
iv<24> || mac<16> || cipherText
Note that the sender public key is not attached in the result. You can do that if you want to.Under ECDH-ES, the result will have the following format:
publicKeyX<32> || mac<16> || cipherText
WherepublicKeyX
is the X25519 public key.The returned buffers are guaranteed to unpooled. This means the underlying
ArrayBuffer
is safely transferrable.