Prefer key encapsulation to shared key derivation

2026-02-13 15:03:26 +00:00 · 2024-11-18 10:25:09 -08:00
parent a59512daa9
commit 6a7c05ae12
5 changed files with 0 additions and 657 deletions
--- a/libs/node/src/services/node-crypto-function.service.ts
+++ b/libs/node/src/services/node-crypto-function.service.ts
@@ -283,61 +283,6 @@ export class NodeCryptoFunctionService implements CryptoFunctionService {
    });
  }

-  async diffieHellmanGenerateKeyPair(
-    algorithm: "x25519" | "ecdh",
-    curve: undefined | "P-256" | "P-384" | "P-521",
-  ): Promise<{
-    keyPair: CryptoKeyPair;
-    publicKey: Uint8Array;
-  }> {
-    if (algorithm === "x25519" && curve != null) {
-      throw new Error("x25519 does not use the curve parameter.");
-    }
-
-    const keys = await crypto.subtle.generateKey(
-      {
-        name: algorithm,
-        namedCurve: curve,
-      },
-      true,
-      ["deriveKey", "deriveBits"],
-    );
-    return {
-      keyPair: keys,
-      publicKey: new Uint8Array(await crypto.subtle.exportKey("raw", keys.publicKey)),
-    };
-  }
-
-  async deriveSharedKeyBits(
-    privateKey: CryptoKey,
-    publicKeyRaw: Uint8Array,
-    algorithm: "x25519" | "ecdh",
-    curve: undefined | "P-256" | "P-384" | "P-521",
-  ): Promise<Uint8Array> {
-    if (algorithm === "x25519" && curve != null) {
-      throw new Error("x25519 does not use the curve parameter.");
-    }
-
-    const publicKey = await crypto.subtle.importKey(
-      "raw",
-      publicKeyRaw,
-      { name: algorithm, namedCurve: curve },
-      true,
-      [],
-    );
-
-    const dhSecret = await crypto.subtle.deriveBits(
-      {
-        name: algorithm,
-        public: publicKey,
-      },
-      privateKey,
-      256,
-    );
-
-    return new Uint8Array(dhSecret);
-  }
-
  aesGenerateKey(bitLength: 128 | 192 | 256 | 512): Promise<CsprngArray> {
    return this.randomBytes(bitLength / 8);
  }