ExIcaoVds.Encryptors.HPKE
(ex_icao_vds v0.3.2)
Copy Markdown
Field-level HPKE encryptor using RFC 9180 Base Mode.
Cipher suite: DHKEM(P-256, HKDF-SHA256) + HKDF-SHA256 + AES-256-GCM.
Encrypt (issuance side)
recipient_config must contain:
:public_key— 65-byte uncompressed P-256 EC point for the recipient:key_id— string identifying the recipient's key version
Decrypt (verification side)
key_store must be a map of key_id => {priv_key_bytes, pub_key_bytes}:
%{
"verifier-key-2026-01" => {<<priv_32_bytes>>, <<pub_65_bytes>>}
}Wire format
Each encrypted feature value is a CBOR-encoded map:
%{
"ek" => enc_bytes, # 65-byte ephemeral public key
"ct" => ciphertext_bytes, # AES-256-GCM ciphertext + 16-byte tag
"kid" => key_id_string,
"alg" => %{"kem" => 16, "kdf" => 1, "aead" => 2}
}AAD
The AAD binds the ciphertext to the specific VDS field:
"ex_icao_vds:v1:<field_tag>:<key_id>"