or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

Files

docs

asymmetric-cryptography.mdcrypto-interface.mdhash-functions.mdindex.mdkey-derivation.mdmodern-cryptography.mdsymmetric-encryption.md

modern-cryptography.mddocs/

0
# Modern Cryptography
1


2
Next-generation cryptographic algorithms including EdDSA signatures and Curve25519 key agreement (requires Node.js ≥14).
3


4
## Capabilities
5


6
### EdDSA (Edwards-curve Digital Signature Algorithm)
7


8
Modern signature algorithm using Edwards curves for enhanced security and performance.
9


10
```typescript { .api }
11
/**
12
 * EdDSA key generation parameters
13
 */
14
interface EdDsaKeyGenParams extends Algorithm {
15
  name: "EdDSA";
16
  namedCurve: "Ed25519" | "Ed448";
17
}
18


19
/**
20
 * EdDSA signing/verification parameters
21
 */
22
interface EdDsaParams extends Algorithm {
23
  name: "EdDSA";
24
}
25
```
26


27
**Usage Example:**
28


29
```typescript
30
// Generate Ed25519 key pair
31
const keyPair = await crypto.subtle.generateKey(
32
  { name: "EdDSA", namedCurve: "Ed25519" },
33
  true,
34
  ["sign", "verify"]
35
);
36


37
// Sign with EdDSA
38
const data = new TextEncoder().encode("Message for EdDSA signature");
39
const signature = await crypto.subtle.sign(
40
  { name: "EdDSA" },
41
  keyPair.privateKey,
42
  data
43
);
44


45
// Verify EdDSA signature
46
const isValid = await crypto.subtle.verify(
47
  { name: "EdDSA" },
48
  keyPair.publicKey,
49
  signature,
50
  data
51
);
52
```
53


54
### ECDH-ES (Elliptic Curve Diffie-Hellman Ephemeral Static)
55


56
Modern key agreement using Curve25519 and Curve448 for secure key exchange.
57


58
```typescript { .api }
59
/**
60
 * ECDH-ES key generation parameters
61
 */
62
interface EcdhEsKeyGenParams extends Algorithm {
63
  name: "ECDH-ES";
64
  namedCurve: "X25519" | "X448";
65
}
66


67
/**
68
 * ECDH-ES key derivation parameters
69
 */
70
interface EcdhEsKeyDeriveParams extends Algorithm {
71
  name: "ECDH-ES";
72
  public: CryptoKey; // Other party's public key
73
}
74
```
75


76
**Usage Example:**
77


78
```typescript
79
// Generate X25519 key pairs
80
const aliceKeys = await crypto.subtle.generateKey(
81
  { name: "ECDH-ES", namedCurve: "X25519" },
82
  false,
83
  ["deriveKey", "deriveBits"]
84
);
85


86
const bobKeys = await crypto.subtle.generateKey(
87
  { name: "ECDH-ES", namedCurve: "X25519" },
88
  false,
89
  ["deriveKey", "deriveBits"]
90
);
91


92
// Derive shared secret
93
const sharedKey = await crypto.subtle.deriveKey(
94
  { name: "ECDH-ES", public: bobKeys.publicKey },
95
  aliceKeys.privateKey,
96
  { name: "AES-GCM", length: 256 },
97
  false,
98
  ["encrypt", "decrypt"]
99
);
100


101
// Alternative: derive raw bits
102
const sharedBits = await crypto.subtle.deriveBits(
103
  { name: "ECDH-ES", public: bobKeys.publicKey },
104
  aliceKeys.privateKey,
105
  256
106
);
107
```
108


109
### Ed25519 Provider
110


111
Specialized Ed25519 implementation with enhanced features.
112


113
```typescript { .api }
114
/**
115
 * Ed25519 key generation parameters  
116
 */
117
interface Ed25519KeyGenParams extends Algorithm {
118
  name: "Ed25519";
119
}
120


121
/**
122
 * Ed25519 signing/verification parameters
123
 */
124
interface Ed25519Params extends Algorithm {
125
  name: "Ed25519";
126
}
127
```
128


129
### X25519 Provider
130


131
Specialized X25519 key agreement implementation.
132


133
```typescript { .api }
134
/**
135
 * X25519 key generation parameters
136
 */
137
interface X25519KeyGenParams extends Algorithm {
138
  name: "X25519";
139
}
140


141
/**
142
 * X25519 key derivation parameters
143
 */
144
interface X25519KeyDeriveParams extends Algorithm {
145
  name: "X25519";
146
  public: CryptoKey; // Other party's public key
147
}
148
```
149


150
## Supported Curves
151


152
### EdDSA Curves
153
- **Ed25519**: 255-bit Edwards curve for signatures (equivalent to ~3072-bit RSA)
154
- **Ed448**: 448-bit Edwards curve for signatures (equivalent to ~7680-bit RSA)
155


156
### ECDH-ES Curves  
157
- **X25519**: 255-bit Montgomery curve for key agreement
158
- **X448**: 448-bit Montgomery curve for key agreement
159


160
## Key Classes
161


162
### EdDSA Key Classes
163


164
```typescript { .api }
165
class EdPrivateKey extends AsymmetricKey {
166
  public algorithm: EdKeyAlgorithm;
167
  public type: "private";
168
  public usages: KeyUsage[];
169
  public extractable: boolean;
170
}
171


172
class EdPublicKey extends AsymmetricKey {
173
  public algorithm: EdKeyAlgorithm;
174
  public type: "public";
175
  public usages: KeyUsage[];
176
  public extractable: boolean;
177
}
178


179
interface EdKeyAlgorithm extends KeyAlgorithm {
180
  name: "EdDSA" | "ECDH-ES";
181
  namedCurve: "Ed25519" | "Ed448" | "X25519" | "X448";
182
}
183
```
184


185
### Ed25519 Specific Key Classes
186


187
```typescript { .api }
188
class Ed25519PrivateKey extends Ed25519CryptoKey {
189
  public algorithm: Ed25519KeyAlgorithm;
190
  public type: "private";
191
  public usages: KeyUsage[];
192
  public extractable: boolean;
193
}
194


195
class Ed25519PublicKey extends Ed25519CryptoKey {
196
  public algorithm: Ed25519KeyAlgorithm;
197
  public type: "public";
198
  public usages: KeyUsage[];
199
  public extractable: boolean;
200
}
201


202
class Ed25519CryptoKey extends AsymmetricKey {
203
  public algorithm: Ed25519KeyAlgorithm;
204
}
205


206
interface Ed25519KeyAlgorithm extends KeyAlgorithm {
207
  name: "Ed25519" | "X25519";
208
  namedCurve: "Ed25519" | "X25519";
209
}
210
```
211


212
## Key Import/Export
213


214
Modern cryptographic keys support multiple import/export formats:
215


216
**Ed25519/Ed448 Keys:**
217
- **JWK**: JSON Web Key format with curve parameters
218
- **SPKI**: SubjectPublicKeyInfo for public keys
219
- **PKCS#8**: Private key format
220
- **Raw**: For public keys only (32 bytes for Ed25519, 56 bytes for Ed448)
221


222
**X25519/X448 Keys:**
223
- **JWK**: JSON Web Key format
224
- **SPKI**: SubjectPublicKeyInfo for public keys  
225
- **PKCS#8**: Private key format
226
- **Raw**: For public keys only (32 bytes for X25519, 56 bytes for X448)
227


228
**Usage Example:**
229


230
```typescript
231
// Export Ed25519 public key as raw bytes
232
const publicKeyBytes = await crypto.subtle.exportKey(
233
  "raw",
234
  keyPair.publicKey
235
);
236


237
// Import Ed25519 public key from raw bytes
238
const importedPublicKey = await crypto.subtle.importKey(
239
  "raw",
240
  publicKeyBytes,
241
  { name: "EdDSA", namedCurve: "Ed25519" },
242
  true,
243
  ["verify"]
244
);
245


246
// Export private key as PKCS#8
247
const privateKeyPkcs8 = await crypto.subtle.exportKey(
248
  "pkcs8",
249
  keyPair.privateKey
250
);
251
```
252


253
## Platform Requirements
254


255
Modern cryptography features require:
256
- **Node.js ≥14**: For EdDSA and ECDH-ES algorithms
257
- **Native Support**: Algorithms use Node.js native crypto capabilities
258
- **Curve Availability**: All curves are supported on compatible Node.js versions
259


260
## Security Benefits
261


262
Modern cryptographic algorithms provide several advantages:
263


264
- **Enhanced Security**: Resistance to timing attacks and improved mathematical foundations
265
- **Performance**: Faster operations compared to equivalent-strength traditional algorithms
266
- **Simplicity**: Reduced parameter complexity and fewer configuration options
267
- **Future-Proof**: Designed to withstand advances in cryptanalysis and quantum computing threats