HPKE API does not separate encapsulated key from ciphertext

[BrianSipos]

The base HPKE definitions separate the seal outputs as the tuple (enc, ct) and the open inputs as (enc, ..., ct, ...). The current hpke.Suite API does not separate these and instead concatenates their bytes, making it impossible for an application to handle them separately. This is going to be a problem when integrating with COSE or JOSE environments.

Can the HPKE API be modified, or a parallel separated-data API be provided?

[alex]

We considered having an API that gives you enc and CT separately, but this was specifically in the context of a multi-shot API, and we never found a single use case for multi shot. I don't think it makes sense to expose this for a single shot API, but what we could do is add an enc_length method to KEM and then you can split the string yourself. Would that work?