Skip to content
/ opaque Public

Go implementation of OPAQUE (RFC 9807), the asymmetric password-authenticated key exchange protocol.

License

MIT license
59 stars 10 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

bytemare/opaque

BranchesTags

Repository files navigation

OPAQUE

OPAQUE Go Reference codecov

  import "github.com/bytemare/opaque"

This package implements OPAQUE (RFC 9807), the augmented password-authenticated key exchange (aPAKE) protocol that is secure against pre-computation attacks. It enables a client to authenticate to a server without ever revealing its password to the server.

This implementation is developed by one of the authors of the RFC. It has not been audited, and even though great care about security and performance has been taken, it comes with no warranty.

What is OPAQUE?

OPAQUE is an aPAKE that is secure against pre-computation attacks. OPAQUE provides forward secrecy with respect to password leakage while also hiding the password from the server, even during password registration. OPAQUE allows applications to increase the difficulty of offline dictionary attacks via iterated hashing or other key stretching schemes. OPAQUE is also extensible, allowing clients to safely store and retrieve arbitrary application data on servers using only their password.

References

Documentation Go Reference

You can find the documentation and usage examples in the package doc.

Security and Operational Notes

  • Use a confidential transport (e.g., TLS 1.3+) to protect client identities on the wire.
  • Keep the OPRF global seed single and stable across clients, and derive unique per-client OPRF keys using a stable, unique credential identifier.
  • Ensure consistent configuration (groups, hashes, KSF) across registration and subsequent logins.
  • The server must always verify KE3 with LoginFinish before using the session secret.
  • For unknown users, return a fake record (GetFakeRecord) to reduce user-enumeration signals.
  • Rate limiting and replay tracking are application responsibilities. OPAQUE authenticates transcripts; session management is up to you.
  • The server is concurrency-safe for typical use. Avoid a hidden global state in your app layer.
  • Store ServerKeyMaterial securely. Treat secrets (e.g., private key and OPRF seed) appropriately.
  • Client.ClearState() best-effort clears ephemeral material, but zeroization has language/runtime limits.

Versioning

SemVer is used for versioning. For the versions available, see the tags on the repository.

Minor v0.x versions match the corresponding CFRG draft version; the master branch implements the latest changes of the draft development.

Contributing

Please read CONTRIBUTING.md for details on the code of conduct, and the process for submitting pull requests.

License

This project is licensed under the MIT License - see the LICENSE file for details.

About

Go implementation of OPAQUE (RFC 9807), the asymmetric password-authenticated key exchange protocol.

Topics

go golang security cryptography encryption password-safety opaque elliptic-curves ristretto255 rfc9807

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity

Stars

59 stars

Watchers

3 watching

Forks

10 forks
Report repository

Releases 7

v0.10.0 Latest
Mar 17, 2023
+ 6 releases

Packages

No packages published

Contributors 5

Languages