Simple Online secret-storage based on the OPAQUE protocol

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for stef from gravatar.com stef

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU General Public License v3 or later (GPLv3+) (GPLv3)
  • Author: Stefan Marsiske
Classifiers

Project description

  • OPAQUE-Store

This is a simple client-server system, which implements a simple online storage of blobs, which can be recovered using only a password.

Client-Server Communication is protected using a Noise-XK pattern thanks to dissononce.

You might want to read this blogpost on this topic and on more info: https://www.ctrlc.hu/~stef/blog/posts/How_to_recover_static_secrets_using_OPAQUE.html

** Installation

opaquestore depends on https://github.com/stef/libopaque/ which also depends on libsodium.

When you have libopaque, a simple pip install opaquestore should get you started.

** API

The client provides two simple functions for creating and querying blobs:

Store a new blob:

#+BEGIN_SRC python from opaquestore import opaquestore from opaquestore.noiseclient import NoiseWrapper s = NoiseWrapper.connect(cfg['address'], cfg['port'], cfg['noise_key'], cfg['server_pubkey']) opaquestore.create(s, password, blob_id, blob) #+END_SRC

To query an existing blob:

#+BEGIN_SRC python from opaquestore import opaquestore from opaquestore.noiseclient import NoiseWrapper s = NoiseWrapper.connect(cfg['address'], cfg['port'], cfg['noise_key'], cfg['server_pubkey']) blob = opaquestore.get(s, password, blob_id) #+END_SRC

The cfg variable should be loaded with the values from a configfile or otherwise populated.

** Configfiles

For an example and documentation on the values in the config files see: opaque-store.cfg for the client config, and opaque-stored.cfg for the server config.

** Example

Run the server

#+BEGIN_EXAMPLE opaquestore server #+END_EXAMPLE

Store a new blob:

#+BEGIN_EXAMPLE echo -en "mypassword!sMyV0ice\nmy secretty token data that i need to protect and store using opaque" | opaquestore create cfba1e747f706b542451a9d5404346f8 #+END_EXAMPLE

the password and the blob are expected on stdin, in this order, seperated by a newline. The second parameter to the client is an ID used to refer to the blob.

Recall the blob:

#+BEGIN_EXAMPLE echo -en "mypassword!sMyV0ice" | opaquestore get cfba1e747f706b542451a9d5404346f8 #+END_EXAMPLE

The password is again supplied on stdin, and the same ID as used for creation is used as reference.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for stef from gravatar.com stef

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU General Public License v3 or later (GPLv3+) (GPLv3)
  • Author: Stefan Marsiske
Classifiers

Release history Release notifications | RSS feed

0.1.0

0.0.6

0.0.5

0.0.4

0.0.3

This version

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

opaquestore-0.0.2.tar.gz (19.1 kB view details)

Uploaded Source

File details

Details for the file opaquestore-0.0.2.tar.gz.

File metadata

  • Download URL: opaquestore-0.0.2.tar.gz
  • Upload date:
  • Size: 19.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.11.2

File hashes

Hashes for opaquestore-0.0.2.tar.gz
Algorithm Hash digest
SHA256 ce6bbc6e4e6a2289d295ad14ffe7e00cb10ad8543c9df6de31d8932e772002c8
MD5 413989ed237a16b90fb9a44a3ad1411e
BLAKE2b-256 05026f6d34dcf94617014475388fc48d77b57d6bfd9774ceb569d78e78a3b58a

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page