Simple Online secret-storage based on the OPAQUE protocol
Project description
- OPAQUE-Store
This is a simple client-server system, which implements a simple online storage of blobs, which can be recovered using only a password.
Client-Server Communication is protected using a Noise-XK pattern thanks to dissononce.
You might want to read this blogpost on this topic and on more info: https://www.ctrlc.hu/~stef/blog/posts/How_to_recover_static_secrets_using_OPAQUE.html
** Installation
opaquestore depends on https://github.com/stef/libopaque/ which also depends on libsodium.
When you have libopaque, a simple pip install opaquestore
should get you started.
** API
The client provides two simple functions for creating and querying blobs:
Store a new blob:
#+BEGIN_SRC python from opaquestore import opaquestore from opaquestore.noiseclient import NoiseWrapper s = NoiseWrapper.connect(cfg['address'], cfg['port'], cfg['noise_key'], cfg['server_pubkey']) opaquestore.create(s, password, blob_id, blob) #+END_SRC
To query an existing blob:
#+BEGIN_SRC python from opaquestore import opaquestore from opaquestore.noiseclient import NoiseWrapper s = NoiseWrapper.connect(cfg['address'], cfg['port'], cfg['noise_key'], cfg['server_pubkey']) blob = opaquestore.get(s, password, blob_id) #+END_SRC
The cfg
variable should be loaded with the values from a configfile or otherwise populated.
** Configfiles
For an example and documentation on the values in the config files see: opaque-store.cfg for the client config, and opaque-stored.cfg for the server config.
** Example
Generate keys
#+BEGIN_EXAMPLE opaquestore genkey #+END_EXAMPLE
This should output a private key and a public key, these you can/should use in the configfiles.
Run the server
#+BEGIN_EXAMPLE opaquestore server #+END_EXAMPLE
Store a new blob:
#+BEGIN_EXAMPLE echo -en "mypassword!sMyV0ice\nmy secretty token data that i need to protect and store using opaque" | opaquestore create cfba1e747f706b542451a9d5404346f8 #+END_EXAMPLE
the password and the blob are expected on stdin, in this order, seperated by a newline. The second parameter to the client is an ID used to refer to the blob.
Recall the blob:
#+BEGIN_EXAMPLE echo -en "mypassword!sMyV0ice" | opaquestore get cfba1e747f706b542451a9d5404346f8 #+END_EXAMPLE
The password is again supplied on stdin, and the same ID as used for creation is used as reference.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file opaquestore-0.0.5.tar.gz
.
File metadata
- Download URL: opaquestore-0.0.5.tar.gz
- Upload date:
- Size: 21.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.2
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | fbb31d70c7a4534b634fa3ba712d23fbbd3b2bc475132f5954772cc3e1666c9c |
|
MD5 | 35257609a762acb3150f1cb36d55166e |
|
BLAKE2b-256 | 575b32fd98766408a43ec559a726471cb417a947009d4569bf0eed88e6308dea |