Skip to main content

Simple Online secret-storage based on the OPAQUE protocol

Project description

OPAQUE-Store

This is a simple client-server system, which implements a simple online storage of blobs, which can be recovered using only a password.

You might want to read this blogpost on this topic and on more info: https://www.ctrlc.hu/~stef/blog/posts/How_to_recover_static_secrets_using_OPAQUE.html

** Installation

opaquestore depends on https://github.com/stef/libopaque/ which in turn depends on libsodium and liboprf, and pyoprf.

When you have libopaque, a simple pip install opaquestore should get you started.

TODO all of the below are out-dated and need update

API

The client provides two simple functions for creating and querying blobs:

Store a new blob:

  from opaquestore import opaquestore
  from opaquestore.noiseclient import NoiseWrapper
  s = NoiseWrapper.connect(cfg['address'], cfg['port'], cfg['noise_key'], cfg['server_pubkey'])
  opaquestore.create(s, password, blob_id, blob)

To query an existing blob:

  from opaquestore import opaquestore
  from opaquestore.noiseclient import NoiseWrapper
  s = NoiseWrapper.connect(cfg['address'], cfg['port'], cfg['noise_key'], cfg['server_pubkey'])
  blob = opaquestore.get(s, password, blob_id)

The cfg variable should be loaded with the values from a configfile or otherwise populated.

Configfiles

For an example and documentation on the values in the config files see: opaque-store.cfg for the client config, and opaque-stored.cfg for the server config.

Example

Generate keys

opaquestore genkey

This should output a private key and a public key, these you can/should use in the configfiles.

Run the server

opaquestore server

Store a new blob:

echo -en "mypassword\!sMyV0ice\nmy secretty token data that i need to protect and store using opaque" | opaquestore create cfba1e747f706b542451a9d5404346f8

the password and the blob are expected on stdin, in this order, seperated by a newline. The second parameter to the client is an ID used to refer to the blob.

Recall the blob:

echo -en "mypassword\!sMyV0ice" | opaquestore get cfba1e747f706b542451a9d5404346f8

The password is again supplied on stdin, and the same ID as used for creation is used as reference.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

opaquestore-0.1.0.tar.gz (20.4 kB view details)

Uploaded Source

File details

Details for the file opaquestore-0.1.0.tar.gz.

File metadata

  • Download URL: opaquestore-0.1.0.tar.gz
  • Upload date:
  • Size: 20.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.12.6

File hashes

Hashes for opaquestore-0.1.0.tar.gz
Algorithm Hash digest
SHA256 cf784bc0982be6674741dd43c6d7e73e5e109d21bc415733b614bac943848999
MD5 f01f1ba04bc7ae2fa53f7ec53f2a2256
BLAKE2b-256 5bb448094613eee355935288d4f90809a6ffa55876c731f24ed5547aa08eb7dd

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page