MCPcopy Index your code
hub / github.com/bytemare/opaque

github.com/bytemare/opaque @v0.18.0

Chat with this repo
repository ↗ · DeepWiki ↗ · release v0.18.0 ↗ · + Follow
458 symbols 2,854 edges 45 files 303 documented · 66%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

OPAQUE

CI Go Reference codecov SLSA 3 OpenSSF Scorecard

  import "github.com/bytemare/opaque"

This package implements OPAQUE (RFC 9807), the augmented password-authenticated key exchange (aPAKE) protocol that is secure against pre-computation attacks. It enables a client to authenticate to a server without ever revealing its password to the server.

This implementation is developed and maintained by one of the authors of the RFC. It has not been independently audited, and even though great care about security and performance has been taken, it comes with no warranty.

What is OPAQUE?

OPAQUE is an aPAKE that is secure against pre-computation attacks. OPAQUE provides forward secrecy with respect to password leakage while also hiding the password from the server, even during password registration. OPAQUE allows applications to increase the difficulty of offline dictionary attacks via iterated hashing or other key stretching schemes. OPAQUE is also extensible, allowing clients to safely store and retrieve arbitrary application data on servers using only their password.

References

Documentation Go Reference

You can find the documentation and usage examples in the package doc.

Security and Operational Notes

  • Use a confidential transport (e.g., TLS 1.3+) to protect client identities on the wire.
  • Keep the OPRF global seed single and stable across clients, and derive unique per-client OPRF keys using a stable, unique credential identifier.
  • Ensure consistent configuration (groups, hashes, KSF) across registration and subsequent logins.
  • The server must always verify KE3 with LoginFinish before using the session secret.
  • For unknown users, return a fake record (GetFakeRecord) to reduce user-enumeration signals.
  • Rate limiting and replay tracking are application layer responsibilities. OPAQUE authenticates the transcripts, and session management is up to you.
  • The server is concurrency-safe for typical use. Avoid a hidden global state in your app layer.
  • Store ServerKeyMaterial securely. Treat secrets (e.g., private key and OPRF seed) appropriately.
  • Client.ClearState() is a best-effort to clear ephemeral material, but zeroization has language/runtime limits.

Versioning

SemVer is used for versioning. For the versions available, see the tags on the repository.

Release Integrity (SLSA Level 3)

Releases are built with the reusable bytemare/slsa workflow and ship the evidence required for SLSA Level 3 compliance:

  • 📦 Artifacts are uploaded to the release page, and include the deterministic source archive plus subjects.sha256, signed SBOM (sbom.cdx.json), GitHub provenance (*.intoto.jsonl), a reproducibility report (verification.json), and a signed Verification Summary Attestation (verification-summary.attestation.json[.bundle]).
  • ✍️ All artifacts are signed using Sigstore with transparency via Rekor.
  • ✅ Verification (or see the latest docs at bytemare/slsa):
curl -sSL https://raw.githubusercontent.com/bytemare/slsa/main/verify-release.sh -o verify-release.sh
chmod +x verify-release.sh
./verify-release.sh --repo <owner>/<repo> --tag <tag> --mode full --signer-repo bytemare/slsa

Run again with --mode reproduce to build in a container, or --mode vsa to validate just the verification summary.

Contributing

Please read CONTRIBUTING.md for details on the code of conduct, and the process for submitting pull requests.

License

This project is licensed under the MIT License - see the LICENSE file for details.

Extension points exported contracts — how you extend this code

KSF (Interface)
KSF is a key stretching function.
internal/ksf/ksf.go

Core symbols most depended-on inside this repo

New
called by 135
errors.go
Join
called by 133
errors.go
Encode
called by 95
skm.go
Group
called by 88
opaque.go
RandomBytes
called by 68
internal/configuration.go
Equal
called by 62
internal/hash.go
GenerateKE3
called by 54
client.go
GenerateKE2
called by 53
server.go

Shape

Function 259
Method 139
Struct 53
TypeAlias 6
Interface 1

Languages

Go100%

Modules by API surface

tests/helper_test.go29 symbols
tests/client_test.go26 symbols
tests/opaque_test.go24 symbols
tests/deserializer_test.go24 symbols
opaque.go23 symbols
tests/vectors_test.go22 symbols
tests/fuzz_test.go21 symbols
server.go19 symbols
internal/hash.go19 symbols
options.go18 symbols
errors.go16 symbols
deserializer.go14 symbols

For agents

$ claude mcp add opaque \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact