Security News
PyPI Now Supports iOS and Android Wheels for Mobile Python Development
PyPI now supports iOS and Android wheels, making it easier for Python developers to distribute mobile packages.
By Sarah Gooding - Feb 12, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
@47ng/opaque-client
Advanced tools
@47ng/opaque-client
An implementation of the OPAQUE key exchange protocol in WASM(WebAssembly)
@47ng/opaque-client
The OPAQUE key exchange protocol in WASM (WebAssembly), for web browsers. This implementation is based on facebook/opaque-ke.
Built as ESM for browsers from 47ng/opaque-wasm (a fork of marucjmar/opaque-wasm using Ristretto rather than the NIST P-256 curve).
Server (Node.js) counterpart is available in @47ng/opaque-server.
Installation
npm install @47ng/opaque-client
yarn add @47ng/opaque-client
pnpm add @47ng/opaque-client
Usage
This implements the OPAQUE protocol overview for a stateless server and with recommended security practices.
Registration (signup)
OPAQUE requires two handshakes to perform a signup (technically one and a half, the final response has no cryptographic use to the client).
Pseudo-code:
import { Registration } from '@47ng/opaque-server'
const username = 'alice@example.com'
const password = 'correct horse battery staple'
async function registerClient(username: string, password: string) {
const registration = new Registration()
const registrationRequest = registration.start(password)
const {
data: { nonce, registrationResponse },
} = await sendToServer(username, registrationRequest)
const registrationRecord = registration.finish(password, registrationResponse)
const { status } = await sendToServer(nonce, registrationRecord)
registration.free()
}
Note: registration doesn't perform key exchange/agreement, so a login step is necessary after signup to establish a shared key.
Login
OPAQUE requires two handshakes to perform a login.
The client will already have the key before sending the second handshake, but the server will only be able to obtain it after doing its calculations, so the key must not be used in the second request.
Pseudo-code:
import { Login } from '@47ng/opaque-client'
const username = 'alice@example.com'
const password = 'correct horse battery staple'
async function clientLogin(username: string, password: string) {
const login = new Login()
const loginRequest = login.start(password)
const {
data: { nonce, loginReponse },
} = await sendToServer(username, loginRequest)
const loginFinal = login.finish(password, loginReponse)
const { status } = await sendToServer(nonce, loginFinal)
const sessionKey = login.getSessionKey()
login.free()
return sessionKey
}
Export key
After both registration and login, the client can obtain an exportKey,
tied to the credentials used and only available to the client.
It can be used to implement simple end-to-end self-encryption to store secret personal data on the server.
FAQs
An implementation of the OPAQUE key exchange protocol in WASM(WebAssembly)
We found that @47ng/opaque-client demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 24 Mar 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Create React App Officially Deprecated Amid React 19 Compatibility Issues
Create React App is officially deprecated due to React 19 issues and lack of maintenance—developers should switch to Vite or other modern alternatives.
By Sarah Gooding - Feb 11, 2025
Security News
Oracle Drags Its Feet in the JavaScript Trademark Dispute
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
By Sarah Gooding - Feb 07, 2025