@nthparty/opaque
Advanced tools
JavaScript implementation of the OPAQUE asymmetric password authenticated key exchange (aPAKE) protocol
JavaScript implementation of the OPAQUE asymmetric PAKE (aPAKE) protocol
Implementation of this Internet Draft proposal.
You may also install this module from npm.
npm install @nthparty/opaque
The process generally works as follows:
// Each party includes the 1-out-of-n module with IO:
const OT = require('@nthparty/opaque')(IO);
// Login credentials never reaches the server in plaintext
const user_id = 'newuser';
const password = 'correct horse battery staple';
// Sign up
OPAQUE.client_register(password, user_id).then(console.log.bind(null, 'Registered:'));
// Log in for the first time and receive a session token
OPAQUE.client_authenticate(password, user_id).then(console.log.bind(null, 'Shared secret:'));
// Register a new user
let user = OPAQUE.server_register();
// Handle a login attempt
OPAQUE.server_authenticate(user.id, user.pepper);
// Result:
'Registered: true'
'Login for newuser succeeded with: 4ccdf3b8cacf08273a085c952aaf3ee83633e6afcedf4f86c00497e862f43c78'
'Shared secret: 4ccdf3b8cacf08273a085c952aaf3ee83633e6afcedf4f86c00497e862f43c78'
Please read opaque.test.js for a more detailed example, and run npm test to test it (requires npm ci -also=dev first to install dependencies).
FAQs
JavaScript implementation of the OPAQUE asymmetric password authenticated key exchange (aPAKE) protocol
The npm package @nthparty/opaque receives a total of 7 weekly downloads. As such, @nthparty/opaque popularity was classified as not popular.
We found that @nthparty/opaque demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.