gowl-client-lib
Advanced tools
Disclaimer
I am not a cryptographer, I am a software engineer. This implementation is for educational purposes only. Do not use this implementation in production. If you want to use the OWL aPake protocol, please use the Java implementation provided by the authors of the protocol.
GOWL Is a OWL aPake implementation in Go. OWL aPake is an Augmented Password-Authenticated Key Exchange Scheme
Yes, it works. I have tested it with the Java implementation provided by the authors of the protocol. The implementation is not optimized and it is assumed not secure. It is for educational purposes only. It has tests against the Java implementation provided by the authors of the protocol.
I wanted to learn Go and I thought that implementing the OWL aPake protocol would be a good way to learn Go.
Note: The Go library implements both the client and the server. The server component is only used to test the client component.
Each function returns a struct that contains a payload, this payload is the Only Data that should be sent to the other party.
curve := elliptic.P256()
user := "Alice"
pass := "deadbeef"
serverName := "Server"
// -- Register
client, err := owl.ClientInit(user, pass, serverName, curve)
if err != nil {
fmt.Println(err)
return
}
clientRegistration := client.Register()
server, err := owl.ServerInit(serverName, curve, clientRegistration.Payload)
if err != nil {
fmt.Println(err)
return
}
serverRegistration := server.RegisterUser()
// -- Auth Init
clientInit := client.AuthInit()
serverInit, err := server.AuthInit(serverRegistration, clientInit.Payload)
if err != nil {
fmt.Println(err)
return
}
// -- Auth Validate
clientValidate, err := client.AuthValidate(clientInit, serverInit.Payload)
if err != nil {
fmt.Println(err)
return
}
serverValidate, err := server.AuthValidate(clientInit.Payload, clientValidate.Payload, serverInit)
if err != nil {
fmt.Println(err)
return
}
println("Client Session Key:", clientValidate.ClientSessionKey.String())
println("Server Session Key:", serverValidate.ServerSessionKey.String())
// -- Verify Response (Optional)
err = client.VerifyResponse(
clientInit,
clientValidate,
serverInit.Payload,
serverValidate.Payload,
)
if err != nil {
fmt.Println(err)
return
}
There is NO server component in the web client. The server component is only in the Go implementation. If you want a end-to-end implementation in TypeScript, you can use this implementation.
I have also implemented the OWL aPAKE client in TypeScript. You can find it in the web directory.
A simple exchange between the Go server and the TypeScript client is shown below.
//
// -- Register
//
let client = new Client('username', 'password', 'server', SupportedCurves.P256);
const register = await client.Register();
const sendRegistrationRequest = await fetch(registerURL, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ ...register, TOS: true })
});
if (!sendRegistrationRequest.ok) {
const text = await sendRegistrationRequest.text();
console.error(text);
throw new Error('Failed to register');
}
//
// -- Login (Init)
//
client = new Client('username', 'password', 'server', SupportedCurves.P256);
const authInit = await client.AuthInit();
const sendAuthInitRequest = await fetch(loginInitURL, {
method: 'PUT',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify(authInit)
});
if (!sendAuthInitRequest.ok) {
const text = await sendAuthInitRequest.text();
console.error(text);
throw new Error('Failed to authenticate (Init)');
}
const authInitResponse = await sendAuthInitRequest.json();
//
// -- Login (Verify)
//
const authVerify = await client.AuthVerify(authInitResponse);
const sendAuthVerifyRequest = await fetch(loginVerifyURL, {
method: 'PUT',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify(authVerify)
});
if (!sendAuthVerifyRequest.ok) {
const text = await sendAuthVerifyRequest.text();
console.error(text);
throw new Error('Failed to authenticate (Verify)');
}
const authVerifyResponse = await sendAuthVerifyRequest.json();
// -- Validate servers KCTag
await client.ValidateServer(authVerifyResponse);
FAQs
The client library for GOWL.
We found that gowl-client-lib demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.
Security News
Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.
Security News
The Axios compromise shows how time-dependent dependency resolution makes exposure harder to detect and contain.