The OPAQUE asymmetric password-authenticated key exchange (PAKE) protocol library (libopaque) compiled to WebAssembly and pure JavaScript using Emscripten
The OPAQUE asymmetric password-authenticated key exchange protocol library (libopaque) compiled to WebAssembly and pure JavaScript using Emscripten.
libopaque implements the OPAQUE protocol as proposed by the Internet Engineering Task Force (IETF) Crypto Forum Research Group (CFRG).
The OPAQUE protocol is a secure asymmetric password-authenticated key exchange (aPAKE) that supports mutual authentication in a client-server setting without reliance on PKI and with security against pre-computation attacks upon server compromise. In addition, the protocol provides forward secrecy and the ability to hide the password from the server, even during password registration.
The dist directory
contains pre-built scripts. Copy one of the files to your application:
libopaque.js
is a minified single-file script that you can include in webpages.libopaque.debug.js
is a non-minified version of libopaque.js useful for debugging.libopaque.js is also available on npm: libopaque.
On the server side, see
demo/app.js
for example usage.
On the client side, see
demo/public/index.js
and
demo/public/index-worker.js
for example usage.
If you have Node.js installed, here is how to run the demo:
$ # cd to this directory.
$ cd demo
$ npm install
$ node app.js
$ # Navigate to http://localhost:8080 in a browser.
$ # Type Ctrl+C to terminate.
Here is how to run the demo using Docker:
$ # cd to this directory.
$ docker run -it --publish 8080:8080 --rm \
--name libopaque-demo \
--user node \
--volume "$(pwd)/..":/home/node/src \
--workdir /home/node/src/js/demo \
creemama/node-no-yarn:lts-alpine \
sh -c 'npm install && node app.js'
$ # Navigate to http://localhost:8080 in a browser.
$ docker stop libopaque-demo
If you want to compile the files yourself, you need the following dependencies installed on your system:
Running make will make dist\libopaque.js and dist\libopaque.debug.js. The
following is an example build using Docker:
$ # cd to this directory.
$ docker run -it --rm \
--volume "$(pwd)/..":/src \
--workdir /src/js \
emscripten/emsdk:1.40.1 \
bash -c 'apt update && apt install pkgconf uncrustify && make'
FAQs
The OPAQUE asymmetric password-authenticated key exchange (PAKE) protocol library (libopaque) compiled to WebAssembly and pure JavaScript using Emscripten
We found that libopaque demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.
Security News
Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.
Security News
Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.