opaquestore

Release 0.0.6

Simple Online secret-storage based on the OPAQUE protocol

Homepage Repository PyPI Python

License
GPL-3.0
Install
pip install opaquestore==0.0.6

Documentation

OPAQUE-Store

This is a simple client-server system, which implements a simple online storage of blobs, which can be recovered using only a password.

Client-Server Communication is protected using a Noise-XK pattern thanks to dissononce.

You might want to read this blogpost on this topic and on more info: https://www.ctrlc.hu/~stef/blog/posts/How_to_recover_static_secrets_using_OPAQUE.html

Installation

opaquestore depends on https://github.com/stef/libopaque/ which also depends on libsodium.

When you have libopaque, a simple `pip install opaquestore` should get you started.

API

The client provides two simple functions for creating and querying blobs:

Store a new blob:

from opaquestore import opaquestore
from opaquestore.noiseclient import NoiseWrapper
s = NoiseWrapper.connect(cfg['address'], cfg['port'], cfg['noise_key'], cfg['server_pubkey'])
opaquestore.create(s, password, blob_id, blob)

To query an existing blob:

from opaquestore import opaquestore
from opaquestore.noiseclient import NoiseWrapper
s = NoiseWrapper.connect(cfg['address'], cfg['port'], cfg['noise_key'], cfg['server_pubkey'])
blob = opaquestore.get(s, password, blob_id)

The `cfg` variable should be loaded with the values from a configfile or otherwise populated.

Configfiles

For an example and documentation on the values in the config files see: opaque-store.cfg for the client config, and opaque-stored.cfg for the server config.

Example

Generate keys

opaquestore genkey

This should output a private key and a public key, these you can/should use in the configfiles.

Run the server

opaquestore server

Store a new blob:

echo -en "mypassword\!sMyV0ice\nmy secretty token data that i need to protect and store using opaque" | opaquestore create cfba1e747f706b542451a9d5404346f8

the password and the blob are expected on stdin, in this order, seperated by a newline. The second parameter to the client is an ID used to refer to the blob.

Recall the blob:

echo -en "mypassword\!sMyV0ice" | opaquestore get cfba1e747f706b542451a9d5404346f8

The password is again supplied on stdin, and the same ID as used for creation is used as reference.

Stats

Dependencies
0
Dependent packages
0
Dependent repositories
0
Total releases
6
Latest release
First release
Stars
3
Forks
0
Watchers
1
Contributors
1
Repository size
43.9 KB
SourceRank
7

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

0.0.1
0.0.2
0.0.3
0.0.4
0.0.5
0.0.6

Contributors

Stefan Marsiske


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2023-04-08 19:54:59 UTC

Login to resync this project