This project is a proof-of-concept implementation of OPAQUE with Exported Authenticators, written in Go.
You can play with the demo at https://opaque.research.cloudflare.com/.
DISCLAIMER: This is a reference implementation only. DO NOT use in production systems.
Get the source code:
go get github.com/cloudflare/opaque-ea
From the opaque-ea
folder, run all tests:
make test
Spin up a local server:
# Set PUBLIC_PATH to path of public folder
export PUBLIC_PATH="public/"
# Build the server
cd https-server && go build main.go && cd ../..
# Build the client
cd public/go && GOOS=js GOARCH=wasm go build -o ../main.wasm && cd ../..
# Start local server
./https-server/main
View the result locally at http://localhost:8080/.
If you make any changes to the client code, you need to re-compile Go to Wasm to see them in your browser.
From the opaque-ea
folder:
# Compile go to wasm
cd public/go && GOOS=js GOARCH=wasm go build -o ../main.wasm && cd ../..
expauth | TLS Exported Authenticators | Partially implements https://datatracker.ietf.org/doc/html/draft-ietf-tls-exported-authenticator-13 |
opaque | OPAQUE core (no key exchange) | Partially implements https://tools.ietf.org/html/draft-krawczyk-cfrg-opaque-06 |
opaqueea | OPAQUE with Exported Authenticators | Partially implements https://tools.ietf.org/html/draft-sullivan-tls-opaque-00 |
ohttp | OPAQUE-EA over HTTPS, client and server |
public/go | Wrapper for HTTPS client, compiles to Wasm |
https-server | Wrapper for HTTPS server, compiles to Go executable |
The project is licensed under the BSD-3-Clause License.