Metadata-Version: 2.1
Name: opaquestore
Version: 0.0.5
Summary: Simple Online secret-storage based on the OPAQUE protocol
Home-page: https://github.com/stef/opaque-store/
Author: Stefan Marsiske
Author-email: opaque@ctrlc.hu
License: GPLv3
Classifier: Development Status :: 4 - Beta
Classifier: License :: OSI Approved :: GNU General Public License v3 or later (GPLv3+)
Classifier: Topic :: Security :: Cryptography
Classifier: Topic :: Security
Description-Content-Type: text/markdown
License-File: LICENSE

* OPAQUE-Store

This is a simple client-server system, which implements a simple online storage
of blobs, which can be recovered using only a password.

Client-Server Communication is protected using a Noise-XK pattern
thanks to dissononce.

You might want to read this blogpost on this topic and on more info:
https://www.ctrlc.hu/~stef/blog/posts/How_to_recover_static_secrets_using_OPAQUE.html

** Installation

opaquestore depends on https://github.com/stef/libopaque/ which also
depends on libsodium.

When you have libopaque, a simple `pip install opaquestore` should get you started.

** API

The client provides two simple functions for creating and querying blobs:

Store a new blob:

#+BEGIN_SRC python
  from opaquestore import opaquestore
  from opaquestore.noiseclient import NoiseWrapper
  s = NoiseWrapper.connect(cfg['address'], cfg['port'], cfg['noise_key'], cfg['server_pubkey'])
  opaquestore.create(s, password, blob_id, blob)
#+END_SRC

To query an existing blob:

#+BEGIN_SRC python
  from opaquestore import opaquestore
  from opaquestore.noiseclient import NoiseWrapper
  s = NoiseWrapper.connect(cfg['address'], cfg['port'], cfg['noise_key'], cfg['server_pubkey'])
  blob = opaquestore.get(s, password, blob_id)
#+END_SRC

The `cfg` variable should be loaded with the values from a configfile or otherwise populated.

** Configfiles

For an example and documentation on the values in the config files
see: opaque-store.cfg for the client config, and opaque-stored.cfg for
the server config.

** Example

Generate keys

#+BEGIN_EXAMPLE
opaquestore genkey
#+END_EXAMPLE

This should output a private key and a public key, these you can/should use in the configfiles.

Run the server

#+BEGIN_EXAMPLE
opaquestore server
#+END_EXAMPLE

Store a new blob:

#+BEGIN_EXAMPLE
echo -en "mypassword\!sMyV0ice\nmy secretty token data that i need to protect and store using opaque" | opaquestore create cfba1e747f706b542451a9d5404346f8
#+END_EXAMPLE

the password and the blob are expected on stdin, in this order,
seperated by a newline. The second parameter to the client is an ID
used to refer to the blob.

Recall the blob:

#+BEGIN_EXAMPLE
echo -en "mypassword\!sMyV0ice" | opaquestore get cfba1e747f706b542451a9d5404346f8
#+END_EXAMPLE

The password is again supplied on stdin, and the same ID as used for
creation is used as reference.
