Package: wnpp Severity: wishlist Owner: Joost van Baal-Ilić <joos...@debian.org>
* Package name : opaque-store Upstream Author : Stefan Marsiske * URL : https://github.com/stef/opaque-store * License : GPLv3 Programming Lang: Zig, Python Description : store encrypted blobs of information online, protected by a password using the OPAQUE protocol The opaque-store software manages a simple OPAQUE based online store of small blobs. The OPAQUE protocol is described in the IRTF Crypto Forum Research Group draft (https://github.com/cfrg/draft-irtf-cfrg-opaque). The OPAQUE protocol combines a Oblivious Pseudo-Random Function (OPRF) and an Authenticated Key-Exchange (AKE) into a protocol where a user holding nothing but a password and a server holding some information protected by the password can establish a shared secret. The protocol describes an augmented (or asymmetric) password-authenticated key exchange (aPAKE) that supports mutual authentication in a client-server setting without reliance on PKI and with security against pre-computation attacks upon server compromise. In addition, the protocol provides forward secrecy and the ability to hide the password from the server, even during password registration. OPAQUE-Store goes beyond the original OPAQUE protocol as specified by the IRTF/CFRG and also supports a threshold variant of OPAQUE. In a threshold setup you have a number N of servers that all hold a share of your secret and at least a threshold number T of these need to cooperate to recover the secret. This provides extra robustness and dillution of responsibility (losing a server is not the end of the world!) while at the same time increases security, as an attacker now has to compromise at least T servers to get access to some information. For now, my packaging work will focus on shipping the client software only. That part of the code is implemented in Python, using the pysodium, SecureString, opaque, and pyoprf Python modules. It can optionally use zxcvbn-python. I will be working on the opaque-store package at (yet to be created) https://salsa.debian.org/debian/opaque-store . Once zig is shipped with Debian, work on packaging the server side could start. See https://bugs.debian.org/995670 , https://bugs.debian.org/1012286 and https://salsa.debian.org/zig-team/zig for current status of getting zig shipped with Debian. One is recommended to use pwdsphinx (https://packages.debian.org/pwdsphinx) as a front-end to opaque-store. Planned is the packaging of the klutshnik software ( https://klutshnik.info/ , https://github.com/stef/klutshnik ) which can interact with authentication tokens as used by opaque-store, an ITP for this is upcoming. This work is part of NLnet's ThresholdOPRF project, which is funded through NLnet's NGI0 Entrust, with financial support from the European Commission's Next Generation Internet (https://ngi.eu) program. Learn more at the ThresholdOPRF NLnet project page at https://nlnet.nl/project/ThresholdOPRF. Bye, Joost