Bug#1092863: ITP: opaque-store - store encrypted blobs of information online, protected by a password using the OPAQUE protocol

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1092863: ITP: opaque-store - store encrypted blobs of information online, protected by a password using the OPAQUE protocol
From: Joost van Baal-Ilić <joostvb-debian@ad1810.com>
Date: Sun, 12 Jan 2025 15:13:23 +0100
Message-id: <[🔎] 20250112141323.GA13245@beskar.mdcc.cx>
Reply-to: Joost van Baal-Ilić <joostvb-debian@ad1810.com>, 1092863@bugs.debian.org
In-reply-to: <Z4PA0sFd9vtbrU8S@localhost>

Package: wnpp
Severity: wishlist
Owner: Joost van Baal-Ilić <joostvb@debian.org>

* Package name    : opaque-store
  Upstream Author : Stefan Marsiske
* URL             : https://github.com/stef/opaque-store
* License         : GPLv3
  Programming Lang: Zig, Python
  Description     : store encrypted blobs of information online, protected by a
                     password using the OPAQUE protocol

 The opaque-store software manages a simple OPAQUE based online store of small
 blobs.

 The OPAQUE protocol is described in the IRTF Crypto Forum Research Group draft
 (https://github.com/cfrg/draft-irtf-cfrg-opaque). The OPAQUE protocol combines
 a Oblivious Pseudo-Random Function (OPRF) and an Authenticated Key-Exchange
 (AKE) into a protocol where a user holding nothing but a password and a server
 holding some information protected by the password can establish a shared
 secret.  The protocol describes an augmented (or asymmetric)
 password-authenticated key exchange (aPAKE) that supports mutual authentication
 in a client-server setting without reliance on PKI and with security against
 pre-computation attacks upon server compromise. In addition, the protocol
 provides forward secrecy and the ability to hide the password from the server,
 even during password registration.

 OPAQUE-Store goes beyond the original OPAQUE protocol as specified by the
 IRTF/CFRG and also supports a threshold variant of OPAQUE. In a threshold setup
 you have a number N of servers that all hold a share of your secret and at
 least a threshold number T of these need to cooperate to recover the secret.
 This provides extra robustness and dillution of responsibility (losing a server
 is not the end of the world!) while at the same time increases security, as an
 attacker now has to compromise at least T servers to get access to some
 information.

For now, my packaging work will focus on shipping the client software only.
That part of the code is implemented in Python, using the pysodium,
SecureString, opaque, and pyoprf Python modules.  It can optionally use
zxcvbn-python.

I will be working on the opaque-store package at (yet to be created)
https://salsa.debian.org/debian/opaque-store .

Once zig is shipped with Debian, work on packaging the server side could
start.  See https://bugs.debian.org/995670 ,
https://bugs.debian.org/1012286 and https://salsa.debian.org/zig-team/zig for
current status of getting zig shipped with Debian.

One is recommended to use pwdsphinx (https://packages.debian.org/pwdsphinx)
as a front-end to opaque-store.

Planned is the packaging of the klutshnik software ( https://klutshnik.info/ ,
https://github.com/stef/klutshnik ) which can interact with authentication
tokens as used by opaque-store, an ITP for this is upcoming.

This work is part of NLnet's ThresholdOPRF project, which is funded through
NLnet's NGI0 Entrust, with financial support from the European Commission's
Next Generation Internet (https://ngi.eu) program. Learn more at the
ThresholdOPRF NLnet project page at https://nlnet.nl/project/ThresholdOPRF.

Bye,

Joost

Reply to:

Prev by Date: Re: Built-Using vs Static-Built-Using
Next by Date: Re: handling the OpenPGP schism safely in Debian [was: Re: GnuPG 2.4 before Trixie freeze]
Previous by thread: Re: Built-Using vs Static-Built-Using
Next by thread: Bug#1093026: ITP: gnupg24 -- GNU Privacy Guard, a LibrePGP implementation
Index(es):
- Date
- Thread