.\" Automatically generated by Pandoc 3.1.3 .\" .\" Define V font for inline verbatim, using C font in formats .\" that render this, and otherwise B font. .ie "\f[CB]x\f[]"x" \{\ . ftr V B . ftr VI BI . ftr VB B . ftr VBI BI .\} .el \{\ . ftr V CR . ftr VI CI . ftr VB CB . ftr VBI CBI .\} .TH "opaque" "1" "" "" "simple command-line frontend for libopaque" .hy .SH NAME .PP opaque - simple command-line frontend for libopaque .SH SYNOPSIS .PP Create new OPAQUE records .PP Create new opaque record - offline .IP .nf \f[C] echo -n password | opaque init idU idS 3>export_key [4record \f[R] .fi .PP Initiate new online registration .IP .nf \f[C] echo -n password | opaque register >msg 3>ctx \f[R] .fi .PP Respond to new online registration request .IP .nf \f[C] opaque respond rpub 3>rsec [4export_key >record \f[R] .fi .PP Complete online record .IP .nf \f[C] opaque store record \f[R] .fi .PP Server portion of online registration .IP .nf \f[C] socat | opaque server-reg 3>record [4export_key \f[R] .fi .PP Run OPAQUE .PP Server portion of OPAQUE session .IP .nf \f[C] socat | opaque server idU idS context 3shared_key \f[R] .fi .PP User portion of OPAQUE session .IP .nf \f[C] socat | opaque user idU idS context 3< <(echo -n password) 4>export_key 5>shared_key [6record 3>export_key \f[R] .fi .SS Online Registration .SS socat style .PP On the server: .IP .nf \f[C] socat tcp-l:23523,reuseaddr,fork system:\[dq]bash -c \[rs]\[aq]opaque server-reg user server 3>record\[rs]\[aq]\[dq] \f[R] .fi .PP On the client: .IP .nf \f[C] socat tcp:127.0.0.1:23523 exec:\[aq]bash -c \[rs]\[dq]opaque user-reg user server 3< <(echo -n password) 4>export_key\[rs]\[dq]\[aq] \f[R] .fi .SS tcpserver style .PP On the server: .IP .nf \f[C] s6-tcpserver 127.0.0.1 23523 bash -c \[aq]opaque server-reg user server 3>record\[aq] \f[R] .fi .PP On the client: .IP .nf \f[C] s6-tcpclient 127.0.0.1 23523 bash -c \[dq]opaque user-reg user server <&6 >&7 3< <(echo -n password) 4>export_key\[dq] \f[R] .fi .SS Manually .PP It\[cq]s possible to do all 4 steps seperately, in case you cannot connect to the server directly, then: .PP The user initiates with: .IP .nf \f[C] echo -n password | opaque register >msg 3>ctx \f[R] .fi .PP The server gets \f[V]msg\f[R] and responds with rpub, while keeping rsec secret: .IP .nf \f[C] cat msg | opaque respond >rpub 3>rsec \f[R] .fi .PP The user receives \f[V]rpub\f[R] and creates stub record and optionally uses the export key to encrypt more data: .IP .nf \f[C] cat ctx | opaque finalize user server 4record 3>export_key \f[R] .fi .PP the server finalizes the record by completing the stub record from the client: .IP .nf \f[C] cat rec | opaque store user server >record 3shared_secret\[aq] \f[R] .fi .PP On the client: .IP .nf \f[C] s6-tcpclient 127.0.0.1 23523 bash -c \[dq]./opaque user user server context <&6 >&7 3< <(echo -n password) 4>export_key 5>shared_secret\[dq] \f[R] .fi .SS socat style .PP On the server: .IP .nf \f[C] socat tcp-l:23523,reuseaddr,fork system:\[dq]bash -c \[rs]\[aq]./opaque server user server context 3shared_secret\[rs]\[aq]\[dq] \f[R] .fi .PP On the client: .IP .nf \f[C] socat tcp:127.0.0.1:23523 exec:\[aq]bash -c \[rs]\[dq]./opaque user user server context 3< <(echo -n password) 4>export_key 5>shared_secret\[rs]\[dq]\[aq] \f[R] .fi .SH REPORTING BUGS .PP https://github.com/stef/libopaque/issues/ .SH AUTHOR .PP Written by Stefan Marsiske. .SH COPYRIGHT .PP Copyright © 2023 Stefan Marsiske. License LGPLv3+: GNU Lesser GPL version 3 or later . This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. .SH SEE ALSO .PP https://ctrlc.hu/\[ti]stef/blog/tags/opaque/ .PP \f[V]socat(1)\f[R], \f[V]tcpserver(1)\f[R]