Skip to content
Daniel Bourdrez edited this page Dec 5, 2022 · 8 revisions

Welcome to the opaque wiki!

For the full protocol definitions please refer to the IETF draft.

Protocol Overview

OPAQUE is a 3-message authentication protocol. It uses 3 messages for client credential registrations, and 3 messages for online authentication.

The client only needs a password, and the server will store a so-called verifier that contains a public key.

After registration, the server has a client record containing public material only.

On successful client authentication, both client and server share a common secret session key that they can use for various purposes: derive encryption keys for the session, derive authentication token, etc.

Both the registration and online login procedures put out an export_key to the client only.

Table of Contents

Configuration

Registration

Authentication

Clone this wiki locally