-
Notifications
You must be signed in to change notification settings - Fork 5
Home
Daniel Bourdrez edited this page Dec 5, 2022
·
8 revisions
Welcome to the opaque wiki!
For the full protocol definitions please refer to the IETF draft.
OPAQUE is a 3-message authentication protocol. It uses 3 messages for client credential registrations, and 3 messages for online authentication.
The client only needs a password, and the server will store a so-called verifier that contains a public key.
After registration, the server has a client record containing public material only.
On successful client authentication, both client and server share a common secret session key that they can use for various purposes: derive encryption keys for the session, derive authentication token, etc.
Both the registration and online login procedures put out an export_key to the client only.