Why is Opaque not yet 1.0?

This library is built on top of opaque-ke( (opens in a new tab)) which implements the OPAQUE protocol (opens in a new tab). Since the protocol is not af finshed RFC yet, we are waiting for the final version before we release a 1.0 version of this library.

Note: According to authors of the RFC it's unlikely that the protocol will change.

In addition opaque-ke has been audited and is used in production for the WhatsApp end-to-end backups.

How does it compare to opaque-wasm (opens in a new tab)?

opaque-wasm was there first and allowed us (Serenity team) to explore the OPAQUE protocol as a authentication mechanism. However it didn't fulfill our needs. That's why we set out to build this package.

@serenity-kit/opaque and react-native-opaqueopaque-wasm
EnvironmentsBundler, Node, React NativeBundler, Node (requires custom build)
Typescript typesYesNo
API stylefunctionalclass based
WebAssembly loadinginlined WASM as base64WASM imports require bundler configuration
Server setupCLI and APIAPI only
DocumentationExamples, guides, specification (in progress)Examples
TestsE2E tests, Unit testsUnit tests
OPRF & group moderistretto255 (default), P256 via separate packageP256 (default)
Custom identifiersclient & serverNot supported
Server static public keyavailablenot available

In our case it led to a simplification of our setup as you can see in this PR (opens in a new tab). Keep in mind this was an early version of @serenity-kit/opaque and the API changed after some initial feedback.