{"id":20186218,"url":"https://github.com/bytemare/cake","last_synced_at":"2025-08-08T15:56:47.005Z","repository":{"id":56011723,"uuid":"314794305","full_name":"bytemare/cake","owner":"bytemare","description":"Cake is a dead-simple to use CPace PAKE implementation.","archived":false,"fork":false,"pushed_at":"2020-12-01T10:06:01.000Z","size":8,"stargazers_count":0,"open_issues_count":1,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-05-01T16:55:44.283Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bytemare.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-11-21T11:18:34.000Z","updated_at":"2024-05-01T16:55:44.284Z","dependencies_parsed_at":"2022-08-15T11:20:44.010Z","dependency_job_id":null,"html_url":"https://github.com/bytemare/cake","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/bytemare/cake","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bytemare%2Fcake","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bytemare%2Fcake/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bytemare%2Fcake/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bytemare%2Fcake/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bytemare","download_url":"https://codeload.github.com/bytemare/cake/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bytemare%2Fcake/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":269447936,"owners_count":24418756,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-08T02:00:09.200Z","response_time":72,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-14T03:16:27.731Z","updated_at":"2025-08-08T15:56:46.958Z","avatar_url":"https://github.com/bytemare.png","language":"Go","readme":"# Cake - the CPace AKE\n\nCake is CPace implemented with the Ristretto group. Easy to use, hard to misuse, it's a piece of cake.\n\nThe API is minimal as to allow you to focus on the rest of your application and ensure the highest standards for this.\nA simple round trip (2 messages) is enough.\n\nCPace + AKE = Cake\n\n# What is CPace?\n\ntl;dr\n\u003e CPace is an authentication protocol that allows two parties that share the same password to authenticate one to another.\n\nIt allows for secure mutual authentication with plaintext passwords without transmitting them in clear over the wire.\nThe protocol spits out a very strong shared session secret on success. This secret can be used to derive encryption keys for your session, a session token, or whatever.\n\n# Why Cake?\n\nAuthentication and crypto can be hard sometimes. This aims at giving you something as easy and fool-proof as possible to do so.\nNo hassle with complex configurations, no need to understand the underlying cryptography.\n\n# Gimme an example - How am I supposed to hold this ?\n\nLet's say you have a client program, that we'll call the initiator, and want to authenticate to a peer that already has the clear-text password and knows the client's identity.\n\n```Go\n// Both parties have these values\nvar (\n\tclientID = []byte(\"client\")\n\tserverID = []byte(\"server\")\n\tsecret   = []byte(\"password\")\n)\n```\n\nOn the client, do something like this:\n\n```Go\nimport \"github.com/bytemare/cake\"\n\nclient, err := cake.Client(serverID, username, secret)\n\tif err != nil {\n\t\tpanic(err)\n\t}\n\nmessage1, err := client.Start()\n\tif err != nil {\n\t\tpanic(err)\n\t}\n````\n\nSend this ```message1``` to the peer. Depending on your setup and needs, you can also send the initiator's ID.\n\nThe peer, let's call it the responder (or server), receives the authentication request from the client. Note that if you have a database with users and passwords, the lookup is up to you, and not covered in Cake.\n\n```Go\nimport \"github.com/bytemare/cake\"\n\nserver, err := cake.Server(serverID, username, secret)\n\tif err != nil {\n\t\tpanic(err)\n\t}\n\nmessage2, err := server.AuthenticateClient(message1)\n\tif err != nil {\n\t\tpanic(err)\n\t}\n\nsessionKey := server.SessionKey()\n```\n\nSend ```message2``` back to the initiator. Note that the server can already extract the session key !\n\nThe client needs to ingest this last message to complete the implicit authentication of the server and get the session key.\n\n```Go\nerr := client.Finish(message2)\n\tif err != nil {\n\t\tpanic(err)\n\t}\n\nsessionKey := client.SessionKey()\n```\n\nThe ```sessionKey``` is the same for both peers, and can be used for whatever secret you need.\n\n# Under the hood\n\nYou don't need to understand the following to use Cake. But if you're hungry, continue reading !\n\n1. Cake is a wrapper to the [CPace](https://github.com/bytemare/cpace) implementation. It's a fancy Diffie Hellman throwing the password onto an elliptic curve.\n1. JSON encoded [PAKE messages](https://github.com/bytemare/pake)\n1. Strong cryptographic defaults with Ristretto255, SHA512, and Argon2id.\n1. Uses [HashToGroup](https://github.com/bytemare/cryptotools) to map the secret to the Ristretto group.\n\n### Work in progress\n\n- Even more testing, and fuzzing.\n- Compilable to wasm.\n\n# Third party compatibility\n\nIf you want to implement another client or responder compatible with this, you'll need to be able to parse the exchanged\nmessages, which have the same JSON encoded format. You can read about them [here](https://github.com/bytemare/pake).\n\nThe initiator's message must have the field set to the SID, if not, you must give it to your responder in another way (not covered in cake, see CPace).\nThe responder's message has auth set to nil, and is ignored by the initiator.\n\n# Important note\n\nThis is possible thanks to the tremendous and relentless work of people who want greater security for the people, and giving their knowledge to the community.\nSpecial thanks to\n- [CPace](https://datatracker.ietf.org/doc/draft-irtf-cfrg-cpace) : [Björn Haase](https://github.com/BjoernMHaase)\n- The [Ristretto](https://datatracker.ietf.org/doc/draft-irtf-cfrg-ristretto255-decaf448) team\n- The [Hash-to-curve](https://datatracker.ietf.org/doc/draft-irtf-cfrg-hash-to-curve) team\n\nMany others.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbytemare%2Fcake","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbytemare%2Fcake","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbytemare%2Fcake/lists"}