Revolutionary Zero-Knowledge Authentication Platform - Passwords never leave your device, even during registration and login.
PS: current docs are deprecated, will not re-write until done with current changes
- Zero-Knowledge Authentication (OPAQUE): Passwords never transmitted or stored.
- Dual-Service Isolation: Node.js handles cryptography; Flask manages sessions.
- Stateless Tokens (PASETO): Safer JWT alternative with built-in tamper protection.
- Redis + PostgreSQL: Balances speed and durability for real-world scalability.
- Full Automation: End-to-end testing with Playwright for protocol correctness.
- CI/CD: Automated testing and deployment.
Cypher is a cutting-edge authentication platform that implements zero-knowledge password authentication using the OPAQUE protocol. Unlike traditional systems where passwords are transmitted and stored (even if hashed), Cypher ensures that passwords never leave the client's device.
- Two-Service Design: Isolated cryptographic operations (Node.js) and session management (Flask)
- Stateless Tokens: PASETO-based authentication tokens (no JWT vulnerabilities)
- Dual Storage: Redis for performance, PostgreSQL for durability
- Real-time Sync: Multi-tab session synchronization with automatic token refresh
- Node.js 18+ and npm
- Python 3.8+ and pip
- PostgreSQL 15+
- Redis 7+
- Docker
Then run the setup.sh, then generate_secrets.sh and the start.sh script and OFF YOU GO
- setup.sh - Sets up the environment
- start.sh - Starts the application
- dev.sh - Starts the application in development mode (hot reload enabled)
- stop.sh - Stops the application
- reset_databases.sh - Resets the databases
- clear_databases.sh - Clears the databases
- generate_secrets.sh - Generates OPAQUE secrets (oprf seeds and server private and public key)
Cypher/
├── backend/ # Application backend
│ ├── Flask-server/ # Flask web application
│ │ ├── main.py # Flask application entry point
│ │ ├── requirements.txt # Python dependencies
│ │ └── __init__.py
│ ├── database/ # Python database modules
│ │ ├── database_config.py # PostgreSQL & Redis config
│ │ ├── encryption_manager.py # Encryption & key rotation
│ │ ├── models.py # SQLAlchemy models
│ │ ├── redis_manager.py # Redis operations
│ │ └── __init__.py
│ ├── node_internal_api/ # Node.js cryptographic service
│ │ ├── app.js # Express OPAQUE server
│ │ ├── db.js # Database operations
│ │ └── package.json
│ └── redis.conf # Redis configuration
├── front-end/ # Frontend assets
│ ├── src/ # JavaScript source
│ │ ├── auth.js # Client-side authentication
│ │ ├── register.js # Registration flow
│ │ ├── session-manager.js # Token lifecycle
│ │ └── index.js # Main entry
│ ├── static/ # Static assets
│ │ └── dist/ # Compiled output (vite build)
│ ├── templates/ # HTML templates
│ ├── package.json # Frontend dependencies
│ └── vite.config.js # Vite build configuration
├── scripts/ # DevOps scripts
│ ├── setup.sh # Initial setup
│ ├── start.sh # Start application
│ ├── dev.sh # Development mode
│ ├── init_db.py # Database initialization
│ └── *_databases.sh # Database management
├── test/ # Automation tests
├── docs/ # Comprehensive documentation
│ ├── Overview.md # System overview
│ ├── API-Reference.md # Complete API documentation
│ ├── Authentication-System.md # Security architecture
│ ├── System-Architecture.md # Technical architecture
│ └── README.md # Documentation index
├── docker-compose.yml # Infrastructure
├── .env # Environment variables
└── README.md # This file
| Component | Technology | Purpose |
|---|---|---|
| Frontend | Vanilla JS + Vite | Zero-knowledge client operations |
| Node.js Internal API | Express + OPAQUE | Cryptographic protocol handling |
| Flask Internal API | FLASK + PASETO | Internal API for session management |
| Flask Service | Flask + PASETO | Session management & tokens |
| Database | PostgreSQL | Persistent credential storage |
| Cache | Redis | Session & rate limiting |
| Tokens | PASETO v4.local | Stateless session management |
| Automation | Playwright + otplib | Demo & testing workflows |