What is Ocrypt?
Ocrypt is OpenADP's network-based password hashing algorithm. It derives strong encryption keys from simple pins and passwords. Instead of storing encryption keys on a single server (vulnerable to government pressure), Ocrypt distributes key shares across multiple independent servers in different countries.
There are several popular password hashing algorithms, such as PBKDF2 (weak), Bcrypt, Scrypt and Argon2id (strong). However, no password hashing algorithm can protect a pin.
The "O" in Ocrypt stands for "Oblivious". Ocrypt uses what cryptographers call a DOPRF, which stands for "Distributed Oblivious Pseudo Random Function". DOPRFs have a property called "information theoretic security", which means that even if 100% of the OpenADP servers are compromised, attackers learn nothing about your pin. No information about your pin is ever sent to OpenADP servers. Accessing your encrypted data requires access to your encrypted storage, and also hacking most OpenADP servers protecting your data.
๐ Security Transformation
Before: PIN "3344" can be cracked in seconds, regardless of the local password hashing algorithm used.
After: Same PIN "3344" becomes a strong encryption key.
Your data is safe so long as the attacker cannot guess your pin within a fixed number of guesses (defaults to 10).
Your data is lost if you fail to guess your pin in time! Ocrypt is designed to pass the Mud Puddle Test. Attackers with your unlocked device get only the same number of guesses as you.
Perfect For These Applications:
๐ช Device backups
Protects your backups from your cloud provider
๐ฌ Secure Messaging
Backup chat history without central vulnerability
๐ Password Managers
Vault backup with distributed trust
๐ File Storage
End-to-end encryption without holding keys
Integration Guide
๐ Multi-Language Support
Consistent API across all languages! All OpenADP SDKs provide the same simple 2-function interface:
- Python:
pip install openadp==0.1.3 - JavaScript Node.js:
npm install @openadp/[email protected] - JavaScript Browser:
npm install @openadp/[email protected] - Go:
go get github.com/OpenADP/openadp/sdk/go@latest - Rust:
cargo add [email protected] - C++: Install from source (OpenSSL, libcurl, CMake required)
All SDKs use the same register() and recover() functions with identical parameters!
1
Install OpenADP Node.js SDK
Install the OpenADP JavaScript package directly from NPM:
npm install @openadp/[email protected]
๐ Professional NPM Package!
The OpenADP Node.js SDK is now available as a professional NPM package (v0.1.3). Full async/await support with ES6 modules!
โ ๏ธ Important: HTTP Server Required
Never open HTML files directly in the browser (file:// protocol). Modern browsers block ES6 module imports and Service Workers for security reasons.
Always use an HTTP server for development and testing.
2
Import Ocrypt
// ES6 Module Import (Node.js 18+)
import { register, recover } from '@openadp/ocrypt';
// Or CommonJS
const { register, recover } = require('@openadp/ocrypt');
3
Register User Data
When a user creates an account or wants to back up sensitive data:
import fs from 'fs/promises';
async function backupUserData(userID, sensitiveData, userPIN) {
try {
// Convert sensitive data to bytes
const dataBytes = new TextEncoder().encode(JSON.stringify(sensitiveData));
// Register with OpenADP - this distributes the encryption key
const metadata = await register(
userID, // Unique user identifier
'my-app', // Your application name
dataBytes, // The sensitive data to protect
userPIN, // User's PIN/password
10 // Maximum wrong PIN attempts (default: 10)
);
// Store metadata locally - this is safe to store anywhere
await fs.writeFile(`backup_${userID}.bin`, metadata);
console.log('โ
User data backed up successfully!');
return metadata;
} catch (error) {
console.error('โ Backup failed:', error.message);
throw error;
}
}
4
Recover User Data
When a user needs to restore their data:
async function restoreUserData(userID, userPIN) {
try {
// Get metadata from file
const metadata = await fs.readFile(`backup_${userID}.bin`);
// Recover data from OpenADP network
const { secret: recoveredBytes, remaining, updatedMetadata } = await recover(metadata, userPIN);
// Update metadata if backup was refreshed
if (updatedMetadata !== metadata) {
await fs.writeFile(`backup_${userID}.bin`, updatedMetadata);
console.log('๐ Backup refreshed automatically');
}
// Convert back to original data
const recoveredData = JSON.parse(new TextDecoder().decode(recoveredBytes));
console.log('โ
User data recovered successfully!');
console.log(`๐ข Remaining attempts: ${remaining}`);
return recoveredData;
} catch (error) {
console.error('โ Recovery failed:', error.message);
throw error;
}
}
5
Complete Example
Here's a complete working example:
// Example: Secure Notes App
class SecureNotesApp {
constructor() {
this.userID = 'user123';
}
async saveNote(noteText, userPIN) {
const noteData = {
content: noteText,
timestamp: new Date().toISOString(),
version: '1.0'
};
try {
const metadata = await register(
this.userID,
'secure-notes',
new TextEncoder().encode(JSON.stringify(noteData)),
userPIN,
'current',
3
);
// Store metadata - safe to store anywhere
localStorage.setItem('note_metadata', JSON.stringify(metadata));
alert('โ
Note saved securely!');
} catch (error) {
alert('โ Failed to save note: ' + error.message);
}
}
async loadNote(userPIN) {
try {
const metadata = JSON.parse(localStorage.getItem('note_metadata'));
const recoveredBytes = await recover(metadata, userPIN);
const noteData = JSON.parse(new TextDecoder().decode(recoveredBytes));
return noteData.content;
} catch (error) {
alert('โ Failed to load note: ' + error.message);
return null;
}
}
}
// Usage
const app = new SecureNotesApp();
// Save a note
await app.saveNote('My secret note content', '3344');
// Load the note
const noteContent = await app.loadNote('3344');
console.log('Recovered note:', noteContent);
1
Install OpenADP Browser SDK
Install the OpenADP Browser JavaScript package directly from NPM:
npm install @openadp/[email protected]
๐ Browser-Compatible!
The OpenADP Browser SDK works in modern browsers with ES6 module support and WebCrypto API!
โ ๏ธ HTTP Server Required
ES6 modules require an HTTP server. Never open HTML files directly (file:// protocol). Use a development server like python3 -m http.server 8000 or similar.
2
Import Ocrypt
// ES6 Module Import
import { register, recover } from '@openadp/browser-sdk';
// Or via CDN
import { register, recover } from 'https://unpkg.com/@openadp/[email protected]/ocrypt.js';
3
Register User Data
When a user creates an account or wants to back up sensitive data:
async function backupUserData(userID, sensitiveData, userPIN) {
try {
// Convert sensitive data to bytes
const dataBytes = new TextEncoder().encode(JSON.stringify(sensitiveData));
// Register with OpenADP - this distributes the encryption key
const metadata = await register(
userID, // Unique user identifier
'my-app', // Your application name
dataBytes, // The sensitive data to protect
userPIN, // User's PIN/password
10 // Maximum wrong PIN attempts (default: 10)
);
// Store metadata locally - this is safe to store anywhere
localStorage.setItem(`backup_${userID}`, Array.from(metadata).join(','));
console.log('โ
User data backed up successfully!');
return metadata;
} catch (error) {
console.error('โ Backup failed:', error.message);
throw error;
}
}
4
Recover User Data
When a user needs to restore their data:
async function restoreUserData(userID, userPIN) {
try {
// Get metadata from local storage
const metadataStr = localStorage.getItem(`backup_${userID}`);
if (!metadataStr) {
throw new Error('No backup found for this user');
}
// Convert back to Uint8Array
const metadata = new Uint8Array(metadataStr.split(',').map(Number));
// Recover data from OpenADP network
const { secret: recoveredBytes, remaining, updatedMetadata } = await recover(metadata, userPIN);
// Update metadata if backup was refreshed
if (updatedMetadata && updatedMetadata !== metadata) {
localStorage.setItem(`backup_${userID}`, Array.from(updatedMetadata).join(','));
console.log('๐ Backup refreshed automatically');
}
// Convert back to original data
const recoveredData = JSON.parse(new TextDecoder().decode(recoveredBytes));
console.log('โ
User data recovered successfully!');
console.log(`๐ข Remaining attempts: ${remaining}`);
return recoveredData;
} catch (error) {
console.error('โ Recovery failed:', error.message);
throw error;
}
}
5
Complete Example
Here's a complete working example for a secure notes app:
// Example: Secure Notes App
class SecureNotesApp {
constructor() {
this.userID = 'user123';
}
async saveNote(noteText, userPIN) {
const noteData = {
content: noteText,
timestamp: new Date().toISOString(),
version: '1.0'
};
try {
const metadata = await register(
this.userID,
'secure-notes',
new TextEncoder().encode(JSON.stringify(noteData)),
userPIN,
3
);
// Store metadata - safe to store anywhere
localStorage.setItem('note_metadata', Array.from(metadata).join(','));
alert('โ
Note saved securely!');
} catch (error) {
alert('โ Failed to save note: ' + error.message);
}
}
async loadNote(userPIN) {
try {
const metadataStr = localStorage.getItem('note_metadata');
const metadata = new Uint8Array(metadataStr.split(',').map(Number));
const { secret: recoveredBytes } = await recover(metadata, userPIN);
const noteData = JSON.parse(new TextDecoder().decode(recoveredBytes));
return noteData.content;
} catch (error) {
alert('โ Failed to load note: ' + error.message);
return null;
}
}
}
// Usage
const app = new SecureNotesApp();
// Save a note
await app.saveNote('My secret note content', '3344');
// Load the note
const noteContent = await app.loadNote('3344');
console.log('Recovered note:', noteContent);
1
Install OpenADP Python Package
Install the OpenADP Python package directly from PyPI:
pip install openadp==0.1.3
๐ Easy Installation!
The OpenADP Python package (v0.1.3) is now available on PyPI. No need to clone repositories or build from source!
2
Import Ocrypt
from openadp import ocrypt_register as register, ocrypt_recover as recover
import json
from datetime import datetime
3
Register User Data
def backup_user_data(user_id, sensitive_data, user_pin):
"""Backup sensitive data using OpenADP distributed cryptography"""
try:
# Convert data to bytes
data_bytes = json.dumps(sensitive_data).encode('utf-8')
# Register with OpenADP
metadata = register(
user_id, # User ID
'my-app', # Application ID
data_bytes, # Long-term secret to protect
user_pin, # User's PIN
3 # Max wrong attempts
)
# Store metadata locally (safe to store anywhere)
with open(f'backup_{user_id}.json', 'w') as f:
json.dump(metadata, f)
print('โ
User data backed up successfully!')
return metadata
except Exception as e:
print(f'โ Backup failed: {e}')
raise
4
Recover User Data
def restore_user_data(user_id, user_pin):
"""Restore user data from OpenADP network"""
try:
# Load metadata
with open(f'backup_{user_id}.json', 'r') as f:
metadata = json.load(f)
# Recover data from OpenADP network
recovered_bytes, remaining_guesses, updated_metadata = recover(metadata, user_pin)
# Update metadata if it changed (automatic backup refresh)
if updated_metadata != metadata:
with open(f'backup_{user_id}.json', 'w') as f:
json.dump(json.loads(updated_metadata.decode('utf-8')), f)
# Convert back to original data
recovered_data = json.loads(recovered_bytes.decode('utf-8'))
print('โ
User data recovered successfully!')
return recovered_data
except Exception as e:
print(f'โ Recovery failed: {e}')
raise
5
Complete Example
# Example: Crypto Wallet Backup
class CryptoWallet:
def __init__(self, user_id):
self.user_id = user_id
def backup_wallet(self, seed_phrase, private_keys, user_pin):
"""Backup wallet data securely"""
wallet_data = {
'seed_phrase': seed_phrase,
'private_keys': private_keys,
'timestamp': str(datetime.now()),
'version': '1.0'
}
try:
metadata = register(
self.user_id, # User ID
'crypto-wallet', # Application ID
json.dumps(wallet_data).encode('utf-8'), # Wallet data as bytes
user_pin, # User's PIN
3 # Max wrong attempts
)
# Store metadata
with open(f'wallet_{self.user_id}.json', 'w') as f:
json.dump(metadata, f)
print('โ
Wallet backed up securely!')
return True
except Exception as e:
print(f'โ Wallet backup failed: {e}')
return False
def restore_wallet(self, user_pin):
"""Restore wallet from backup"""
try:
with open(f'wallet_{self.user_id}.json', 'r') as f:
metadata = json.load(f)
recovered_bytes, remaining_guesses, updated_metadata = recover(
json.dumps(metadata).encode('utf-8'),
user_pin
)
wallet_data = json.loads(recovered_bytes.decode('utf-8'))
return wallet_data
except Exception as e:
print(f'โ Wallet recovery failed: {e}')
return None
# Usage
wallet = CryptoWallet('user123')
# Backup wallet
wallet.backup_wallet(
seed_phrase='abandon abandon abandon...',
private_keys=['key1', 'key2', 'key3'],
user_pin='3344'
)
# Restore wallet
restored_data = wallet.restore_wallet('3344')
print('Restored wallet:', restored_data)
1
Install OpenADP Go Package
Add the OpenADP Go module to your project:
go get github.com/OpenADP/openadp/sdk/go@latest
๐ Integrated Go Module!
The OpenADP Go SDK is now integrated into the main repository. Simple 2-function API for easy integration!
2
Import Ocrypt
package main
import (
"encoding/json"
"fmt"
"io/ioutil"
"log"
"github.com/OpenADP/openadp/sdk/go/ocrypt"
)
3
Register User Data
func backupUserData(userID string, sensitiveData interface{}, userPIN string) ([]byte, error) {
// Convert data to bytes
dataBytes, err := json.Marshal(sensitiveData)
if err != nil {
return nil, fmt.Errorf("failed to marshal data: %v", err)
}
// Register with OpenADP
metadata, err := ocrypt.Register(
userID, // User ID
"my-app", // Application ID
dataBytes, // Long-term secret to protect
userPIN, // User's PIN
10, // Max wrong attempts
"", // Servers URL (empty = default)
)
if err != nil {
return nil, fmt.Errorf("registration failed: %v", err)
}
// Store metadata (safe to store anywhere)
err = ioutil.WriteFile(fmt.Sprintf("backup_%s.bin", userID), metadata, 0644)
if err != nil {
return nil, fmt.Errorf("failed to save metadata: %v", err)
}
fmt.Println("โ
User data backed up successfully!")
return metadata, nil
}
4
Recover User Data
func restoreUserData(userID string, userPIN string) (interface{}, error) {
// Load metadata
metadataBytes, err := ioutil.ReadFile(fmt.Sprintf("backup_%s.bin", userID))
if err != nil {
return nil, fmt.Errorf("failed to load metadata: %v", err)
}
// Recover data from OpenADP network
recoveredBytes, remaining, updatedMetadata, err := ocrypt.Recover(metadataBytes, userPIN, "")
if err != nil {
return nil, fmt.Errorf("recovery failed: %v", err)
}
// Update metadata if backup was refreshed
if string(updatedMetadata) != string(metadataBytes) {
err = ioutil.WriteFile(fmt.Sprintf("backup_%s.bin", userID), updatedMetadata, 0644)
if err != nil {
fmt.Printf("โ ๏ธ Failed to update metadata: %v\n", err)
} else {
fmt.Println("๐ Backup refreshed automatically")
}
}
// Convert back to original data
var recoveredData interface{}
err = json.Unmarshal(recoveredBytes, &recoveredData)
if err != nil {
return nil, fmt.Errorf("failed to unmarshal recovered data: %v", err)
}
fmt.Println("โ
User data recovered successfully!")
fmt.Printf("๐ข Remaining attempts: %d\n", remaining)
return recoveredData, nil
}
5
Complete Example
// Example: Secure File Storage
type SecureFileStorage struct {
UserID string
}
type FileData struct {
Content string `json:"content"`
Filename string `json:"filename"`
Timestamp string `json:"timestamp"`
Version string `json:"version"`
}
func (s *SecureFileStorage) SaveFile(filename, content, userPIN string) error {
fileData := FileData{
Content: content,
Filename: filename,
Timestamp: time.Now().Format(time.RFC3339),
Version: "1.0",
}
dataBytes, err := json.Marshal(fileData)
if err != nil {
return fmt.Errorf("failed to marshal file data: %v", err)
}
metadata, err := ocrypt.Register(
s.UserID,
"secure-files",
dataBytes,
userPIN,
"current",
3,
)
if err != nil {
return fmt.Errorf("failed to save file: %v", err)
}
// Store metadata
metadataBytes, _ := json.Marshal(metadata)
err = ioutil.WriteFile(fmt.Sprintf("file_%s_%s.json", s.UserID, filename), metadataBytes, 0644)
if err != nil {
return fmt.Errorf("failed to save metadata: %v", err)
}
fmt.Printf("โ
File '%s' saved securely!\n", filename)
return nil
}
func (s *SecureFileStorage) LoadFile(filename, userPIN string) (*FileData, error) {
metadataBytes, err := ioutil.ReadFile(fmt.Sprintf("file_%s_%s.json", s.UserID, filename))
if err != nil {
return nil, fmt.Errorf("file not found: %v", err)
}
var metadata map[string]interface{}
json.Unmarshal(metadataBytes, &metadata)
recoveredBytes, err := ocrypt.Recover(metadata, userPIN)
if err != nil {
return nil, fmt.Errorf("failed to load file: %v", err)
}
var fileData FileData
err = json.Unmarshal(recoveredBytes, &fileData)
if err != nil {
return nil, fmt.Errorf("failed to parse file data: %v", err)
}
return &fileData, nil
}
// Usage
func main() {
storage := &SecureFileStorage{UserID: "user123"}
// Save a file
err := storage.SaveFile("secret.txt", "My secret content", "3344")
if err != nil {
log.Fatal("Save failed:", err)
}
// Load the file
fileData, err := storage.LoadFile("secret.txt", "3344")
if err != nil {
log.Fatal("Load failed:", err)
}
fmt.Printf("Recovered file: %s\n", fileData.Content)
}
1
Install OpenADP Rust Crate
Add the OpenADP Rust crate to your project:
# Add to Cargo.toml
[dependencies]
openadp-ocrypt = "0.1.3"
tokio = { version = "1.0", features = ["full"] }
๐ฆ Published Rust Crate!
The OpenADP Rust crate (v0.1.3) is available on crates.io with full async/await support and cross-language compatibility!
2
Import Ocrypt
use openadp_ocrypt::{register, recover};
use tokio;
3
Register User Data
#[tokio::main]
async fn main() -> Result<(), Box> {
// Convert data to bytes
let sensitive_data = b"My secret API key: sk_live_example123";
// Register with OpenADP
let metadata = register(
"[email protected]", // user_id
"api_service", // app_id
sensitive_data, // long_term_secret
"secure_pin", // pin
5, // max_guesses
"", // servers_url (empty = default)
).await?;
// Store metadata (safe to store anywhere)
std::fs::write("backup_metadata.bin", &metadata)?;
println!("โ
User data backed up successfully!");
Ok(())
}
4
Recover User Data
#[tokio::main]
async fn main() -> Result<(), Box> {
// Load metadata
let metadata = std::fs::read("backup_metadata.bin")?;
// Recover data from OpenADP network
let (recovered_data, remaining_guesses, updated_metadata) = recover(
&metadata,
"secure_pin",
"", // servers_url (empty = default)
).await?;
// Update metadata if backup was refreshed
if updated_metadata != metadata {
std::fs::write("backup_metadata.bin", &updated_metadata)?;
}
let recovered_string = String::from_utf8(recovered_data)?;
println!("โ
Recovered: {}", recovered_string);
println!("Remaining guesses: {}", remaining_guesses);
Ok(())
}
5
Complete Example
// Example: Secure Configuration Manager
use openadp_ocrypt::{register, recover};
use serde::{Serialize, Deserialize};
#[derive(Serialize, Deserialize)]
struct DatabaseConfig {
host: String,
password: String,
encryption_key: String,
}
#[tokio::main]
async fn main() -> Result<(), Box> {
// Create sensitive configuration
let config = DatabaseConfig {
host: "db.production.com".to_string(),
password: "super_secret_db_password".to_string(),
encryption_key: "aes256_encryption_key_here".to_string(),
};
// Serialize and protect with OpenADP
let config_bytes = serde_json::to_vec(&config)?;
let metadata = register(
"production_server",
"database_config",
&config_bytes,
"admin_pin_2024",
3, // Only 3 attempts
"",
).await?;
// Store metadata in version control (safe to commit)
std::fs::write("config_metadata.bin", &metadata)?;
println!("โ
Database config secured!");
// Later: recover configuration for deployment
let metadata = std::fs::read("config_metadata.bin")?;
let (recovered_bytes, remaining, updated_metadata) = recover(
&metadata,
"admin_pin_2024",
"",
).await?;
let recovered_config: DatabaseConfig = serde_json::from_slice(&recovered_bytes)?;
println!("โ
Database config recovered:");
println!("Host: {}", recovered_config.host);
println!("Remaining attempts: {}", remaining);
Ok(())
}
1
Install OpenADP C++ SDK
Build and install the OpenADP C++ SDK from source:
# Install dependencies (Ubuntu/Debian)
sudo apt install build-essential cmake libssl-dev libcurl4-openssl-dev nlohmann-json3-dev
# Build and install
cd sdk/cpp
mkdir build && cd build
cmake ..
make -j$(nproc)
sudo make install
โก Native C++ Performance!
The OpenADP C++ SDK provides maximum performance with full cross-language compatibility. Headers and library installed to /usr/local/.
2
Include Headers
#include
#include
#include
using namespace openadp;
3
Register User Data
int main() {
try {
// Convert data to bytes
std::string secret_data = "My API token: sk_live_example456";
Bytes data_bytes = utils::string_to_bytes(secret_data);
// Register with OpenADP
Bytes metadata = ocrypt::register_secret(
"[email protected]", // user_id
"payment_service", // app_id
data_bytes, // long_term_secret
"secure_pin", // pin
5 // max_guesses
);
// Store metadata (safe to store anywhere)
std::ofstream file("backup_metadata.bin", std::ios::binary);
file.write(reinterpret_cast(metadata.data()), metadata.size());
file.close();
std::cout << "โ
User data backed up successfully!" << std::endl;
} catch (const OpenADPError& e) {
std::cerr << "โ Error: " << e.what() << std::endl;
return 1;
}
return 0;
}
4
Recover User Data
int main() {
try {
// Load metadata
std::ifstream file("backup_metadata.bin", std::ios::binary);
Bytes metadata((std::istreambuf_iterator(file)),
std::istreambuf_iterator());
file.close();
// Recover data from OpenADP network
auto result = ocrypt::recover(metadata, "secure_pin");
// Convert back to string
std::string recovered_data = utils::bytes_to_string(result.secret);
std::cout << "โ
Recovered: " << recovered_data << std::endl;
std::cout << "Remaining guesses: " << result.remaining_guesses << std::endl;
// Update metadata if backup was refreshed
if (result.updated_metadata != metadata) {
std::ofstream update_file("backup_metadata.bin", std::ios::binary);
update_file.write(reinterpret_cast(result.updated_metadata.data()),
result.updated_metadata.size());
update_file.close();
std::cout << "๐ Backup refreshed automatically" << std::endl;
}
} catch (const OpenADPError& e) {
std::cerr << "โ Recovery failed: " << e.what() << std::endl;
return 1;
}
return 0;
}
5
Complete Example
// Example: Secure File Encryption
#include
#include
#include
using namespace openadp;
class SecureFileManager {
private:
std::string user_id;
public:
SecureFileManager(const std::string& uid) : user_id(uid) {}
void encrypt_file(const std::string& filename, const std::string& pin) {
try {
// Read file content
std::ifstream file(filename, std::ios::binary);
Bytes file_content((std::istreambuf_iterator(file)),
std::istreambuf_iterator());
file.close();
// Encrypt with OpenADP
Identity identity(user_id, "laptop", "file://" + filename);
auto result = encrypt_data(file_content, identity, pin);
// Save encrypted file and metadata
std::ofstream enc_file(filename + ".enc", std::ios::binary);
enc_file.write(reinterpret_cast(result.ciphertext.data()),
result.ciphertext.size());
enc_file.close();
std::ofstream meta_file(filename + ".meta", std::ios::binary);
meta_file.write(reinterpret_cast(result.metadata.data()),
result.metadata.size());
meta_file.close();
std::cout << "โ
File '" << filename << "' encrypted successfully!" << std::endl;
} catch (const OpenADPError& e) {
std::cerr << "โ Encryption failed: " << e.what() << std::endl;
}
}
void decrypt_file(const std::string& filename, const std::string& pin) {
try {
// Read encrypted file and metadata
std::ifstream enc_file(filename + ".enc", std::ios::binary);
Bytes ciphertext((std::istreambuf_iterator(enc_file)),
std::istreambuf_iterator());
enc_file.close();
std::ifstream meta_file(filename + ".meta", std::ios::binary);
Bytes metadata((std::istreambuf_iterator(meta_file)),
std::istreambuf_iterator());
meta_file.close();
// Decrypt with OpenADP
Identity identity(user_id, "laptop", "file://" + filename);
Bytes decrypted = decrypt_data(ciphertext, metadata, identity, pin);
// Save decrypted file
std::ofstream dec_file(filename + ".dec", std::ios::binary);
dec_file.write(reinterpret_cast(decrypted.data()),
decrypted.size());
dec_file.close();
std::cout << "โ
File '" << filename << "' decrypted successfully!" << std::endl;
} catch (const OpenADPError& e) {
std::cerr << "โ Decryption failed: " << e.what() << std::endl;
}
}
};
// Usage
int main() {
SecureFileManager manager("[email protected]");
// Encrypt a file
manager.encrypt_file("document.pdf", "secure_pin");
// Later: decrypt the file
manager.decrypt_file("document.pdf", "secure_pin");
return 0;
}
Testing Your Integration
โ ๏ธ Important: Test with Real OpenADP Network
Make sure you're testing against the live OpenADP server network, not simulated servers. The live network provides real distributed cryptography protection.
๐งช
Quick Installation Test
Verify your installation works with these simple tests:
# test_ocrypt.py
from openadp.ocrypt import register, recover
# Test data
test_secret = b"Hello, OpenADP!"
test_pin = "1234"
print("๐งช Testing OpenADP Python integration...")
# Register
metadata = register("test-user", "test-app", test_secret, test_pin)
print("โ
Registration successful!")
# Recover
recovered_secret, remaining, updated_metadata = recover(metadata, test_pin)
print(f"โ
Recovery successful! Remaining guesses: {remaining}")
# Verify
assert recovered_secret == test_secret
print("๐ Test passed! OpenADP is working correctly.")
// test_ocrypt.go
package main
import (
"fmt"
"log"
"github.com/OpenADP/openadp/sdk/go/ocrypt"
)
func main() {
fmt.Println("๐งช Testing OpenADP Go integration...")
// Test data
testSecret := []byte("Hello, OpenADP!")
testPIN := "1234"
// Register
metadata, err := ocrypt.Register("test-user", "test-app", testSecret, testPIN)
if err != nil {
log.Fatal("Registration failed:", err)
}
fmt.Println("โ
Registration successful!")
// Recover
recoveredSecret, err := ocrypt.Recover(metadata, testPIN)
if err != nil {
log.Fatal("Recovery failed:", err)
}
fmt.Println("โ
Recovery successful!")
// Verify
if string(recoveredSecret) != string(testSecret) {
log.Fatal("Secret mismatch!")
}
fmt.Println("๐ Test passed! OpenADP is working correctly.")
}
// test_ocrypt.js
import { register, recover } from '@openadp/browser-sdk';
async function testOcrypt() {
console.log('๐งช Testing OpenADP JavaScript integration...');
// Test data
const testSecret = new TextEncoder().encode('Hello, OpenADP!');
const testPIN = '1234';
try {
// Register
const metadata = await register('test-user', 'test-app', testSecret, testPIN);
console.log('โ
Registration successful!');
// Recover
const recoveredSecret = await recover(metadata, testPIN);
console.log('โ
Recovery successful!');
// Verify
const originalText = new TextDecoder().decode(testSecret);
const recoveredText = new TextDecoder().decode(recoveredSecret);
if (originalText === recoveredText) {
console.log('๐ Test passed! OpenADP is working correctly.');
} else {
console.error('โ Secret mismatch!');
}
} catch (error) {
console.error('โ Test failed:', error.message);
}
}
testOcrypt();
// test_ocrypt.rs
use openadp_ocrypt::{register, recover};
#[tokio::main]
async fn main() -> Result<(), Box> {
println!("๐งช Testing OpenADP Rust integration...");
// Test data
let test_secret = b"Hello, OpenADP!";
let test_pin = "1234";
// Register
let metadata = register("test-user", "test-app", test_secret, test_pin, 10, "").await?;
println!("โ
Registration successful!");
// Recover
let (recovered_secret, remaining, _) = recover(&metadata, test_pin, "").await?;
println!("โ
Recovery successful! Remaining guesses: {}", remaining);
// Verify
if recovered_secret == test_secret {
println!("๐ Test passed! OpenADP is working correctly.");
} else {
println!("โ Secret mismatch!");
}
Ok(())
}
// test_ocrypt.cpp
#include
#include
using namespace openadp;
int main() {
try {
std::cout << "๐งช Testing OpenADP C++ integration..." << std::endl;
// Test data
std::string test_secret = "Hello, OpenADP!";
Bytes secret_bytes = utils::string_to_bytes(test_secret);
std::string test_pin = "1234";
// Register
Bytes metadata = ocrypt::register_secret("test-user", "test-app", secret_bytes, test_pin, 10);
std::cout << "โ
Registration successful!" << std::endl;
// Recover
auto result = ocrypt::recover(metadata, test_pin);
std::cout << "โ
Recovery successful! Remaining guesses: " << result.remaining_guesses << std::endl;
// Verify
std::string recovered_text = utils::bytes_to_string(result.secret);
if (recovered_text == test_secret) {
std::cout << "๐ Test passed! OpenADP is working correctly." << std::endl;
} else {
std::cout << "โ Secret mismatch!" << std::endl;
}
} catch (const OpenADPError& e) {
std::cerr << "โ Test failed: " << e.what() << std::endl;
return 1;
}
return 0;
}
1
Set Up HTTP Server
Create a simple HTTP server to serve your application. Do not open HTML files directly - browsers block ES6 modules from file:// URLs.
Option A: Python HTTP Server (Recommended)
# Navigate to your project directory
cd your-project-directory
# Python 3
python3 -m http.server 8000
# Your app will be available at: http://localhost:8000
Option B: Node.js HTTP Server
# Install a simple HTTP server
npm install -g http-server
# Navigate to your project directory
cd your-project-directory
# Start server
http-server -p 8000
# Your app will be available at: http://localhost:8000
Option C: Use OpenADP's Ready-Made Server
# Copy the server script from OpenADP
cp path/to/openadp/scripts/serve_homepage.py ./serve_app.py
# Edit the script to point to your app directory
# Then run:
python3 serve_app.py
2
Verify Network Connectivity
Check that your application can reach OpenADP servers:
# Check network health
curl https://health.openadp.org/health
# View active servers
curl https://servers.openadp.org/servers
3
Test Registration and Recovery
Test the complete flow with a simple example:
// Test with simple data
const testData = { message: "Hello OpenADP!" };
const testPIN = "3344";
const testUserID = "test-user-" + Date.now();
// Register
const metadata = await register(testUserID, 'test-app',
new TextEncoder().encode(JSON.stringify(testData)), testPIN, 'current', 3);
// Recover
const recovered = await recover(metadata, testPIN);
const recoveredData = JSON.parse(new TextDecoder().decode(recovered));
console.log('Original:', testData);
console.log('Recovered:', recoveredData);
console.log('Success:', JSON.stringify(testData) === JSON.stringify(recoveredData));
4
Test Error Handling
Verify that wrong PINs are properly rejected:
// Test wrong PIN
try {
await recover(metadata, "wrong-pin");
console.log("โ This should not succeed!");
} catch (error) {
console.log("โ
Wrong PIN correctly rejected:", error.message);
}
๐จ Common Issues & Solutions
โ "Cross-Origin Request Blocked" or "Module source URI is not allowed"
Problem: You're opening the HTML file directly in the browser (file:// URL)
Solution: Use an HTTP server as described in Step 1 above
โ "Failed to fetch" or Network errors
Problem: Can't reach OpenADP servers
Solution: Check internet connection and firewall settings
โ Import errors
Problem: Wrong file paths or missing dependencies
Solution: Verify SDK file paths and ensure @noble/hashes is available
๐ Integration Complete!
Once your tests pass, your application is using distributed trust cryptography. Even simple PINs like "3344" are now protected by threshold cryptography across multiple servers in different countries.
Next Steps
๐ Advanced Features
Explore advanced Ocrypt features and configuration options
View Documentation