Skip to content

symeapp/srp-client

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
lib
lib
 
 
spec
spec
 
 
src
src
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SpecRunner.html
SpecRunner.html
 
 

Repository files navigation

Javascript Client for the Secure Remote Protocol (SRP)

Warning: this is an alpha release and is not ready for production use. Peer review is appreciated.

This library implements a Javascript client for the SRP protocol. The client aims to be compatible with SRP revision 6A, as defined in RFC 5054 ("Using the Secure Remote Password (SRP) Protocol for TLS Authentication"). It is released under the MPL.

The code is directly based on Tom Wu's Javascript SRP demo, which is released under the SRP license.

Testing

This library is tested with Jasmine using the official test vectors from the SRP specification. The specs can be run by opening SpecRunner.html in your browser.

Usage

Configuration

As shown in the examples below, this library accepts 1024, 1536, 2048, 4096, 6144 and 8192-bit group parameters. The default is 1024 bits.

Registration Example

<html>

<head>
  
  <script type="text/javascript" src="jsbn.js"></script>
  <script type="text/javascript" src="sha1.js"></script>
  <script type="text/javascript" src="random.js"></script>
  <script type="text/javascript" src="srp-client.js"></script>

  <script type="text/javascript">

  var bits     =  2048;
  var username = 'username';
  var password = 'password';

  var srp = new SRPClient(username, password, bits);

  // 1. The client generates a random hex salt.
  var s = srp.randomHexSalt();
  
  // 2. The client calculates its verifier value.
  var v = srp.calculateV(salt);
  
  // 3. The client sends the username, salt and
  // verifier to the server, which stores all three.
  
  </script>

</head>

</html>

Authentication Example

<html>

<head>

  <script type="text/javascript" src="jsbn.js"></script>
  <script type="text/javascript" src="sha1.js"></script>
  <script type="text/javascript" src="sjcl.js"></script>
  <script type="text/javascript" src="srp-client.js"></script>

  <script type="text/javascript">
  
  var username = 'username';
  var password = 'password';

  var srp = new SRPClient(username, password, 2048);

  // 1. The client generates and stores A.
  var a = srp.srpRandom();
  var A = srp.calculateA(a);

  // 2. The client sends A to the server.
  
  // 3. The server receives A and generates B.
  var b = srp.srpRandom();
  var B = srp.calculateB(b);

  // 4. The client and the server both calculate U.
  var u = srp.calculateU(A, B);

  // 5. The client generates its premaster secret.
  var Sc = srp.calculateS(B, salt, u, a);
  
  // 6. The server generates its premaster secret.
  var Ss = srp.calculateServerS(A, v, u, b);

  // 7. The client and the server verify the secrets.
  console.log('Server and client secrets match:');
  console.log(Sc.toString() == Ss.toString());

  </script>

</head>

</html>

Further Reading

  • RFC 2945 - The SRP Authentication and Key Exchange System
  • RFC 5054 - Using the Secure Remote Password (SRP) Protocol for TLS Authentication

License

This library is released under the MPL.

About

An RFC 5054-compatible SRP Client for Javascript.

Resources

Readme

License

MPL-2.0 license
Activity
Custom properties

Stars

67 stars

Watchers

8 watching

Forks

12 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages