{"id":16420685,"url":"https://github.com/bouke/srp","last_synced_at":"2025-07-24T17:11:21.592Z","repository":{"id":48824871,"uuid":"66755568","full_name":"Bouke/SRP","owner":"Bouke","description":"Secure Remote Password (SRP) for Swift","archived":false,"fork":false,"pushed_at":"2022-11-24T07:47:10.000Z","size":362,"stargazers_count":61,"open_issues_count":0,"forks_count":21,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-07-06T13:50:38.717Z","etag":null,"topics":["authentication","encryption","password","rfc-2945","rfc-5054","security","srp","srp-6a","swift"],"latest_commit_sha":null,"homepage":"http://boukehaarsma.nl/SRP","language":"Swift","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Bouke.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-08-28T07:29:41.000Z","updated_at":"2025-04-21T21:38:58.000Z","dependencies_parsed_at":"2022-09-12T03:51:16.952Z","dependency_job_id":null,"html_url":"https://github.com/Bouke/SRP","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/Bouke/SRP","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Bouke%2FSRP","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Bouke%2FSRP/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Bouke%2FSRP/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Bouke%2FSRP/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Bouke","download_url":"https://codeload.github.com/Bouke/SRP/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Bouke%2FSRP/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266876345,"owners_count":23999229,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-24T02:00:09.469Z","response_time":99,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","encryption","password","rfc-2945","rfc-5054","security","srp","srp-6a","swift"],"created_at":"2024-10-11T07:28:45.867Z","updated_at":"2025-07-24T17:11:21.544Z","avatar_url":"https://github.com/Bouke.png","language":"Swift","funding_links":[],"categories":[],"sub_categories":[],"readme":"Secure Remote Password (SRP) for Swift\n======================================\n\nSecure Remote Password is a authentication protocol to prove your identity to\nanother party, using a password, but without ever revealing that password to\nother parties. Not even the party you are proving your identity. See [Secure Remote Password protocol][5] for more information on this protocol.\n\n![CI status](https://github.com/Bouke/SRP/workflows/Test/badge.svg)\n\n## Example usage\n\n```swift\n// This is a database of users, along with their salted verification keys\nlet userStore: [String: (salt: Data, verificationKey: Data)] = [\n    \"alice\": createSaltedVerificationKey(username: \"alice\", password: \"password123\"),\n    \"bob\": createSaltedVerificationKey(username: \"bob\", password: \"qwerty12345\"),\n]\n\n// Alice wants to authenticate, she sends her username to the server.\nlet client = Client(username: \"alice\", password: \"password123\")\nlet (username, clientPublicKey) = client.startAuthentication()\n\nlet server = Server(\n    username: username,\n    salt: userStore[username]!.salt,\n    verificationKey: userStore[username]!.verificationKey)\n\n// The server shares Alice's salt and its public key (the challenge).\nlet (salt, serverPublicKey) = server.getChallenge()\n\n// Alice generates a sessionKey and proofs she generated the correct\n// session key based on her password and the challenge.\nlet clientKeyProof = try client.processChallenge(salt: salt, publicKey: serverPublicKey)\n\n// The server verifies Alices' proof and generates their proof.\nlet serverKeyProof = try server.verifySession(publicKey: clientPublicKey, keyProof: clientKeyProof)\n\n// The client verifies the server's proof.\ntry client.verifySession(keyProof: serverKeyProof)\n\n// At this point, authentication has completed.\nassert(server.isAuthenticated)\nassert(client.isAuthenticated)\n\n// Both now have the same session key. This key can be used to encrypt\n// further communication between client and server.\nassert(server.sessionKey == client.sessionKey)\n```\n\nMore information can be found in the [documentation](http://boukehaarsma.nl/SRP).\n\n## Swift Compatibility\n\nSwift 4 is required with version 3 of this package. Use version 2 if you need \nSwift 3 compatibility.\n\n## Compatibility with other implementations\n\nI like to believe this implementation correctly implements the RFC.\nHowever not all implementations do and might result in not being able to\nauthenticate accross implementations. And subtle differences might result in\nlow failure rates due to the randomness this protocol includes.\n\n* Python: ❌ [srp][2] is not compatible; it doesn't correctly calculate `k`.\n* Python: ✅ [srptools][3] is compatible.\n\n## Development\n\n### Testing\n\nThis project includes unit tests. A few compiler flags are required to run the tests swiftly:\n\n    swift test -c release -Xswiftc -enable-testing\n\n## References\n\n* [RFC 2945 - The SRP Authentication and Key Exchange System][0]\n* [RFC 5054 - Using the Secure Remote Password (SRP) Protocol for TLS Authentication][1]\n\n## Credits\n\nThis library was written by [Bouke Haarsma][4].\n\n[0]: https://tools.ietf.org/html/rfc2945\n[1]: https://tools.ietf.org/html/rfc5054\n[2]: https://pypi.python.org/pypi/srp\n[3]: https://pypi.python.org/pypi/srptools\n[4]: https://twitter.com/BoukeHaarsma\n[5]: https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbouke%2Fsrp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbouke%2Fsrp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbouke%2Fsrp/lists"}