{"id":36483758,"url":"https://github.com/fmitra/srp","last_synced_at":"2026-01-15T02:48:51.187Z","repository":{"id":57552200,"uuid":"163287953","full_name":"fmitra/srp","owner":"fmitra","description":"A Go implementation of the Secure Remote Password Protocol (SRP)","archived":false,"fork":false,"pushed_at":"2019-02-10T12:56:17.000Z","size":76,"stargazers_count":3,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2026-01-12T03:08:16.592Z","etag":null,"topics":["srp"],"latest_commit_sha":null,"homepage":"https://godoc.org/github.com/fmitra/srp","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fmitra.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-12-27T11:44:24.000Z","updated_at":"2024-07-16T11:59:59.000Z","dependencies_parsed_at":"2022-09-26T18:50:36.369Z","dependency_job_id":null,"html_url":"https://github.com/fmitra/srp","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/fmitra/srp","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fmitra%2Fsrp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fmitra%2Fsrp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fmitra%2Fsrp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fmitra%2Fsrp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fmitra","download_url":"https://codeload.github.com/fmitra/srp/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fmitra%2Fsrp/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28441543,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-15T00:55:22.719Z","status":"online","status_checked_at":"2026-01-15T02:00:08.019Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["srp"],"created_at":"2026-01-12T01:06:50.754Z","updated_at":"2026-01-15T02:48:51.181Z","avatar_url":"https://github.com/fmitra.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Build Status](https://travis-ci.org/fmitra/srp.svg?branch=master)](https://travis-ci.org/fmitra/srp) [![Report Card](https://goreportcard.com/badge/github.com/fmitra/srp)](https://goreportcard.com/badge/github.com/fmitra/srp) [![codecov](https://codecov.io/gh/fmitra/srp/branch/master/graph/badge.svg)](https://codecov.io/gh/fmitra/srp)\n\n# srp\n\nA Go implementation of the Secure Remote Password Protocol (SRP)\n\n## Overview\n\nThis package implements SRP as defined in RFC 2945 and RFC 5054.\n\n[RFC 2945: The SRP Authentication and Key Exchange System](https://tools.ietf.org/html/rfc2945)\n\n[RFC 5054:  Using the Secure Remote Password (SRP) Protocol for TLS Authentication](https://tools.ietf.org/html/rfc5054)\n\n## Usage\n\nThis package exposes several methods defined in `AuthClient` and `AuthServer` interfaces\nto complete the authentication flow. It offers a default Client and Server set to use\nSHA256 as the hashing algorithm and the 4096 prime value group from [RFC 5054 Section 3.2](https://tools.ietf.org/html/rfc5054#section-3.2).\n\n```\nc, _ := NewDefaultClient(\"username\", \"password\")\ns, _ := NewDefaultServer()\n```\n\nYou can pass your own hashing algorithm or prime value group as well.\n\n```\ng, _ := NewGroup(Group8192)\nc, _ := NewClient(crypto.SHA512, g, \"username\", \"password\")\ns, _ := NewServer(crypto.SHA512, g)\n```\n\nThis package provides the tooling to enroll and validate a user. **Using this library\nhowever will still require you to**:\n\n* Securely store client submitted credentials during registration.\nThis includes *username*, *salt*, *verifier*\n* Retreive user *salt* and *verifier* during authentication.\n\n### Authentication Overview\n\nA detailed overview on authentication can be found on [RFC 2945 Page 3](https://tools.ietf.org/html/rfc2945).\nIn general, we implement the following flow where:\n\n* a, A: Client ephemeral private and public key (*big.Int)\n* b, B: Server ephemeral private and public key (*big.Int)\n* K: PremasterKey (A shared key generated by both Client and Server (*big.Int)\n* M1: Client proof of K generation (*big.Int)\n* M2: Server proof of K generation (*big.Int)\n\n```\nClient                        Server\n----------                    ----------\nCalculate a, A\nI, A              ---------\u003e\n                              Calculate b, B\n                  \u003c---------  B, s\nCalculate K, M1\nM1                ---------\u003e  Calculate K, M2\n                              Confirm M2\n                  \u003c---------  M2\nConfirm M2\n```\n\nAt each stage of the auth flow, client/server will receive/return several credentails\n(ex. salt, verifier, proof, public keys) to move forward with the premasterkey\ncalculation.\n\n### Registration\n\n* Client generates username, salt, verifier\n\n```\nuname, salt, verifier, err := c.Enroll()\n```\n\n* Server accepts credentials. Persisting this data is outside the scope of\nthis package. The verifier value acts as the server's long term secret value\nfor the user. It is never transmitted back after this.\n\n```\nisEnrolled := s.ProcessEnroll(uname, salt, verifier)\n```\n\n### Authentication\n\n* Client generates a new public key and username used during enrollment\n\n```\nuname, cPubKey := c.Auth()\n```\n\n* Server receives credentials from the client. On success, it will generate\nits own public key and return the salt used during registration.\n\n```\n# You will need to implement this\nsalt, verifier := RetrieveThisFromSomeStorage()\n\n# On success we will receive the salt and ephemeral public key for the client\nsPubKey, salt, err := s.ProcessAuth(uname, salt, cPubKey, verifier)\n```\n\n* Client receives salt and ephemeral public key from server. It then generates\nproof of its identity to send back to the server.\n\n```\ncProof, err := c.ProveIdentity(sPubKey, salt)\n```\n\n* Server receives the client's proof of identity. If valid, it will return it's\nown proof for the client.\n\n```\nsProof, err := s.ProcessProof(cProof)\n```\n\n* If the server successfully validated the client proof, it will generate it's\nown proof that the client may validate.\n\n```\nisServerValid := c.IsProofValid(sProof)\n```\n\nValidation of both the server and client proof ensures that they both calculated\nthe same `PremasterKey`. At this point you may authenticate the user or use the\nshared key as part of your authentication protocol.\n\n## Test\n\nTests rely on testify's assert library. It should install automatically if this\nproject is stored outside of your GOPATH. If it is inside GOPATH, you first need\nto enable module support.\n\n```\nexport GO111MODULE=on\n```\n\nRun tests\n\n```\nmake test\n```\n\n## Lint\n\n*golangci-lint* is used for linting. To install (OSX)\n\n```\nbrew install golangci/tap/golangci-lint\n```\n\nRun linter\n\n```\nmake lint\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffmitra%2Fsrp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffmitra%2Fsrp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffmitra%2Fsrp/lists"}