{"id":20525663,"url":"https://github.com/httpjamesm/secure-remote-password-js","last_synced_at":"2025-10-07T19:53:50.398Z","repository":{"id":261210401,"uuid":"883559790","full_name":"httpjamesm/secure-remote-password-js","owner":"httpjamesm","description":"Modern secure remote password library for Bun clients and servers","archived":false,"fork":false,"pushed_at":"2024-11-06T19:28:36.000Z","size":83,"stargazers_count":6,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-09-20T14:26:50.798Z","etag":null,"topics":["biginteger","bun","client","cryptography","javascript","pake","password","secure-remote-password","server","srp","typescript"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/httpjamesm.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-11-05T07:18:26.000Z","updated_at":"2025-08-28T20:20:03.000Z","dependencies_parsed_at":"2025-04-14T03:51:33.281Z","dependency_job_id":"783b76c5-e277-4437-bd85-4c505931f005","html_url":"https://github.com/httpjamesm/secure-remote-password-js","commit_stats":null,"previous_names":["httpjamesm/secure-remote-password-js"],"tags_count":0,"template":false,"template_full_name":"wobsoriano/bun-lib-starter","purl":"pkg:github/httpjamesm/secure-remote-password-js","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/httpjamesm%2Fsecure-remote-password-js","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/httpjamesm%2Fsecure-remote-password-js/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/httpjamesm%2Fsecure-remote-password-js/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/httpjamesm%2Fsecure-remote-password-js/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/httpjamesm","download_url":"https://codeload.github.com/httpjamesm/secure-remote-password-js/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/httpjamesm%2Fsecure-remote-password-js/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278838472,"owners_count":26054721,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-07T02:00:06.786Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["biginteger","bun","client","cryptography","javascript","pake","password","secure-remote-password","server","srp","typescript"],"created_at":"2024-11-15T23:08:43.351Z","updated_at":"2025-10-07T19:53:50.379Z","avatar_url":"https://github.com/httpjamesm.png","language":"TypeScript","readme":"# secure-remote-password-js\n\nThis is a client and server implementation of 1Password's [fantastic SRP library](https://github.com/1Password/srp) in TypeScript.\n\n[Bun](https://bun.sh) is recommended.\n\n## Installation\n\n```bash\nbun add secure-remote-password-js\n```\n\n## Usage\n\nSRP is a fascinating protocol. I highly recommend reading through [1Password's explainer](https://blog.1password.com/developers-how-we-use-srp-and-you-can-too/) to get familiar with its innerworkings and processes first.\n\n### Step 1: Pick a group\n\nThis library uses RFC 5054 groups between 2048 and 8192 bits. 4096 and above are highly recommended. Any lower is unlikely to be secure for the near future.\n\nOn your client and server, agree on a group:\n\n```typescript\nimport { knownGroups } from \"secure-remote-password-js\";\n\nconst group = knownGroups[4096];\n```\n\n### Step 2: Pick a KDF\n\nYou'll need a Key Derivation Function (KDF) to convert your password into a secure format. While this library includes a simple KDF for testing, you should use a strong KDF like Argon2id, bcrypt, or scrypt in production.\n\n[@phi-ag/argon2](https://github.com/phi-ag/argon2) is a great library for Argon2 in TS.\n\n```typescript\nimport { Argon2Type } from \"@phi-ag/argon2\";\nimport wasm from \"@phi-ag/argon2/argon2.wasm?url\";\nimport initialize from \"@phi-ag/argon2/fetch\";\n\nconst argon2 = await initialize(wasm);\nconst hash = argon2.hash(password, {\n  salt,\n  memoryCost: 64 * 1024,\n  timeCost: 1,\n  parallelism: 4,\n  hashLength: 32,\n  type: Argon2Type.Argon2id,\n});\n\nreturn hash;\n```\n\n### Step 3: Initialize SRP Client\n\nCreate an SRP client instance for both server and client sides:\n\n```typescript\nimport { SrpClient, knownGroups } from \"secure-remote-password-js\";\n\n// On client side\nconst client = new SrpClient(knownGroups[4096], x, undefined, \"client\");\n\n// On server side (using verifier)\nconst verifier = client.verifier(); // Generate this during registration\nconst server = new SrpClient(knownGroups[4096], verifier, undefined, \"server\");\n```\n\n### Step 4: Exchange Public Keys\n\nExchange ephemeral public keys between client and server:\n\n```typescript\n// Client generates and sends A to server\nconst clientPublicA = client.ephemeralPublic();\n\n// Server generates and sends B to client\nconst serverPublicB = server.ephemeralPublic();\n\n// Each side sets the other's public key\nclient.setOthersPublic(serverPublicB);\nserver.setOthersPublic(clientPublicA);\n```\n\n### Step 5: Generate Session Key\n\nBoth sides can now generate the shared session key:\n\n```typescript\n// On both client and server\nconst key = client.getKey(); // or server.getKey()\n```\n\n### Step 6: Verify Both Parties\n\nFinally, verify that both parties derived the same key:\n\n```typescript\n// Server generates proof and sends to client\nconst serverProof = server.computeM(salt, username);\nconst serverIsLegit = client.goodServerProof(salt, username, serverProof);\n\n// Client generates proof and sends to server\nconst clientProof = client.clientProof();\nconst clientIsLegit = server.goodClientProof(clientProof);\n\nif (serverIsLegit \u0026\u0026 clientIsLegit) {\n  // Both parties have authenticated successfully\n  // The shared key can now be used for secure communication\n}\n```\n\n### Encoding Notes\n\nWhen transporting data between client and server, you may choose to encode the data in hex, base64 or just utf-8 for big integers. Base64 is recommended for consistency.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhttpjamesm%2Fsecure-remote-password-js","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhttpjamesm%2Fsecure-remote-password-js","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhttpjamesm%2Fsecure-remote-password-js/lists"}