https://github.com/kong/go-srp
Secure Remote Password library for Go
https://github.com/kong/go-srp
Last synced: about 1 month ago
JSON representation
Secure Remote Password library for Go
- Host: GitHub
- URL: https://github.com/kong/go-srp
- Owner: Kong
- License: mit
- Created: 2016-11-08T19:36:54.000Z (almost 9 years ago)
- Default Branch: master
- Last Pushed: 2022-10-05T06:17:58.000Z (about 3 years ago)
- Last Synced: 2025-08-15T04:28:46.169Z (about 2 months ago)
- Language: Go
- Homepage: https://godoc.org/github.com/getinsomnia/go-srp
- Size: 13.7 KB
- Stars: 45
- Watchers: 5
- Forks: 13
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# go-srp
[](https://travis-ci.org/kong/go-srp)
[](https://godoc.org/github.com/kong/go-srp)
_NOTE: This is a port of [node-srp](https://github.com/mozilla/node-srp) to Go. I recommend
reading their README for general information about the use of SRP._
## Installation
```
go get github.com/kong/go-srp
```
## Usage
View [GoDoc](https://godoc.org/github.com/kong/go-srp) for full details
To use SRP, first decide on they parameters you will use. Both client and server must
use the same set.
```go
params := srp.GetParams(2048)
```
### Account Creation
To create a new account, generate a verifier from the client, and store it
on the server.
```go
verifier := srp.ComputeVerifier(params, salt, identity, password)
```
### Login
From the client... generate a new secret key, initialize the client, and compute A.
Once you have A, you can send A to the server.
```go
secret1 := srp.GenKey()
client := NewClient(params, salt, identity, secret, a)
srpA := client.computeA()
sendToServer(srpA)
```
From the server... generate another secret key, initialize the server, and compute B.
Once you have B, you can send B to the client.
```go
secret2 := srp.GenKey()
server := NewServer(params, verifier, secret2)
srpB := client.computeB()
sendToClient(srpB)
```
Once the client received B from the server, it can compute M1 based on A and B.
Once you have M1, send M1 to the server.
```go
client.setB(srpB)
srpM1 := client.ComputeM1()
sendM1ToServer(srpM1)
```
Once the server receives M1, it can verify that it is correct. If checkM1() returns
an error, authentication failed. If it succeeds it should be sent to the client.
```go
srpM2, err := server.checkM1(srpM1)
```
Once the client receives M2, it can verify that it is correct, and know that authentication
was successful.
```go
err = client.CheckM2(serverM2)
````
Now that both client and server have completed a successful authentication, they can
both compute K independently. K can now be used as either a key to encrypt communication
or as a session ID.
```go
clientK := client.ComputeK()
serverK := server.ComputeK()
```
## Running Tests
```
go test
```
_Tests include vectors from
[RFC 5054, Appendix B.](https://tools.ietf.org/html/rfc5054#appendix-B)_
## Licence
MIT