Product
Introducing License Enforcement in Socket
Ensure open-source compliance with Socket’s License Enforcement Beta. Set up your License Policy and secure your software!
Library for Secure Remote Password (SRP) exchanges.
###SRP.generateVerifier(password, options)
Generate a new SRP verifier. Password is the plaintext password.
options
is optional and can include:
identity
: String
. The SRP username to user. Mostly this is passed in for testing. Random UUID if not provided.salt
: String
. A salt to use. Mostly this is passed in for testing. Random UUID if not provided.###SRP.Client
Generate a new SRP client object. Password is the plaintext password.
options
is optional and can include:
a
: client's private ephemeral value. String
or BigInteger. Normally, this is picked randomly, but it can be passed in for testing.###SRP.Client.startExchange()
Initiate an SRP exchange.
returns { A: 'client public ephemeral key. hex encoded integer.' }
###SRP.Client.prototype.respondToChallenge(challenge)
Respond to the server's challenge with a proof of password.
challenge is an object with
B
: server public ephemeral key. hex encoded integer.identity
: user's identity (SRP username).salt
: user's salt.returns { M: 'client proof of password. hex encoded integer.' }
throws an error if it got an invalid challenge.
###SRP.Client.verifyConfirmation(confirmation)
Verify server's confirmation message.
confirmation is an object with
HAMK
: server's proof of password.returns true or false.
###SRP.Server(verifier, options)
Generate a new SRP server object.
options is optional and can include:
b
: server's private ephemeral value. String
or BigInteger
. Normally, this is picked randomly, but it can be passed in for testing.###SRP.Server.issueChallenge(request)
Issue a challenge to the client.
Takes a request from the client containing:
A
: hex encoded int.Returns a challenge with:
B
: server public ephemeral key. hex encoded integer.identity
: user's identity (SRP username).salt
: user's salt.Throws an error if issued a bad request.
###SRP.Server.verifyResponse(response)
Verify a response from the client and return confirmation.
Takes a challenge response from the client containing:
M
: client proof of password. hex encoded int.Returns a confirmation if the client's proof is good:
HAMK
: server proof of password. hex encoded integer.
OR null
if the client's proof doesn't match.###_defaults
/**
* Default parameter values for SRP.
*
*/
var _defaults = {
hash: function (x) { return SHA256(x).toLowerCase(); },
N: new BigInteger("EEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C9C256576D674DF7496EA81D3383B4813D692C6E0E0D5D8E250B98BE48E495C1D6089DAD15DC7D7B46154D6B6CE8EF4AD69B15D4982559B297BCF1885C529F566660E57EC68EDBC3C05726CC02FD4CBF4976EAA9AFD5138FE8376435B9FC61D2FC0EB06E3", 16),
g: new BigInteger("2")
};
_defaults.k = new BigInteger(
_defaults.hash(
_defaults.N.toString(16) +
_defaults.g.toString(16)),
16);
###paramsFromOptions
/**
* Process an options hash to create SRP parameters.
*
* Options can include:
* - hash: Function. Defaults to SHA256.
* - N: String or BigInteger. Defaults to 1024 bit value from RFC 5054
* - g: String or BigInteger. Defaults to 2.
* - k: String or BigInteger. Defaults to hash(N, g)
*/
var paramsFromOptions = function (options) {
if (!options) // fast path
return _defaults;
var ret = _.extend({}, _defaults);
_.each(['N', 'g', 'k'], function (p) {
if (options[p]) {
if (typeof options[p] === "string")
ret[p] = new BigInteger(options[p], 16);
else if (options[p] instanceof BigInteger)
ret[p] = options[p];
else
throw new Error("Invalid parameter: " + p);
}
});
if (options.hash)
ret.hash = function (x) { return options.hash(x).toLowerCase(); };
if (!options.k && (options.N || options.g || options.hash)) {
ret.k = ret.hash(ret.N.toString(16) + ret.g.toString(16));
}
return ret;
};
FAQs
Node packaging of Meteor's SRP implementation
We found that ddp-srp demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Ensure open-source compliance with Socket’s License Enforcement Beta. Set up your License Policy and secure your software!
Product
We're launching a new set of license analysis and compliance features for analyzing, managing, and complying with licenses across a range of supported languages and ecosystems.
Product
We're excited to introduce Socket Optimize, a powerful CLI command to secure open source dependencies with tested, optimized package overrides.