Nimbus SRP command-line tools

Tools for testing and debugging Secure Remote Password (SRP-6a) applications

As of version 1.3 Nimbus SRP includes command-line tools for easy testing and debugging of applications using Secure Remote Password (SRP) authentication.

  • SRP-6a client Interactive command-line tool for generating password verifiers and performing client-side SRP-6a authentication. Can be used to test and debug server-side SRP authentication APIs.

  • SRP-6a server Interactive command-line tool for performing server-side SRP-6a authentication. Can be used to test and debug SRP client implementations.

To run the SRP-6a client tool:

java -jar srp-client.jar

To run the SRP-6a server tool:

java -jar srp-server.jar

Example Secure Remote Password authentication session

Here is an example run of a Secure Remote Password authentication session using the command-line client and server tools.

Note that we must use the exact same crypto parameters (prime 'N', generator 'g' and hash algorithm 'H') throughout the whole process, else SRP authentication will fail.

Generate password salt and verifier

We begin by starting the client to generate a password salt 's' and verifier 'v' for the authenticating user.

Start the SRP-6a client:

java -jar srp-client.jar

Select the client mode to generate a new password salt 's' and verifier 'v':

*** Nimbus SRP-6a client / verifier generator ***

Choose mode:
        1 = generate password verifier
        2 = client auth session

Your choice [1]: 1

Select the preferred crypto parameters. The subsequent client and server authentication sessions must use the exact same parameters, else the process will fail.

Initialize verifier generator
        Enter prime 'N' (hex):
                1 = select precomputed 256-bit
                2 = select precomputed 512-bit
                3 = select precomputed 768-bit
                4 = select precomputed 1024-bit
                5 = enter prime 'N' and generator 'g'

        Your choice [1]: 1

        Selected prime 'N' (hex): 115b8b692e0e045692cf280b436735c77a5a9e8a9e7ed56c965f87db5b2a2ece3
        Selected generator 'g' (hex): 2

        Enter hash algorithm 'H' [SHA-1]: SHA-1

We then provide the user identity 'I' and password 'P'.

Enter user identity 'I': [email protected]
Enter user password 'P': secret

Generate a random salt 's' of some specified byte size:

Enter preferred salt 's' byte size [16]: 16
Generated salt 's' (hex): 6eb9e27471b8fdcc95699ba4def5dfe0

All parameters are supplied now, so the tool can compute the password verifier 'v'.

Computed password verifier 'v' (hex): 5ba14ea52624d1229efa041802e9b58e978d4d4d64fbe384f0f324a98d7518b9

Record the output salt 's' and the verifier 'v', e.g. by copying them to the computer clipboard. In a real-world scenario these are submitted to the authenticating SRP-6a server and stored there, indexed by user identity 'I', to handle subsequest login requests for [email protected].

The actual SRP authentication session

Now that we have a user [email protected] with generated password salt 's' and verifier 'v' we proceed to the actual authentication session.

Start the SRP client:

java -jar srp-client.jar

Begin a new client SRP authentication session:

*** Nimbus SRP-6a client / verifier generator ***

Choose mode:
        1 = generate password verifier
        2 = client auth session

Your choice [1]: 2

Initialise the client session by entering the identity 'I' and password 'P' of the authenticating user.

Client session step 1
        Enter user identity 'I': [email protected]
        Enter user password 'P': secret

In a real-world scenario the client then sends the user identity 'I' to the server to make a new SRP authentication request.

Open a new CLI window and start the SRP server:

java -jar srp-server.jar

Initialise the SRP server session with the exact same crypto parameters we used for the verifier generation:

*** Nimbus SRP-6a server ***

Initialize server session
        Enter prime 'N' (hex):
                1 = select precomputed 256-bit
                2 = select precomputed 512-bit
                3 = select precomputed 768-bit
                4 = select precomputed 1024-bit
                5 = enter prime 'N' and generator 'g'

        Your choice [1]: 1

        Selected prime 'N' (hex): 115b8b692e0e045692cf280b436735c77a5a9e8a9e7ed56c965f87db5b2a2ece3
        Selected generator 'g' (hex): 2

        Enter hash algorithm 'H' [SHA-1]: SHA-1

We then go to step one of the SRP authentication process where the server has received a login request for [email protected]. If the user is found (in the server database) we enter their password salt 's' and generator 'v' (see above).

Server session step 1
        Enter user identity 'I': [email protected]
        Enter password salt 's' (hex): 6eb9e27471b8fdcc95699ba4def5dfe0
        Enter password verifier 'v' (hex): 5ba14ea52624d1229efa041802e9b58e978d4d4d64fbe384f0f324a98d7518b9

        Computed public server value 'B' (hex): 5f31b0eada8b7f3f3a5a4637bc9a8d95a886d18070b4f3ed97774b80978d9b98

The server completed step 1 by computing the public server value 'B'. We copy it to the clipboard in order to pass it to the next client session step.

Switch back to the client and provide the SRP crypto details, the password salt 's' and the public server value 'B':

Client session step 2
        Enter prime 'N' (hex):
                1 = select precomputed 256-bit
                2 = select precomputed 512-bit
                3 = select precomputed 768-bit
                4 = select precomputed 1024-bit
                5 = enter prime 'N' and generator 'g'

        Your choice [1]: 1

        Selected prime 'N' (hex): 115b8b692e0e045692cf280b436735c77a5a9e8a9e7ed56c965f87db5b2a2ece3
        Selected generator 'g' (hex): 2

        Enter hash algorithm 'H' [SHA-1]: SHA-1

        Enter salt 's' (hex): 6eb9e27471b8fdcc95699ba4def5dfe0

        Enter public server value 'B' (hex): 5f31b0eada8b7f3f3a5a4637bc9a8d95a886d18070b4f3ed97774b80978d9b98

        Computed public value 'A' (hex): 708b3bf78795e8fc5258ba494678b05b6b3d56ae24a321c3a830ab1c1c63eaad
        Computed evidence message 'M1' (hex): 2d579fedefa5b2fe5b46ec7520ad0122d3898622

The client completed step 2 by computing and returning its own public value 'A' and evidence message 'M1'. We copy these values to the clipboard and switch to the server CLI window.

Server session step 2
        Enter client public value 'A' (hex): 708b3bf78795e8fc5258ba494678b05b6b3d56ae24a321c3a830ab1c1c63eaad
        Enter client evidence message 'M1' (hex): 2d579fedefa5b2fe5b46ec7520ad0122d3898622

        Computed server evidence message 'M2 (hex): 515520460aa6562a1d8b9adac31bb319fb25e6a1

Client authentication successfully completed

If the client public value 'A' and evidence message 'M1' were correct (i.e. the password was correct) the server will indicate successful authentication and return its own evidence message 'M2'.

If the entered user password is incorrect the resulting 'A' and 'M1' would also be incorrect and authentication will fail with the following message:

Server session step 2
        Enter client public value 'A' (hex): c4b65202dee309470b4107524b8eca6977684d1cf785879d862ed106de1ecc19
        Enter client evidence message 'M1' (hex): ab7a67b0fe743257cddb1ed28c9ae132b49ca09a
Bad client credentials

Finally, we switch to the client window and enter the server 'M2' to complete the mutual authentication.

Client session step 3
        Enter server evidence message 'M2' (hex): 515520460aa6562a1d8b9adac31bb319fb25e6a1

Mutual authentication successfully completed