Secure Remote Password for JavaScript
A modern SRP implementation for Node.js and Web Browsers.
Installation
npm install --save secure-remote-passwordUsage
Signing up
When creating an account with the server, the client will provide a salt and a verifier for the server to store. They are calculated by the client as follows:
const srp = // These should come from the user signing upconst username = 'linus@folkdatorn.se'const password = '$uper$ecure' const salt = srpconst privateKey = srpconst verifier = srp console//=> FB95867E... console//=> 9392093F... // Send `username`, `salt` and `verifier` to the servernote: derivePrivateKey is provided for completeness with the SRP 6a specification. It is however recommended to use some form of "slow hashing", like PBKDF2, to reduce the viability of a brute force attack against the verifier.
Logging in
Authenticating with the server involves mutliple steps.
1 - The client generates a secret/public ephemeral value pair.
const srp = // This should come from the user logging inconst username = 'linus@folkdatorn.se' const clientEphemeral = srp console//=> DE63C51E... // Send `username` and `clientEphemeral.public` to the server2 - The server receives the client's public ephemeral value and username. Using the username we retrieve the salt and verifier from our user database. We then generate our own ephemeral value pair.
note: if no user cannot be found in the database, a bogus salt and ephemeral value should be returned, to avoid leaking which users have signed up
const srp = // This should come from the user databaseconst salt = 'FB95867E...'const verifier = '9392093F...' const serverEphemeral = srp console//=> DA084F5C... // Store `serverEphemeral.secret` for later use// Send `salt` and `serverEphemeral.public` to the client3 - The client can now derive the shared strong session key, and a proof of it to provide to the server.
const srp = // This should come from the user logging inconst password = '$uper$ecret' const privateKey = srpconst clientSession = srp console//=> 2A6FF04E... console//=> 6F8F4AC3 // Send `clientSession.proof` to the server4 - The server is also ready to derive the shared strong session key, and can verify that the client has the same key using the provided proof.
const srp = // Previously stored `serverEphemeral.secret`const serverSecretEphemeral = '784D6E83...' const serverSession = srp console//=> 2A6FF04E... console//=> 92561B95 // Send `serverSession.proof` to the client5 - Finally, the client can verify that the server have derived the correct strong session key, using the proof that the server sent back.
const srp = srp // All done!API
Client
const Client = Client.generateSalt() => string
Generate a salt suitable for computing the verifier with.
Client.derivePrivateKey(salt, username, password) => string
Derives a private key suitable for computing the verifier with.
Client.deriveVerifier(privateKey) => string
Derive a verifier to be stored for subsequent authentication atempts.
Client.generateEphemeral() => { secret: string, public: string }
Generate ephemeral values used to initiate an authentication session.
Client.deriveSession(clientSecretEphemeral, serverPublicEphemeral, salt, username, privateKey) => { key: string, proof: string }
Comptue a session key and proof. The proof is to be sent to the server for verification.
Client.verifySession(clientPublicEphemeral, clientSession, serverSessionProof) => void
Verifies the server provided session proof. Throws an error if the session proof is invalid.
Server
const Server = generateEphemeral(verifier)
Generate ephemeral values used to continue an authentication session.
deriveSession(serverSecretEphemeral, clientPublicEphemeral, salt, username, verifier, clientSessionProof)
Comptue a session key and proof. The proof is to be sent to the client for verification.
Throws an error if the session proof from the client is invalid.