- Notifications
You must be signed in to change notification settings - Fork20
Secure Remote Password (SRP) for Swift
License
Bouke/SRP
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
Secure Remote Password is a authentication protocol to prove your identity toanother party, using a password, but without ever revealing that password toother parties. Not even the party you are proving your identity. SeeSecure Remote Password protocol for more information on this protocol.
// This is a database of users, along with their salted verification keysletuserStore:[String:(salt:Data, verificationKey:Data)]=["alice":createSaltedVerificationKey(username:"alice", password:"password123"),"bob":createSaltedVerificationKey(username:"bob", password:"qwerty12345"),]// Alice wants to authenticate, she sends her username to the server.letclient=Client(username:"alice", password:"password123")let(username, clientPublicKey)= client.startAuthentication()letserver=Server( username: username, salt:userStore[username]!.salt, verificationKey:userStore[username]!.verificationKey)// The server shares Alice's salt and its public key (the challenge).let(salt, serverPublicKey)= server.getChallenge()// Alice generates a sessionKey and proofs she generated the correct// session key based on her password and the challenge.letclientKeyProof=try client.processChallenge(salt: salt, publicKey: serverPublicKey)// The server verifies Alices' proof and generates their proof.letserverKeyProof=try server.verifySession(publicKey: clientPublicKey, keyProof: clientKeyProof)// The client verifies the server's proof.try client.verifySession(keyProof: serverKeyProof)// At this point, authentication has completed.assert(server.isAuthenticated)assert(client.isAuthenticated)// Both now have the same session key. This key can be used to encrypt// further communication between client and server.assert(server.sessionKey== client.sessionKey)
More information can be found in thedocumentation.
Swift 4 is required with version 3 of this package. Use version 2 if you needSwift 3 compatibility.
I like to believe this implementation correctly implements the RFC.However not all implementations do and might result in not being able toauthenticate accross implementations. And subtle differences might result inlow failure rates due to the randomness this protocol includes.
This project includes unit tests. A few compiler flags are required to run the tests swiftly:
swift test -c release -Xswiftc -enable-testing- RFC 2945 - The SRP Authentication and Key Exchange System
- RFC 5054 - Using the Secure Remote Password (SRP) Protocol for TLS Authentication
This library was written byBouke Haarsma.
About
Secure Remote Password (SRP) for Swift