fast-srp-hap

Secure Remote Password (SRP)

Usage no npm install needed!

<script type="module">
  import fastSrpHap from 'https://cdn.skypack.dev/fast-srp-hap';
</script>

README

fast-srp-hap

NPM-Version NPM-Downloads Node-CI Coverage Status

Is a pure NodeJS implementation of the SRP6a protocol.

It's a derived work of Jed Parson's node-srp and Tom Wu's jsbn.

Full documentation can be found here.

Creating the Verifier

import { SRP } from 'fast-srp-hap';

/**
 * Computes the verifier of a user. Only needed to add the user to the auth system.
 *
 * @param {string} I Username to compute verifier
 * @param {string} P Password
 * @return {Promise<{salt: Buffer, verifier: Buffer}>}
 */
async function srp6a_create_user(I: string, P: string) {
  const salt = await SRP.genKey(32);
  
  return {
    // The salt is required for authenticating the user later
    salt,
    verifier: SRP.computeVerifier(SRP.params[4096], salt, Buffer.from(I), Buffer.from(P)),
  };
}

await srp6a_create_user('Zarmack Tanen', '*****').then(({salt, verifier}) => {
  console.log('SRP6a verifier and salt of Zarmack Tanen user is %s and %s',
    verifier.toString('hex'), salt.toString('hex'));
});

Server

import {SRP, SrpServer} from 'fast-srp-hap';

(async () => {
  // Get the user details from somewhere
  const user = {
    username: 'username', // Or a Buffer

    // If we have the plaintext password
    salt: await SRP.genKey(32),
    password: 'password', // Or a Buffer
    
    // If we have a saved verifier
    salt: Buffer.from('...'),
    verifier: Buffer.from('...'),
  };

  // Generate a secret key
  const secret = await SRP.genKey(32);

  const server = new SrpServer(SRP.params[3076], user, secret); // For Apple SRP use params.hap

  // ...
})();