Nimbus SRP
Specification
Secure Remote Password (SPR) protocol
Nimbus SRP is a Java implementation of revision 6a of the Secure Remote Password protocol (2002):
- Verifier generation
- Client-side authentication
- Server-side authentication
The default routines for computing the various protocol variables and messages comply with RFC 5054 (SRP for TLS), with the following exceptions / additions:
- The computation of the password key 'x' is modified to omit the user identity 'I' in order to allow for server-side user identity renaming as well as authentication with multiple alternate identities.
- Adds routines for computing the evidence messages 'M1' and 'M2', according to Tom Wu's paper "SRP-6: Improvements and refinements to the Secure Remote Password protocol", table 5, from 2002.
The library provides interfaces for plugging in custom routines for the password key 'x' and the client and server evidence messages 'M1' and 'M2'.
Configuration
The verifier generator supports the following configuration settings:
- Preferred crypto parameters safe prime 'N' and generator 'g'.
- Choice of hash algorithm.
- Custom password key 'x' routine.
The client and server session classes support the following configuration settings:
- Preferred crypto parameters safe prime 'N' and generator 'g'.
- Choice of hash algorithm.
- Configurable session timeouts.
- Custom password key 'x' routine.
- Custom client evidence message 'M1' routine.
- Custom server evidence message 'M2' routine.
Change log
- version 1.0 (2011-10-31)
- First release.
- version 1.1 (2011-11-09)
- Adds a convenient verifier 'v' generator class.
- Adds interfaces to allow definition of custom routines for the password key 'x', the server evidence message 'M1' and the client evidence message 'M2'.
- version 1.2 (2011-11-18)
- Enables storage of arbitrary SRP-6a auth session attributes.
- Adds session 'A', 'B', 'M1' and 'M2' getter methods.
- version 1.3 (2011-11-28)
- Adds command-line SRP-6a verifier generator, server and client.