Secure Remote Password library for Go

Related tags

Security go-srp
Overview

go-srp

NOTE: This is a port of node-srp to Go. I recommend reading their README for general information about the use of SRP.

Installation

go get github.com/kong/go-srp

Usage

View GoDoc for full details

To use SRP, first decide on they parameters you will use. Both client and server must use the same set.

params := srp.GetParams(2048)

Account Creation

To create a new account, generate a verifier from the client, and store it on the server.

verifier := srp.ComputeVerifier(params, salt, identity, password)

Login

From the client... generate a new secret key, initialize the client, and compute A. Once you have A, you can send A to the server.

secret1 := srp.GenKey()
client := NewClient(params, salt, identity, secret, a)
srpA := client.computeA()

sendToServer(srpA)

From the server... generate another secret key, initialize the server, and compute B. Once you have B, you can send B to the client.

secret2 := srp.GenKey()
server := NewServer(params, verifier, secret2)
srpB := client.computeB()

sendToClient(srpB)

Once the client received B from the server, it can compute M1 based on A and B. Once you have M1, send M1 to the server.

client.setB(srpB)
srpM1 := client.ComputeM1()
sendM1ToServer(srpM1)

Once the server receives M1, it can verify that it is correct. If checkM1() returns an error, authentication failed. If it succeeds it should be sent to the client.

srpM2, err := server.checkM1(srpM1)

Once the client receives M2, it can verify that it is correct, and know that authentication was successful.

err = client.CheckM2(serverM2)

Now that both client and server have completed a successful authentication, they can both compute K independently. K can now be used as either a key to encrypt communication or as a session ID.

clientK := client.ComputeK()
serverK := server.ComputeK()

Running Tests

go test

Tests include vectors from RFC 5054, Appendix B.

Licence

MIT

Issues
  • About salt

    About salt

    Some programs return the salt after sending the login, not at the beginning. I suggest adding in the client.go

    func (c *SRPClient) SetSalt(salt, identity, password []byte) {
    	c.X = getx(c.Params, salt, identity, password) //Overwrite
    }
    
    opened by xdeng 1
  • Fork

    Fork

    Hi. Thanks a lot for your implementation. It saved me hours. I just made a fork of it and made it compatible with Apple's CoreCrypto implementation or SRP. Just wanted to know if you are OK if I make it public under my username in Github? And also wanted to know if you will merge if I make a pull request of that or not. I think you won't because it is not compatible with node-srp anymore. Regards

    opened by masihyeganeh 1
  • panic: crypto: requested hash function #5 is unavailable

    panic: crypto: requested hash function #5 is unavailable

    I get the following error when I create a new Client

    panic: crypto: requested hash function #5 is unavailable
    
    goroutine 1 [running]:
    crypto.Hash.New(0x5, 0x0, 0x0)
            C:/Go/src/crypto/crypto.go:89 +0x117
    github.com/getinsomnia/go-srp.getMultiplier(0xc0420464a0, 0x20)
            C:/Drive/Programming/go/src/github.com/getinsomnia/go-srp/srp.go:93 +0x3a
    github.com/getinsomnia/go-srp.NewClient(0xc0420464a0, 0xc04204a180, 0x20, 0x20, 0xc042067f10, 0x9, 0x20, 0xc042067ef0, 0x8, 0x20, ...)
            C:/Drive/Programming/go/src/github.com/getinsomnia/go-srp/client.go:23 +0x47
    main.main()
    
    opened by alwindoss 6
Owner
Kong
The Cloud Connectivity Company. Community Driven & Enterprise Adopted.
Kong
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Cossack Labs 1.5k Jun 20, 2022
:key: Idiotproof golang password validation library inspired by Python's passlib

passlib for go Python's passlib is quite an amazing library. I'm not sure there's a password library in existence with more thought put into it, or wi

Hugo Landau 267 Jun 10, 2022
A convenience library for generating, comparing and inspecting password hashes using the scrypt KDF in Go 🔑

simple-scrypt simple-scrypt provides a convenience wrapper around Go's existing scrypt package that makes it easier to securely derive strong keys ("h

Matt Silverlock 180 Jun 8, 2022
A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

age age is a simple, modern and secure file encryption tool, format, and library. It features small explicit keys, no config options, and UNIX-style c

Filippo Valsorda 10.8k Jun 29, 2022
A Go Library For Generating Random, Rule Based Passwords. Many Random, Much Secure.

Can Haz Password? A Go library for generating random, rule based passwords. Many random, much secure. Features Randomized password length (bounded). T

null 7 Dec 6, 2021
linenoise is a library that generates strings of random characters that can be used as reasonably secure passwords.

linenoise linenoise is a library that generates strings of random characters (herein called a "noise") that can be used as reasonably secure passwords

Mark Cornick 0 Nov 29, 2021
A light package for generating and comparing password hashing with argon2 in Go

argon2-hashing argon2-hashing provides a light wrapper around Go's argon2 package. Argon2 was the winner of the Password Hashing Competition that make

Andrey Skurlatov 17 Mar 29, 2022
Argon2 password hashing package for go with constant time hash comparison

argon2pw Argon2 password hashing package with constant time hash comparison Preface: Argon2 was selected as the winner of the Password Hashing Competi

Raja Bhatia 88 Jun 26, 2022
Password generator written in Go

go-generate-password Password generator written in Go. Use as a library or as a CLI. Usage CLI go-generate-password can be used on the cli, just insta

Miles Croxford 41 Jun 14, 2022
Validate the Strength of a Password in Go

go-password-validator Simple password validator using raw entropy values. Hit the project with a star if you find it useful ⭐ Supported by Qvault This

Lane Wagner 341 Jun 20, 2022
A simple Go script to brute force or parse a password-protected PKCS#12 (PFX/P12) file.

A simple Go script to brute force or parse a password-protected PKCS#12 (PFX/P12) file.

Evi1cg 32 Jun 12, 2022
EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptography methods, key files and more.

EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptograp

American Express 492 Jun 16, 2022
Not Yet Another Password Manager written in Go using libsodium

secrets Secure and simple passwords manager written in Go. It aims to be NYAPM (Not Yet Another Password Manager), but tries to be different from othe

Jarmo Pertman 28 May 30, 2022
password manager using age for encryption

page ====== password manager using age (https://age-encryption.org/) for encryption. encrypted secrets are files in the $PAGE_SECRETS/ directory that

null 5 May 30, 2022
Custom GPG pinentry program for macOS that allows using Touch ID for fetching the password from the macOS keychain.

pinentry-touchid Custom GPG pinentry program for macOS that allows using Touch ID for fetching the password from the macOS keychain. Macbook Pro devic

Jorge Luis Betancourt 209 Jun 18, 2022
A Go Module to interact with Passbolt, a Open source Password Manager for Teams

go-passbolt A Go Module to interact with Passbolt, a Open source Password Manager for Teams This Module tries to Support the Latest Passbolt Community

Samuel Lorch 10 May 13, 2022
ZipExec is a Proof-of-Concept (POC) tool to wrap binary-based tools into a password-protected zip file.

ZipExec ZipExec is a Proof-of-Concept (POC) tool to wrap binary-based tools into a password-protected zip file. This zip file is then base64 encoded i

Tylous 903 Jun 25, 2022
GoLang script that checks for password leaks by sending email address to the BreachDirectory API

GoLang script that checks for password leaks by sending email address to the BreachDirectory API

null 11 Feb 17, 2022