gnu.crypto.key.srp6

Class SRP6KeyAgreement

public abstract class SRP6KeyAgreement extends BaseKeyAgreementParty

The Secure Remote Password (SRP) key agreement protocol, also known as SRP-6, is designed by Thomas J. Wu (see references). The protocol, and its elements are described as follows:

 N    A large safe prime (N = 2q+1, where q is prime)
      All arithmetic is done modulo N.
 g    A generator modulo N
 s    User's salt
 I    Username
 p    Cleartext Password
 H()  One-way hash function
 ^    (Modular) Exponentiation
 u    Random scrambling parameter
 a,b  Secret ephemeral values
 A,B  Public ephemeral values
 x    Private key (derived from p and s)
 v    Password verifier

 The host stores passwords using the following formula:
 x = H(s | H(I ":" p))           (s is chosen randomly)
 v = g^x                   (computes password verifier)

 The host then keeps {I, s, v} in its password database.

 The authentication protocol itself goes as follows:
 User -> Host:  I, A = g^a         (identifies self, a = random number)
 Host -> User:  s, B = 3v + g^b    (sends salt, b = random number)

 Both:  u = H(A, B)

 User:  x = H(s, p)                (user enters password)
 User:  S = (B - 3g^x) ^ (a + ux)  (computes session key)
 User:  K = H(S)

 Host:  S = (Av^u) ^ b             (computes session key)
 Host:  K = H(S)
 

Reference:

  1. SRP Protocol Design
    Thomas J. Wu.

Version: $Revision: 1.3 $

Field Summary
protected BigIntegerg
static StringGENERATOR
static StringHASH_FUNCTION
static StringHOST_PASSWORD_DB
protected BigIntegerK
The shared secret key.
protected BigIntegerN
protected SRPsrp
static StringSHARED_MODULUS
static StringSOURCE_OF_RANDOMNESS
protected static BigIntegerTHREE
static StringUSER_IDENTITY
static StringUSER_PASSWORD
Constructor Summary
protected SRP6KeyAgreement()
Method Summary
protected voidengineReset()
protected byte[]engineSharedSecret()
protected BigIntegeruValue(BigInteger A, BigInteger B)

Field Detail

g

protected BigInteger g

GENERATOR

public static final String GENERATOR

HASH_FUNCTION

public static final String HASH_FUNCTION

HOST_PASSWORD_DB

public static final String HOST_PASSWORD_DB

K

protected BigInteger K
The shared secret key.

N

protected BigInteger N

srp

protected SRP srp

SHARED_MODULUS

public static final String SHARED_MODULUS

SOURCE_OF_RANDOMNESS

public static final String SOURCE_OF_RANDOMNESS

THREE

protected static final BigInteger THREE

USER_IDENTITY

public static final String USER_IDENTITY

USER_PASSWORD

public static final String USER_PASSWORD

Constructor Detail

SRP6KeyAgreement

protected SRP6KeyAgreement()

Method Detail

engineReset

protected void engineReset()

engineSharedSecret

protected byte[] engineSharedSecret()

uValue

protected BigInteger uValue(BigInteger A, BigInteger B)
Copyright © 2001, 2002, 2003 Free Software Foundation, Inc. All Rights Reserved.