Package Exports

fast-srp-hap

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (fast-srp-hap) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

fast-srp-hap

NPM-Version NPM-Downloads

Is a pure NodeJS implementation of the SRP6a protocol.

It's a derived work of Jed Parson's node-srp and Tom Wu's jsbn.

Creating the Verifier

import { SRP } from 'fast-srp-hap';

/**
 * Computes the verifier of a user. Only needed to add the user to the auth system.
 *
 * @param {string} I Username to compute verifier
 * @param {string} P Password
 * @return {Promise<{salt: Buffer, verifier: Buffer}>}
 */
async function srp6a_create_user(I: string, P: string) {
  const salt = await SRP.genKey(32);
  
  return {
    // The salt is required for authenticating the user later
    salt,
    verifier: SRP.computeVerifier(SRP.params[4096], salt, Buffer.from(I), Buffer.from(P)),
  };
}

await srp6a_create_user('Zarmack Tanen', '*****').then(({salt, verifier}) => {
  console.log('SRP6a verifier and salt of Zarmack Tanen user is %s and %s',
    verifier.toString('hex'), salt.toString('hex'));
});

Server

import {SRP, SrpServer} from 'fast-srp-hap';

(async () => {
  // Get the user details from somewhere
  const user = {
    username: 'username', // Or a Buffer

    // If we have the plaintext password
    salt: await SRP.genKey(32),
    password: 'password', // Or a Buffer
    
    // If we have a saved verifier
    salt: Buffer.from('...'),
    verifier: Buffer.from('...'),
  };

  // Generate a secret key
  const secret = await SRP.genKey(32);

  const server = new SrpServer(SRP.params[3076], user, secret); // For Apple SRP use params.hap

  // ...
})();