srptool — Simple SRP password tool
Very simple program that emulates the programs in the Stanford SRP (Secure Remote Password) libraries using GNU TLS. It is intended for use in places where you don't expect SRP authentication to be the used for system users.
In brief, to use SRP you need to create two files. These are the password file that holds the users and the verifiers associated with them and the configuration file to hold the group parameters (called tpasswd.conf).
−−bits BITS
specify the number of bits for prime numbers (used
only when the −−create−conf
option
is used).
−−create−conf FILE
Generate a tpasswd.conf file.
−h,
−−help
Prints a short reminder of the command line options.
−i,
−−index INDEX
Specify the index of the parameters in tpasswd.conf to use.
−p,
−−passwd FILE
Specify a password file.
−−passwd−conf FILE
Specify a password configuration file.
−s,
−−salt SALT
Specify salt size for crypt algorithm.
−u,
−−username username
Specify username.
−−verify
Just verify password.
To create tpasswd.conf which holds the g and n values for SRP protocol (generator and a large prime), run:
$ srptool −−create−conf /etc/tpasswd.conf
This command will create /etc/tpasswd and will add user 'test' (you will also be prompted for a password). Verifiers are stored by default in the way libsrp expects.
$ srptool −−passwd /etc/tpasswd \ −−passwd−conf /etc/tpasswd.conf −u test
This command will check against a password. If the password matches the one in /etc/tpasswd you will get an ok.
$ srptool −−passwd /etc/tpasswd \ −−passwd−conf /etc/tpasswd.conf −−verify −u test