Previous: Authentication using SRP, Up: SRP authentication [Contents][Index]
Simple program that emulates the programs in the Stanford SRP (Secure Remote Password) libraries using GnuTLS. It is intended for use in places where you don’t expect SRP authentication to be the used for system users.
In brief, to use SRP you need to create two files. These are the password file that holds the users and the verifiers associated with them and the configuration file to hold the group parameters (called tpasswd.conf).
The text printed is the same whether selected with the help option
(--help) or the more-help option (--more-help). more-help will print
the usage text by passing it through a pager program.
more-help is disabled on platforms without a working
fork(2) function. The PAGER environment variable is
used to select the program, defaulting to more. Both will exit
with a status code of 0.
srptool - GnuTLS SRP tool
Usage: srptool [ -<flag> [<val>] | --<name>[{=| }<val>] ]...
None:
-d, --debug=num Enable debugging
- it must be in the range:
0 to 9999
-i, --index=num specify the index of the group parameters in tpasswd.conf to use
-u, --username=str specify a username
-p, --passwd=str specify a password file
-s, --salt=num specify salt size
--verify just verify the password
-v, --passwd-conf=str specify a password conf file
--create-conf=str Generate a password configuration file
Version, usage and configuration options:
-v, --version[=arg] output version information and exit
-h, --help display extended usage information and exit
-!, --more-help extended usage information passed thru pager
Options are specified by doubled hyphens and their name or by a single
hyphen and the flag character.
Simple program that emulates the programs in the Stanford SRP (Secure
Remote Password) libraries using GnuTLS. It is intended for use in places
where you don't expect SRP authentication to be the used for system users.
In brief, to use SRP you need to create two files. These are the password
file that holds the users and the verifiers associated with them and the
configuration file to hold the group parameters (called tpasswd.conf).
Please send bug reports to: <bugs@gnutls.org>
This is the “enable debugging” option. This option takes a ArgumentType.NUMBER argument. Specifies the debug level.
This is the “just verify the password” option. Verifies the password provided against the password file.
This is the “specify a password conf file” option. This option takes a ArgumentType.STRING argument. Specify a filename or a PKCS #11 URL to read the CAs from.
This is the “generate a password configuration file” option. This option takes a ArgumentType.STRING argument. This generates a password configuration file (tpasswd.conf) containing the required for TLS parameters.
This is the “output version information and exit” option. This option takes a ArgumentType.KEYWORD argument. Output version of program and exit. The default mode is ‘v’, a simple version. The ‘c’ mode will print copyright information and ‘n’ will print the full copyright notice.
This is the “display extended usage information and exit” option. Display usage information and exit.
This is the “extended usage information passed thru pager” option. Pass the extended usage information through a pager.
One of the following exit values will be returned:
Successful program execution.
The operation failed or the command syntax was not valid.
gnutls-cli-debug (1), gnutls-serv (1), srptool (1), psktool (1), certtool (1)
To create tpasswd.conf which holds the g and n values for SRP protocol (generator and a large prime), run:
$ srptool --create-conf /etc/tpasswd.conf
This command will create /etc/tpasswd and will add user ’test’ (you will also be prompted for a password). Verifiers are stored by default in the way libsrp expects.
$ srptool --passwd /etc/tpasswd --passwd-conf /etc/tpasswd.conf -u test
This command will check against a password. If the password matches the one in /etc/tpasswd you will get an ok.
$ srptool --passwd /etc/tpasswd --passwd\-conf /etc/tpasswd.conf --verify -u test
Previous: Authentication using SRP, Up: SRP authentication [Contents][Index]