public class Server
SRP Server; party that verifies the Client’s challenge/response against the known password verifier stored for a user.
Whether the session is authenticated, i.e. the password was verified by the server and proof of a valid session key was provided by the server. If
sessionKeyis also available.
public private(set) var isAuthenticated = false
Initialize the Server SRP party. The username is provided by the Client. The salt and verificationKey have been stored prior to the authentication attempt.
public init( username: String, salt: Data, verificationKey: Data, group: Group = .N2048, algorithm: Digest.Algorithm = .sha1, privateKey: Data? = nil)
username (I) provided by the client.
salt (s) stored for this username.
verification key (v) stored for this username.
Groupto use, must be the same for the client as well as the pre-stored verificationKey.
Digest.Algorithmto use, again this must be the same for the client as well as the pre-stored verificationKey.
(optional) custom private key (a); if providing the private key of the
Server, make sure to provide a good random key of at least 32 bytes. Default is to generate a private key of 128 bytes. You MUST not re-use the private key between sessions. However the private key might be shared when running multiple instances and an authentication session might be handled by multiple instances.
Returns the challenge. This method is a no-op.
public func getChallenge() -> (salt: Data, publicKey: Data)
Verify that the client did generate the correct
sessionKeyfrom their password and the challenge we provided. We’ll generate the
sessionKeyas well and proof the client we have posession of the password verifier and thus generated the same
public func verifySession(publicKey clientPublicKey: Data, keyProof clientKeyProof: Data) throws -> Data
client’s public key
client’s proof of
our proof of
The server’s public key (A). For every authentication session a new public key is generated.
public var publicKey: Data
The server’s private key (a). For every authentication session a new random private key is generated.
public var privateKey: Data
The session key (K) that is exchanged during authentication. This key can be used to encrypt further communication between client and server.
public var sessionKey: Data?