srptool - Man Page

GnuTLS SRP tool

Synopsis

srptool [-flags] [-flag [value]] [--option-name[[=| ]value]]

All arguments must be options.

Description

Simple program that emulates the programs in the Stanford SRP (Secure Remote Password) libraries using GnuTLS.  It is intended for use in  places where you don't expect SRP authentication to be the used for system users.

In  brief,  to use SRP you need to create two files. These are the password file that holds the users and the verifiers associated with  them  and  the configuration file to hold the group parameters (called tpasswd.conf).

Options

-d number, --debug=number

Enable debugging. This option takes an integer number as its argument. The value of number is constrained to being:

in the range 0  through  9999

Specifies the debug level.

-i number, --index=number

This option takes an integer number as its argument.

-u string, --username=string
-p string, --passwd=string
-s number, --salt=number

This option takes an integer number as its argument.

--verify

Verifies the password provided against the password file.

-v string, --passwd-conf=string

Specify a filename or a PKCS #11 URL to read the CAs from.

--create-conf=string

Generate a password configuration file..

This generates a password configuration file (tpasswd.conf) containing the required for TLS parameters.

-v keyword, --version=keyword

Output version of program and exit.  The default mode is `v', a simple version.  The `c' mode will print copyright information and `n' will print the full copyright notice.

-h,  --help

Display usage information and exit.

-!,  --more-help

Pass the extended usage information through a pager.

Examples

To create tpasswd.conf which holds the g and n values for SRP protocol (generator and a large prime), run:

$ srptool --create-conf /etc/tpasswd.conf

This command will create /etc/tpasswd and will add user 'test' (you will also be prompted for a password). Verifiers are stored by default in the way libsrp expects.

$ srptool --passwd /etc/tpasswd --passwd-conf /etc/tpasswd.conf -u test

This command will check against a password. If the password matches the one in /etc/tpasswd you will get an ok.

$ srptool --passwd /etc/tpasswd --passwd\-conf /etc/tpasswd.conf --verify -u test

Exit Status

One of the following exit values will be returned:

0  (EXIT_SUCCESS)

Successful program execution.

1  (EXIT_FAILURE)

The operation failed or the command syntax was not valid.

See Also

gnutls-cli-debug (1), gnutls-serv (1), srptool (1), psktool (1), certtool (1)

Authors

Nikos Mavrogiannopoulos, Simon Josefsson and others; see /usr/share/doc/gnutls/AUTHORS for a complete list.

Bugs

Please send bug reports to: bugs@gnutls.org

Referenced By

certtool(1), psktool(1).

18 Jan 2022 3.7.3