安全远程密码是一种身份验证协议,用于使用密码向另一方证明您的身份,但绝不会向其他方泄露该密码。 甚至包括您正在证明身份的一方。 有关此协议的更多信息,请参见安全远程密码协议。
// This is a database of users, along with their salted verification keys
let userStore: [String: (salt: Data, verificationKey: Data)] = [
"alice": createSaltedVerificationKey(username: "alice", password: "password123"),
"bob": createSaltedVerificationKey(username: "bob", password: "qwerty12345"),
]
// Alice wants to authenticate, she sends her username to the server.
let client = Client(username: "alice", password: "password123")
let (username, clientPublicKey) = client.startAuthentication()
let server = Server(
username: username,
salt: userStore[username]!.salt,
verificationKey: userStore[username]!.verificationKey)
// The server shares Alice's salt and its public key (the challenge).
let (salt, serverPublicKey) = server.getChallenge()
// Alice generates a sessionKey and proofs she generated the correct
// session key based on her password and the challenge.
let clientKeyProof = try client.processChallenge(salt: salt, publicKey: serverPublicKey)
// The server verifies Alices' proof and generates their proof.
let serverKeyProof = try server.verifySession(publicKey: clientPublicKey, keyProof: clientKeyProof)
// The client verifies the server's proof.
try client.verifySession(keyProof: serverKeyProof)
// At this point, authentication has completed.
assert(server.isAuthenticated)
assert(client.isAuthenticated)
// Both now have the same session key. This key can be used to encrypt
// further communication between client and server.
assert(server.sessionKey == client.sessionKey)
更多信息可以在文档中找到。
此软件包的第 3 版需要 Swift 4。如果您需要 Swift 3 兼容性,请使用第 2 版。
我相信这个实现正确地实现了 RFC。 然而,并非所有实现都如此,可能导致无法跨实现进行身份验证。 并且,由于此协议包含随机性,细微的差异可能会导致较低的失败率。
此项目包含单元测试。 需要一些编译器标志才能快速运行测试
swift test -c release -Xswiftc -enable-testing
此库由 Bouke Haarsma 编写。