From: Nikos Mavrogiannopoulos Date: Fri, 2 Mar 2012 21:03:03 +0000 (+0100) Subject: More documentation on SRP X-Git-Tag: gnutls_3_0_16~48 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=95102a4a1b25141bb768f7d10d2efc162ce451f3;p=thirdparty%2Fgnutls.git More documentation on SRP --- diff --git a/doc/cha-shared-key.texi b/doc/cha-shared-key.texi index a8730f41d9..c9605de2b1 100644 --- a/doc/cha-shared-key.texi +++ b/doc/cha-shared-key.texi @@ -41,10 +41,16 @@ harm to the system security if they were revealed. The @acronym{SRP} needs instead of the plain password something called a verifier, which is calculated using the user's password, and if stolen cannot be used to impersonate the user. -The Stanford @acronym{SRP} libraries, include a PAM module that synchronizes -the system's users passwords with the @acronym{SRP} password -files. That way @acronym{SRP} authentication could be used for all users -of a system. +@c The Stanford @acronym{SRP} libraries, include a PAM module that synchronizes +@c the system's users passwords with the @acronym{SRP} password +@c files. That way @acronym{SRP} authentication could be used for all users +@c of a system. + +Typical conventions in SRP are a password file, called @file{tpasswd} that +holds the SRP verifiers (encoded passwords) and another file, @file{tpasswd.conf}, +which holds the allowed SRP parameters. The included in GnuTLS helper +follow those conventions. The srptool program, discussed in the next section +is a tool to manipulate the SRP parameters. The implementation in @acronym{GnuTLS} is based on @xcite{TLSSRP}. The supported key exchange methods are shown below. @@ -64,10 +70,6 @@ authenticated using a certificate with RSA parameters. @end table -Helper functions are included in @acronym{GnuTLS}, used to generate and -maintain @acronym{SRP} verifiers and password files. A program to -manipulate the required parameters for @acronym{SRP} authentication is -also included. See @ref{srptool Invocation}, for more information. @showfuncdesc{gnutls_srp_verifier}