Info Node: (gnutls.info)srptool Invocation

CFHT HOME gnutls.info: srptool Invocation

up: SRP authentication prev: Authentication using SRP Back to Software Index 

4.3.2.2 Invoking srptool
........................

Simple program that emulates the programs in the Stanford SRP (Secure
Remote Password) libraries using GnuTLS. It is intended for use in
places where you don't expect SRP authentication to be the used for
system users.

In brief, to use SRP you need to create two files.  These are the
password file that holds the users and the verifiers associated with
them and the configuration file to hold the group parameters (called
tpasswd.conf).

This section was generated by *AutoGen*, using the 'agtexi-cmd' template
and the option descriptions for the 'srptool' program.  This software is
released under the GNU General Public License, version 3 or later.

srptool help/usage ('--help')
.............................

This is the automatically generated usage text for srptool.

The text printed is the same whether selected with the 'help' option
('--help') or the 'more-help' option ('--more-help').  'more-help' will
print the usage text by passing it through a pager program.  'more-help'
is disabled on platforms without a working 'fork(2)' function.  The
'PAGER' environment variable is used to select the program, defaulting
to 'more'.  Both will exit with a status code of 0.

     srptool - GnuTLS SRP tool
     Usage:  srptool [ -<flag> [<val>] | --<name>[{=| }<val>] ]...

        -d, --debug=num            Enable debugging
                                     - it must be in the range:
                                       0 to 9999
        -i, --index=num            specify the index of the group parameters in tpasswd.conf to use
        -u, --username=str         specify a username
        -p, --passwd=str           specify a password file
        -s, --salt=num             specify salt size
            --verify               just verify the password.
        -v, --passwd-conf=str      specify a password conf file.
            --create-conf=str      Generate a password configuration file.
        -v, --version[=arg]        output version information and exit
        -h, --help                 display extended usage information and exit
        -!, --more-help            extended usage information passed thru pager

     Options are specified by doubled hyphens and their name or by a single
     hyphen and the flag character.

     Simple program that emulates the programs in the Stanford SRP (Secure
     Remote Password) libraries using GnuTLS.  It is intended for use in places
     where you don't expect SRP authentication to be the used for system users.

     In brief, to use SRP you need to create two files.  These are the password
     file that holds the users and the verifiers associated with them and the
     configuration file to hold the group parameters (called tpasswd.conf).


debug option (-d)
.................

This is the "enable debugging" option.  This option takes a number
argument.  Specifies the debug level.

verify option
.............

This is the "just verify the password."  option.  Verifies the password
provided against the password file.

passwd-conf option (-v)
.......................

This is the "specify a password conf file."  option.  This option takes
a string argument.  Specify a filename or a PKCS #11 URL to read the CAs
from.

create-conf option
..................

This is the "generate a password configuration file."  option.  This
option takes a string argument.  This generates a password configuration
file (tpasswd.conf) containing the required for TLS parameters.

srptool exit status
...................

One of the following exit values will be returned:
'0 (EXIT_SUCCESS)'
     Successful program execution.
'1 (EXIT_FAILURE)'
     The operation failed or the command syntax was not valid.

srptool See Also
................

gnutls-cli-debug (1), gnutls-serv (1), srptool (1), psktool (1),
certtool (1)

srptool Examples
................

To create 'tpasswd.conf' which holds the g and n values for SRP protocol
(generator and a large prime), run:
     $ srptool --create-conf /etc/tpasswd.conf

This command will create '/etc/tpasswd' and will add user 'test' (you
will also be prompted for a password).  Verifiers are stored by default
in the way libsrp expects.
     $ srptool --passwd /etc/tpasswd --passwd-conf /etc/tpasswd.conf -u test

This command will check against a password.  If the password matches the
one in '/etc/tpasswd' you will get an ok.
     $ srptool --passwd /etc/tpasswd --passwd\-conf /etc/tpasswd.conf --verify -u test
automatically generated by info2www version 1.2