This is a classic NimbusSRP library optimized for Android. If you are looking for Java version of this library, refer to the original repository.
If you try using the original NimbusSRP with Android, you will definitely face Java dependencies problem. I had to add javax.xml.bind:jaxb-api to my project just to make NimbusSRP work. Moreover, not each version of jaxb-api works fine with Android (only 2.2.4 at this moment). Everything was going almost fine until I decided to configure ProGuard with all these things. It turned out to be a really scary experience =) Finally, I decided to make an altered version of NimbusSRP with Android in mind.
I didn't change the library code at all, just threw away unnecessary components from cli package.
Add Gradle dependency to your project:
implementation 'com.nimbusds:srp6a-android:2.0.2'And write something like this:
clientCredentials = with(clientSession) {
step1(login, password)
step2(defaultCryptoParams, salt, B)
}
val M2 = with(clientCredentials) {
MockServer.step2(A, M1)
}
clientSession.step3(M2)This package provides a complete Secure Remote Password (SRP-6a) implementation for Java.
Features:
- Convenient client and server-side session classes, with tracking of the current authentication state.
- Convenient verifier 'v' generator.
- Allows selection of preferred 'N' and 'g' crypto parameters, hash function 'H' and session timeouts.
- Includes a set of pre-computed safe primes 'N' of various bitsizes (256-bit, 512-bit, etc.)
- Interfaces to allow definition of custom routines for the password key 'x', the hash routine, the server evidence message 'M1' and the client evidence message 'M2'.
- No external package dependencies.
This product uses the 'Secure Remote Password' cryptographic authentication system developed by Tom Wu (tjw@CS.Stanford.EDU).
For installation instructions, usage and more information visit the Nimbus SRP website: