Skip to content


Folders and files

Last commit message
Last commit date

Latest commit



4 Commits

Repository files navigation

SRP-6a Java Card Applet

This Java Card applet is an implementation of the Secure Remote Password (SRP-6a) password-authenticated secure channel protocol by Wu [1]. In combination with an implementation of an off-card application, such as an Android application using our SRP-6A Android Library, you can establish a secure communication channel that is mutually authenticated with a PIN or password. This implementation relys on standard Java Card 2.2 API functionality. Although secure elements with Java Card 2.2 API are usually equipped with the necessary hardware for computation of modulo operations as used in SRP, limitations of the standard Java Card 2.2 API prevent direct access to the necessary cryptographic primitives. Hence, this makes it challenging to implement SRP with acceptable performance. However, by exploiting the RSA encryption API provided by the platform, we show that it is possible to compute exponentiations and multiplications with support of the cryptographic co-processor. This, and minor adaptations to the protocol, made it possible to implement the SRP-6a server-side in a Java Card applet with reasonable computation time. We presented this in our MoMM2014 paper [2].


You are using this application at your own risk. We are not responsible for any damage caused by this application, incorrect usage or inaccuracies in this manual.


[1] T. Wu, "SRP-6: Improvements and Refinements to the Secure Remote Password Protocol,", Okt-2002. [Online]. Available:

[2] M. Hölzl, E. Asnake, R. Mayrhofer, and M. Roland: "Mobile Application to Java Card Applet Communication using a Password-authenticated Secure Channel," in Proceedings of the 12th International Conference on Advances in Mobile Computing & Multimedia (MoMM2014), pp. 147--156, ACM, December 2014.


Java Card applet for SRP-6a password-authenticated secure channel to secure elements/smartcards.







No releases published


No packages published