Skip to content
quick demo of the BrowserID key-wrapping scheme
Python C Shell JavaScript C++
Find file
New pull request
Fetching latest commit...
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
srp-1.0 improve python-srp to handle salt=""


Key-Wrapping Demo

This is a quick-and-dirty demo (and specification-as-code) of the key-wrapping scheme. It has a server process which holds the wrapped keys entirely in RAM (no persistence across restarts), and a client with two commands: "init" and "read".


  1. (cd srp-1.0 && python build)
  2. (cd python-scrypt-0.1 && python build)
  3. edit Makefile to reflect the actual build/ directory under python-scrypt-0.1 . This will include the name of your platform and version of python, so the default will probably only work on my Snow Leopard box.

You also need to have Twisted installed, as the server uses twisted.web


In one shell: make run-server In another one: ./ EMAIL PASSWORD init Then, ./ EMAIL PASSWORD read


This demo still lacks the following important features:

  • safe setup: I still don't know how to best get the initial account data (most importantly the SRP verifier, less importantly email and SRP salt) to the server safely. This will require either public-key encryption (where the client contains a known-good pubkey) or SSL with a pinned certificate (where the client contains a known-good cert hash).
  • outsourced scrypt: all scrypt processing is done locally
  • the specification document is probably still wrong
Something went wrong with that request. Please try again.