@node srptool Invocation

@subsubsection Invoking srptool

@pindex srptool

@ignore

#  -*- buffer-read-only: t -*- vi: set ro:

#

# DO NOT EDIT THIS FILE   (invoke-srptool.texi)

#

# It has been AutoGen-ed

# From the definitions    ../src/srptool-args.def

# and the template file   agtexi-cmd.tpl

@end ignore

Simple program that emulates the programs in the Stanford SRP (Secure

Remote Password) libraries using GnuTLS.  It is intended for use in  places

where you don't expect SRP authentication to be the used for system users.

In  brief,  to use SRP you need to create two files. These are the password

file that holds the users and the verifiers associated with  them  and  the

configuration file to hold the group parameters (called tpasswd.conf).

This section was generated by @strong{AutoGen},

using the @code{agtexi-cmd} template and the option descriptions for the @code{srptool} program.

This software is released under the GNU General Public License, version 3 or later.

@anchor{srptool usage}

@subsubheading srptool help/usage (@option{--help})

@cindex srptool help

This is the automatically generated usage text for srptool.

The text printed is the same whether selected with the @code{help} option

(@option{--help}) or the @code{more-help} option (@option{--more-help}).  @code{more-help} will print

the usage text by passing it through a pager program.

@code{more-help} is disabled on platforms without a working

@code{fork(2)} function.  The @code{PAGER} environment variable is

used to select the program, defaulting to @file{more}.  Both will exit

with a status code of 0.

@exampleindent 0

@example

srptool - GnuTLS SRP tool

Usage:  srptool [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...

   -d, --debug=num            Enable debugging

                                - it must be in the range:

                                  0 to 9999

   -i, --index=num            specify the index of the group parameters in tpasswd.conf to use

   -u, --username=str         specify a username

   -p, --passwd=str           specify a password file

   -s, --salt=num             specify salt size

       --verify               just verify the password.

   -v, --passwd-conf=str      specify a password conf file.

       --create-conf=str      Generate a password configuration file.

   -v, --version[=arg]        output version information and exit

   -h, --help                 display extended usage information and exit

   -!, --more-help            extended usage information passed thru pager

Options are specified by doubled hyphens and their name or by a single

hyphen and the flag character.

Simple program that emulates the programs in the Stanford SRP (Secure

Remote Password) libraries using GnuTLS.  It is intended for use in places

where you don't expect SRP authentication to be the used for system users.

In brief, to use SRP you need to create two files.  These are the password

file that holds the users and the verifiers associated with them and the

configuration file to hold the group parameters (called tpasswd.conf).

@end example

@exampleindent 4

@anchor{srptool debug}

@subsubheading debug option (-d)

This is the ``enable debugging'' option.

This option takes a number argument.

Specifies the debug level.

@anchor{srptool verify}

@subsubheading verify option

This is the ``just verify the password.'' option.

Verifies the password provided against the password file.

@anchor{srptool passwd-conf}

@subsubheading passwd-conf option (-v)

This is the ``specify a password conf file.'' option.

This option takes a string argument.

Specify a filename or a PKCS #11 URL to read the CAs from.

@anchor{srptool create-conf}

@subsubheading create-conf option

This is the ``generate a password configuration file.'' option.

This option takes a string argument.

This generates a password configuration file (tpasswd.conf)

containing the required for TLS parameters.

@anchor{srptool exit status}

@subsubheading srptool exit status

One of the following exit values will be returned:

@table @samp

@item 0 (EXIT_SUCCESS)

Successful program execution.

@item 1 (EXIT_FAILURE)

The operation failed or the command syntax was not valid.

@end table

@anchor{srptool See Also}

@subsubheading srptool See Also

    gnutls-cli-debug (1), gnutls-serv (1), srptool (1), psktool (1), certtool (1)

@anchor{srptool Examples}

@subsubheading srptool Examples

To create @file{tpasswd.conf} which holds the g and n values for SRP protocol

(generator and a large prime), run:

@example

$ srptool --create-conf /etc/tpasswd.conf

@end example

This command will create @file{/etc/tpasswd} and will add user 'test' (you

will also be prompted for a password). Verifiers are stored by default

in the way libsrp expects.

@example

$ srptool --passwd /etc/tpasswd --passwd-conf /etc/tpasswd.conf -u test

@end example

This command will check against a password. If the password matches

the one in @file{/etc/tpasswd} you will get an ok.

@example

$ srptool --passwd /etc/tpasswd --passwd\-conf /etc/tpasswd.conf --verify -u test

@end example