SPAKE2+ Python Tool#

SPAKE2+ Python Tool is a Python script for generating SPAKE2+ protocol parameters (only Verifier as of today). SPAKE2+ protocol is used during Matter commissioning to establish a secure session between the commissioner and the commissionee.

Usage Examples#

To list all available subcommands:

$ ./ --help
usage: [-h] subcommand       ...

SPAKE2+ Python Tool

positional arguments:
    gen-verifier    Generate SPAKE2+ Verifier

  -h, --help        show this help message and exit

To display parameters of the gen-verifier subcommand:

$ ./ gen-verifier --help
usage: gen-verifier [-h] -p PASSCODE -s SALT -i count

  -h, --help            show this help message and exit
  -p PASSCODE, --passcode PASSCODE
                        8-digit passcode
  -s SALT, --salt SALT  Salt of length 16 to 32 octets encoded in Base64
  -i count, --iteration-count count
                        Iteration count between 1000 and 100000

To generate SPAKE2+ verifier for “SPAKE2P Key Salt” salt and 20202021 passcode, using 1000 PBKDF2 iterations:

./ gen-verifier -p 20202021 -s U1BBS0UyUCBLZXkgU2FsdA== -i 1000