SPAKE2+ Python Tool

Contents

SPAKE2+ Python Tool#

SPAKE2+ Python Tool is a Python script for generating SPAKE2+ protocol parameters (only Verifier as of today). SPAKE2+ protocol is used during Matter commissioning to establish a secure session between the commissioner and the commissionee.

Usage Examples#

To list all available subcommands:

$ ./spake2p.py --help
usage: spake2p.py [-h] subcommand       ...

SPAKE2+ Python Tool

positional arguments:
  subcommand
    gen-verifier    Generate SPAKE2+ Verifier

options:
  -h, --help        show this help message and exit

To display parameters of the gen-verifier subcommand:

$ ./spake2p.py gen-verifier --help
usage: spake2p.py gen-verifier [-h] -p PASSCODE -s SALT -i count

options:
  -h, --help            show this help message and exit
  -p PASSCODE, --passcode PASSCODE
                        8-digit passcode
  -s SALT, --salt SALT  Salt of length 16 to 32 octets encoded in Base64
  -i count, --iteration-count count
                        Iteration count between 1000 and 100000

To generate SPAKE2+ verifier for “SPAKE2P Key Salt” salt and 20202021 passcode, using 1000 PBKDF2 iterations:

./spake2p.py gen-verifier -p 20202021 -s U1BBS0UyUCBLZXkgU2FsdA== -i 1000
uWFwqugDNGiEck/po7KHwwMwwqZgN10XuyBajPGuyzUEV/iree4lOrao5GuwnlQ65CJzbeUB49s31EH+NEkg0JVI5MGCQGMMT/SRPFNRODm3wH/MBiehuFc6FJ/NH6Rmzw==