Mukund
Posted on
Secure connection over ESP32 with Flutter using Security 2 (SRP6) fails – “Failed to authenticate client proof! Invalid username/PoP I’m working on connecting a Flutter app to an ESP32 device over BLE using the ESP-IDF provisioning/security scheme 2 (SRP6
For further actions, you may consider blocking this person and/or reporting abuse
Top comments (1)
).
I’m trying to establish a secure session with Security 2 using a PoP (Proof of Possession) and salt for SRP verification.
However, the connection fails with the following error messages from the ESP32 logs:
E (xxxxx) security2: Failed to authenticate client proof! E (xxxxx) security2: Received incorrect username and/or PoP for establishing secure session! E (xxxxx) protocomm: Invalid content received, killing connection
What I’ve done:
Using Flutter with flutter_blue_plus to handle BLE communication.
Converted the SRP6 client implementation from Java to Dart to generate A, M, and proof values.
I am passing the correct PoP (same as configured in ESP32) and the salt provided by the device.
Able to receive s (salt) and B (server public key) correctly from ESP32.
Computing the client proof (M1) on Flutter side and sending it back, but ESP32 rejects it.
Error summary:
ESP32 rejects client proof with Failed to authenticate client proof!
Says Invalid username and/or PoP even though I’m sure the PoP matches.
1.Has anyone successfully implemented ESP32 Security 2 (SRP6) authentication in Flutter?
2.Do I need to hash/encode the PoP in a specific way (e.g., UTF-8 bytes vs. raw string vs. hex) before passing to SRP?
3.How exactly should the username, PoP, and salt be encoded when sending from the Flutter app?
4.Are there any known pitfalls when porting SRP6 client-side calculations (BigInt handling, leading zeros, byte order) to Dart?
Environment:
Flutter 3.19.5
ESP-IDF v5.x
BLE communication using flutter_blue_plus
Any guidance, examples, or working Dart implementations for SRP6 with ESP32 Security2 would be greatly appreciated.