Secure Storage System

From SQRLauth.net
Jump to: navigation, search

SQRL's Secure Storage System (nicknamed S4) is a simple, extendable storage format for user identities. This standard format will work across all SQRL clients, making it easy to move an identity across apps and devices. The format consists of a short header followed by any number of "blocks." Each block stores a different type of key or data. GRC has a page on the Secure Storage System.

Contents

Notes

  • All multi-byte integers are stored in little endian byte order.
  • Block types are exclusive. There can be only one block of a given type within a S4 file.
  • Some clients may exclude the header when exporting a base64url rescue-only identity in a QR code. Currently, due to the fixed size of the type 2 block, these can be recognized by the first 4 bytes: "SQAC"

File Format

Each file consists of an 8 byte header, followed by any number of Blocks. The header indicates how the remainder of the file is encoded:

Header Encoding
sqrldata Binary
SQRLDATA Base64URL

Block Format

Length (Bytes) Data Type Description
2 unsigned int total length of block (data_len+4)
2 unsigned int Block Type
data_len byte array Data

Standard Block Types

Currently, there are only 2 standard block types.

1: User Block

A type 1 block stores the user's current identity keys which will be used on a regular basis. The type 1 block contains:

Length (Bytes) Data Type Description Example
2 unsigned int length of block 157
2 unsigned int block type 1
2 unsigned int length of plain text 45
12 byte array AES-GCM IV --
16 byte array EnScrypt Salt --
1 unsigned int EnScrypt N-factor 9
4 unsigned int EnScrypt iteration count 100
2 unsigned int User Option flags 0x00F1
1 unsigned int Hint length 4
1 unsigned int EnScrypt seconds (for re-encryption of this block) 5
2 unsigned int Idle timeout (minutes) 15
32 byte array Encrypted Identity Master Key --
32 byte array Encrypted Identity Lock Key --
32 byte array Encrypted Previous Identity Unlock Key (or zeros) --
16 byte array AES-GCM Tag --
User Option Flags

Included in the type 1 block are some flags that should be useful to most client implementations. There is room here for several additional flags should the need arise.

Bit Description Bit Description
0x0001 Check for Updates 0x0100 Reserved
0x0002 Ask User to select Identity 0x0200 Reserved
0x0004 Request SQRL only login 0x0400 Reserved
0x0008 Request no-recourse identity lock 0x0800 Reserved
0x0010 Warn of possible MitM attack 0x1000 Reserved
0x0020 Clear password hint when screen locks (screen saver, suspend, etc) 0x2000 Reserved
0x0040 Clear password hint when user changes 0x4000 Reserved
0x0080 Clear password hint when user is idle for n minutes (n is defined above) 0x8000 Reserved

2: Rescue Block

A type 2 block stores the user's Identity Unlock Key, which is only used under special circumstances. The type 2 block contains:

Length (Bytes) Data Type Description Example
2 unsigned int length of block 73
2 unsigned int block type 2
16 byte array EnScrypt Salt --
1 unsigned int EnScrypt N-factor 9
4 unsigned int EnScrypt iteration count 200
32 byte array Encrypted Identity Unlock Key --
16 byte array AES-GCM Tag --