Secure Storage System

From SQRLauth.net
Revision as of 08:23, 25 March 2015 by Adam Comley (Talk | contribs)

Jump to: navigation, search

SQRL's Secure Storage System (nicknamed S4) is a simple, extendable storage format for user identities. This standard format will work across all SQRL clients, making it easy to move an identity across apps and devices. The format consists of a short header followed by any number of "blocks." Each block stores a different type of key or data. GRC has a page on the Secure Storage System.

Contents

Notes

  • All multi-byte integers are stored in little endian byte order.
  • Block types are exclusive. There can be only one block of a given type within a S4 file.
  • Some clients may exclude the header when exporting a base64ul rescue-only identity in a QR code. Currently, due to the fixed size of the type 2 block, these can be recognized by the first 4 bytes: "SQAC"

File Format

  • (8 bytes) header, indicating the encoding of the remainder of the file:
    • "sqrldata": binary
    • "SQRLDATA": base64url
  • Any number of Blocks

Block Format

  • (2 bytes) unsigned int: total length of block (data_len+4)
  • (2) unsigned int: type of block
  • (data_len) Data

Standard Block Types

Currently, there are only 2 standard block types.

1: User Block

A type 1 block stores the user's current identity keys which will be used on a regular basis. The type 1 block contains:

Length (Bytes) Data Type Description Example
2 unsigned int length of block 157
2 unsigned int block type 1
2 unsigned int length of plain text 45
12 byte array AES-GCM IV --
16 byte array EnScrypt Salt --
1 unsigned int EnScrypt N-factor 9
4 unsigned int EnScrypt iteration count 100
2 unsigned int User Option flags 0x00F1
1 unsigned int Hint length 4
1 unsigned int EnScrypt seconds (for re-encryption of this block) 5
2 unsigned int Idle timeout (minutes) 15
-- -- Optional Additional (unencrypted) data --
32 byte array Encrypted Identity Master Key --
32 byte array Encrypted Identity Lock Key --
32 byte array Encrypted Previous Identity Unlock Key (or zeros) --
-- -- Optional Additional (encrypted) data --
16 byte array AES-GCM Tag --
User Option Flags

Included in the type 1 block are some flags that should be useful to most client implementations. There is room here for several additional flags should the need arise.

Bit Description Bit Description
0x0001 Check for Updates 0x0100 Reserved
0x0002 Ask User to select Identity 0x0200 Reserved
0x0004 Request SQRL only login 0x0400 Reserved
0x0008 Request no-recourse identity lock 0x0800 Reserved
0x0010 Warn of possible MitM attack 0x1000 Reserved
0x0020 Clear password hint when screen locks (screen saver, suspend, etc) 0x2000 Reserved
0x0040 Clear password hint when user changes 0x4000 Reserved
0x0080 Clear password hint when user is idle for n minutes (n is defined above) 0x8000 Reserved

2: Rescue Block

A type 2 block stores the user's Identity Unlock Key, which is only used under special circumstances. The type 2 block contains:

Length (Bytes) Data Type Description Example
2 unsigned int length of block 73
2 unsigned int block type 2
16 byte array EnScrypt Salt --
1 unsigned int EnScrypt N-factor 9
4 unsigned int EnScrypt iteration count 200
32 byte array Encrypted Identity Unlock Key --
16 byte array AES-GCM Tag --