Binary identity?

  • New Wordpress Plug-In Forum
    Guest:

    Just a note that we have a new forum to contain discussions relating to the Wordpress plug-in which Daniel Persson originated and has been making great progress on. You'll find it under "Server-Side Solutions."

    /Steve.

Status
Not open for further replies.
N

nst0022

Guest
I have successfully build libsqrl.so and the SQRL client, and could authenticate at https://sqrl.grc.com/demo with the default SQRL identity (~/.sqrl/test.sqrl) and the default password (in ~/.sqrl.ini).

However, I have a question:

The content of test.sqrl is binary. How can I replace this identity with an existing one from the current Android client, or the current Chrome extension, which both produce textual representations of the identity?
 

Steve

Administrator
Staff member
May 6, 2018
992
290
www.grc.com
Hi! I'm not Bert (obviously), so I'm not 100% certain what he has done. But the SQRL system includes a BINARY format specification for securely storing SQRL identities having all of the required security and expansion features and qualities. So if Burt has implemented the S4 (SQRL Secure Storage System) format, and assuming that Daniel or Jaap have, then all of these binary formats are deliberately interchangeable. My Windows client is definitely S4-identical.
 

PHolder

Well-known member
May 19, 2018
918
124
My read of https://github.com/bertput/sqrl is that it created a default (test) identity. If you have one from another place (say Steve's GRC client) just copy the binary file over. Edit the ini file to point to it and see how that works.
 
N

nst0022

Guest
if Burt has implemented the S4 (SQRL Secure Storage System) format
Probably yes, however, I get an error when I read Daniels binary file. I try to check that out in the source code.

Thanks for making the difference clear :).
 
N

nst0022

Guest
I got over the error and could successfully login at the demo site.

Here is what I did:
  • I created the identity for this forum with the Chrome extension.
  • I exported the identity as text (no binary export offered).
  • I imported the identity with the Android client, using both the extension's rescue code and the same password.
  • I exported the identity as a binary file (S4 format).
  • I copied the binary file to ~/.sqrl and referenced it in ~/.sqrl/sqrl.ini
  • Neither the password property in ~/.sqrl/sqrl.ini nor the rescue code property is read by the Linux client.
I can login to the forum with the Android app and the Web extension, but when I try to login to the forum, I am treated as a new user:

165

And here my involvement ends. I have no idea, how to debug this situation.
 

DetlevSchm

Well-known member
Mar 4, 2019
64
5
As an afterthought, what if neither the Linux client, nor its utilized libsqrl library causes the problem, but the exporting Android client?

Is it possible to produce an S4 file, that leads to a correct server-side identity, but not the intended one?
 

PHolder

Well-known member
May 19, 2018
918
124
Is it possible to produce an S4 file, that leads to a correct server-side identity, but not the intended one?
Well since every GRC SQRL client saves it's identity in a S4 file of it's own, the answer is obviously a yes. It's also possible that the file is otherwise correct, but that the interpretation of its contents is wrong (i.e. a bug.)
 
Status
Not open for further replies.