This is a first simple test server for SQRL - Secure Quick Reliable Login fully documented at GRC.com
Important: as the SQRL API is not finalized yet, this server and the code behind it is not anywhere close to a stable implementation and subject to change at any time.
What's currently implemented:
- The implementation is stateless
- The nut in the query of the URL and a cookie in the client's browser contain everything needed for the compliant authentication process
- The nut in the query and in the cookie are salted and AES encrypted. Cipher, IV and key for the encryption are configurable independently for both usages
- Test-Server without page caching: https://sqrl-test.paragon-es.de - the QR code is displayed on all pages where a login form is contained
- Test-Server with page caching: https://sqrl-test-cache.paragon-es.de - instead of the QR code there is a SQRL icon on cached pages and if the user wants to login by SQRL, they have to first click on that icon to get to a non-cached page with the QR code
- Implemented SQRL commands
- create: user account creation
- login: start a user session, identify the SQRL ID by the current or previous IDK
- setkey: set the SQRL keys (idk, suk, vuk)
- More commands
- Link an existing user account to your SQRL ID. When you logged in to the server with username and password and you want to login with SQRL in the guture, go to your user profile and scan the SQRL there. This will linke the too automatically.
- IDK and PIDK are stored salted and hashed.
- SUK and VUK are stored as plain text
- Nothing else gets stored.
More features to come soon.
You want to provide feedback? Please go to the Drupal SQRL Project and report issues there.
You are looking for a SQRL client to test this? We have tested this server with the following clients: