This repository is an implementation for SQRL (Secure Quick Reliable Login) on Android.
This is an open source project with an open attitude. The application is meant to be free and available to anyone. I want this project to be successful. I've put in some of my time, and we have contributors to this project, but all releases to Google Play are done by me (Daniel Persson). This is a labor of love for me, so I'm trying to keep this project clean and working. I recognize that using a product requires trust so for you to understand me perhaps better and if you are a developer you might find something interesting. Please take a look at my youtube channel for more of me.
Help wanted / appreciated
We are closely nearing a full implementation of the specification. But there is still a lot of things to do.
- Design user interface
- Document usage and code
- Test and verify code
- Security audit
- Bug reporting
- Translation (https://poeditor.com/join/project/Jlsa1tqxlx)
Some of these areas are not my speciallity so all help / merge requests are welcome.
Thank you for your time.
Before you begin using SQRL to login to websites, your SQRL private identity must be created. You only need one, probably for life, because it reveals NOTHING about you, and it's highly secure. It's just a very long (77-digit) random number.
From then on, whenever you login with SQRL to a website, your private identity is used to generate another 77-digit number for that one website. Every website you visit sees you as a different number, yet every time you return to the same site, that site's unique number is regenerated.
This allows you to be uniquely and permanently identified, yet completely anonymous.
Since you never need to use an eMail address or a password, you never give a website your actual identity to protect. If the website's SQRL identities are ever stolen, not only would the stolen identities only be valid for that one website, but SQRL's cryptography prevents impersonation using stolen identities.
This is as good as it sounds. It's what we've been waiting for.
Follow the install instructions below. When the application is installed you get the choice to either create or import an existing identity from a textual version or via scanning a QR code.
Follow these instructions in the application in order to get your identity setup and ready for use. After that you can just visit a site you want to login to either on your phone or other device.
Then you scan the QR code on the page or if you are on the same device you click the provided "Login with SQRL" link and the application opens up in order to enable you to login.
On the login prompt on your phone you need to verify that the domain your visiting is correct so you don't fall victim to a man in the middle attack. Then you supply the identity password, the application will then contact the server in order to verify your identity.
You may be required to create an account on the site if you haven't visited before. Then when ever you return you repeat the procedure from scanning the QR code or clicking the login link to verify your identity.
If you have any questions you can freely ask them in the SQRL forum at SQRL forum or opening a ticket on the issue tracker here on github.
Build from source
There is two different ways to build this project.
First of you can install android studio, import the project and run / build / release it using the graphical interface.
You can build using gradle, the executibles are not supplied with this repository so in order to do this you need android studio to generate these files. But after the project is setup you may use the command below to build your release using the Android Studio gradle implementation from the command line.