2023-08-03 11:01:14 +00:00
|
|
|
# Auth Encrypted Export format
|
|
|
|
|
|
|
|
## Overview
|
|
|
|
|
2023-09-05 07:45:59 +00:00
|
|
|
When we export the auth codes, the data is encrypted using a key derived from the user's password.
|
|
|
|
This document describes the JSON structure used to organize exported data, including versioning and key derivation
|
|
|
|
parameters.
|
2023-08-03 11:01:14 +00:00
|
|
|
|
|
|
|
## Export JSON Sample
|
|
|
|
|
|
|
|
```json
|
|
|
|
{
|
|
|
|
"version": 1,
|
|
|
|
"kdfParams": {
|
|
|
|
"memLimit": 4096,
|
|
|
|
"opsLimit": 3,
|
|
|
|
"salt": "example_salt"
|
|
|
|
},
|
|
|
|
"encryptedData": "encrypted_data_here",
|
|
|
|
"encryptionNonce": "nonce_here"
|
|
|
|
}
|
|
|
|
```
|
|
|
|
|
|
|
|
The main object used to represent the export data. It contains the following key-value pairs:
|
|
|
|
|
|
|
|
- `version`: The version of the export format.
|
|
|
|
- `kdfParams`: Key derivation function parameters.
|
|
|
|
- `encryptedData"`: The encrypted authentication data.
|
|
|
|
- `encryptionNonce`: The nonce used for encryption.
|
|
|
|
|
2023-09-05 07:45:59 +00:00
|
|
|
### Version
|
|
|
|
|
|
|
|
Export version is used to identify the format of the export data.
|
2023-08-03 11:01:14 +00:00
|
|
|
|
|
|
|
#### Ver: 1
|
2023-09-05 07:45:59 +00:00
|
|
|
|
2023-08-03 11:01:14 +00:00
|
|
|
* KDF Algorithm: `ARGON2ID`
|
|
|
|
* Decrypted data format: `otpauth://totp/...`, separated by a new line.
|
|
|
|
* Encryption Algo: `XChaCha20-Poly1305`
|
|
|
|
|
|
|
|
#### Key Derivation Function Params (KDF)
|
|
|
|
|
|
|
|
This section contains the parameters that were using during KDF operation:
|
|
|
|
|
|
|
|
- `memLimit`: Memory limit for the algorithm.
|
|
|
|
- `opsLimit`: Operations limit for the algorithm.
|
|
|
|
- `salt`: The salt used in the derivation process.
|
|
|
|
|
|
|
|
#### Encrypted Data
|
2023-09-05 07:45:59 +00:00
|
|
|
|
2023-08-03 11:01:14 +00:00
|
|
|
As mentioned above, the auth data is encrypted using a key that's derived by using user provided password & kdf params.
|
2023-09-05 07:45:59 +00:00
|
|
|
For encryption, we are using `XChaCha20-Poly1305` algorithm.
|
2023-08-03 11:01:14 +00:00
|
|
|
|
|
|
|
## How to use the export data
|
2023-09-05 07:45:59 +00:00
|
|
|
|
|
|
|
* **ente Authenticator app**: You can directly import the codes in the ente Authenticator app.
|
|
|
|
> Settings -> Data -> Import Codes -> ente Encrypted export.
|
|
|
|
|
|
|
|
* **Decryption Tool** : You can download the [decrypt tool](decrypt/decrypt) and run the following command.
|
|
|
|
|
|
|
|
```./decrypt <export_file> <password> <output_file>```
|
|
|
|
|
|
|
|
|