-
-
Notifications
You must be signed in to change notification settings - Fork 10
Data storage
Data is stored in a file format file called "wfs", short for WristkeyFS, modelled after the KeyspaceFS file structure. It consists of a JSON object that contains multiple items, such as an array called "otpauth" for 2FA codes, "wkpass" for Wallet passes etc.
{
"otpauth": [
"otpauth://totp/Google%20LLC%2E:me%400x4f.in?secret=ASDFGHJKL&issuer=Google&algorithm=SHA1&digits=6&period=30&counter=0",
"otpauth://totp/GitHub%20Inc%2E:me%400x4f.in?secret=QWERTYUIOP&issuer=GitHub&algorithm=SHA1&digits=6&period=30&counter=0",
],
"wkpass": [
"wkpass://qrcode/Informa%20PLC:Owais%20Shaikh?data=GRG79G6P&Description=BlackHat%20Arsenal%20USA%202023&From=1691193600&To=1691625600"
"wkpass://qrcode/Delta%20Airlines:Owais%20Shaikh?data=ZXCVBNM&Description=&From=BOM&To=LAX"
]
}This JSON is escaped, base64'd and encrypted locally with your device MasterKey. It is also transmitted in an encrypted base64 form (but with a separate temporary AES key).
Wristkey's 2FA codes simply store data in an otpauth:// URL, as displayed in the QR codes you scan. This reduces complexity and makes exports and management easier. To learn more about this protocol visit the official Google Authenticator spec docs.
For wallet passes, Wristkey uses a protocol I made up called "wkpass", which is a replica of otpauth:// URLs. It looks like this...
wkpass://<CodeType>/<Organizer>:<AttendeeName>?data=<DataToRender>&<SomeKey>=<SomeValue>...The keys and values could contain airport gate numbers, theater seat numbers and so on. Please note that Wristkey doesn't show data entries in the pass previews and may only show the first few entries.
Pass features are based on the Google Wallet pass API. NFC passes are currently unsupported.
I wrote this app in college so that I could log into GitLab and back up my projects from the on-campus computer labs (and to flex my UI skills a bit). Please don't judge too harshly. 😇