__ __ _ _
\ \ / / | | (_)
\ \ /\ / /__ _ __| | __ _ _ __ _ __ _ __ ___ __ _ _ __ ___ ___ ___
\ \/ \/ / _ \| '__| |/ / | | '_ \ | '_ \| '__/ _ \ / _` | '__/ _ \/ __/ __|
\ /\ / (_) | | | < | | | | | | |_) | | | (_) | (_| | | | __/\__ \__ \
\/ \/ \___/|_| |_|\_\ |_|_| |_| | .__/|_| \___/ \__, |_| \___||___/___/
| | __/ |
|_| |___/
Table of Contents
| Section | Description | Link |
|---|---|---|
| Common things | Common definitions | Common things |
| File extensions | How file extensions should work | File extensions |
| Mandatory parts | What entries every file must have | Mandatory parts |
| Key derivation functions (KDF) | Definition of available KDF options | Key derivation functions (KDF)) |
| Login informations | Definition of login informations | Login informations |
| Login informations (secret / encrypted) | Definition of login informations (secret / encrypted) | Login informations (secret / encrypted)) |
| Note entries | Definition of Note entries | Note entries |
| Note entries (secret / encrypted) | Definition of Note entries (secret / encrypted) | Note entries (secret / encrypted)) |
| File entries | Definition of File entries | File entries |
| File entries (secret / encrypted) | Definition of File entries (secret / encrypted) | File entries (secret / encrypted)) |
| Contact informations | Definition of contact informations | Contact informations |
| Contact informations (secret / encrypted) | Definition of contact informations (secret / encrypted) | Contact informations (secret / encrypted)) |
| Payment cards | Definition of payment cards | Payment cards |
| Payment cards (secret / encrypted) | Definition of payment cards (secret / encrypted) | Payment cards (secret / encrypted)) |
There are three different variable types that are supported. Integers (signed), UTF-8 strings for text and base64 encoded byte arrays for binary data or text.
Basically all hardcoded strings (e.g. enum likes) are stored as UTF-8. Anything that user can input (e.g. URL) is stored as base64 encoded byte array (so UTF-8 string is converted to bytes and then base64 encoded). This decision is made in name of interoperability (so one can e.g. copy values from JSON to XML and everything should just work).
CommonSecrets file should have file extension chain that explains how it should be opened. e.g. foods.commonsecrets.xml would mean that CommonSecrets is stored to XML format, and fruits.commonsecrets.json.png would mean that CommonSecrets is stored to JSON which is then stored to PNG image file.
This MUST be first element (and this is only element where order matters). It is first element because it is easier to check file formats when needed information is as early as possible.
Version number is an integer that tells what CommonSecrets version this file uses. Currently there is only version 1.
List of text objects that define key derivation functions. There can be multiple Key derivation functions defined in one CommonSecrets file.
Only PBKDF2 is supported, with HMAC-SHA256 and HMAC-SHA512 as pseudo-random functions.
Base64 encoded salt, decoded content should be 16 bytes (128 bits)
Integer that tells how many iterations have to be done. Minimum value is 1, recommended is something over 100 000
Base64 encoded UTF-8 string as identifier of KDF, used to pair KDF and Symmetric-key algorithm. SHOULD be unique, so every KDF in a file should have unique identifer.
Login information (plaintext ones). Every variable MUST be included even if they are empty.
Base64 encoded UTF-8 string, used to identify entries (doesn't need to be unique)
Base64 encoded UTF-8 string, might contain e.g. HTTPS URL
Base64 encoded UTF-8 string
Base64 encoded UTF-8 string
Base64 encoded UTF-8 string
Base64 encoded UTF-8 string, additional notes for this entry
Integer, UNIX timestamp in seconds
Integer, UNIX timestamp in seconds
Base64 encoded byte array that contains either SVG, PNG or JPEG image file as logo
Base64 encoded UTF-8 string
Base64 encoded UTF-8 string that contains tab (\t) separated tag entries
UTF-8 string (can only contain hex chars, so numbers 0-9 and letters A-F) that contain SHA-256 checksum of all other login information variables concatenated together. Integer variables are first turn into little-endian byte arrays.
Encrypted entries, each entry MUST contain following:
Base64 encoded UTF-8 string Key identifier is used to pair one KDF entry to this login information
Base64 encoded byte array that contains encrypted AUDALF bytes. AUDALF contains following entries:
UTF-8 string, used to identify entries (doesn't need to be unique)
UTF-8 string, might contain e.g. HTTPS URL
UTF-8 string
UTF-8 string
UTF-8 string
UTF-8 string, additional notes for this entry
64 bit unsigned integer, Unix time in seconds (see type ID 117440513 in AUDALF specifications)
64 bit unsigned integer, Unix time in seconds (see type ID 117440513 in AUDALF specifications)
Byte array that contains either SVG, PNG or JPEG image file as logo
UTF-8 string
UTF-8 string that contains tab (\t) separated tag entries
UTF-8 string (can only contain hex chars, so numbers 0-9 and letters A-F) that contain SHA-256 checksum of all other login information secret variables concatenated together
Two encryption algorithms are supported, they are AES (CTR) and ChaCha20.
Name is AES-CTR
Following values must be included
Integer, valid values are 128, 192 or 256 (bits)
Base64 encoded byte array that contains 128 bits of nonce used to init AES-CTR
Name is ChaCha20
Following values must be included
Valid integer value is 256 (bits)
Base64 encoded byte array that contains 96 bits of nonce used to init ChaCha20
Integer value that contains counter that is used to init ChaCha20
Can contain multiple note entries which are in following format:
Base64 encoded UTF-8 string that contains the title of note
Base64 encoded UTF-8 string that contains the content of note
Integer, UNIX timestamp in seconds
Integer, UNIX timestamp in seconds
UTF-8 string (can only contain hex chars, so numbers 0-9 and letters A-F) that contain SHA-256 checksum of note. Integer variables are first turn into little-endian byte arrays.
Can contain multiple note secret entries which are in following format:
Base64 encoded UTF-8 string, is used to pair one KDF entry to this note secret
Base64 encoded byte array that contains encrypted AUDALF bytes. AUDALF contains following entries:
UTF-8 string that contains the title of note
UTF-8 string that contains the content of note
64 bit unsigned integer, Unix time in seconds (see type ID 117440513 in AUDALF specifications)
64 bit unsigned integer, Unix time in seconds (see type ID 117440513 in AUDALF specifications)
UTF-8 string (can only contain hex chars, so numbers 0-9 and letters A-F) that contain SHA-256 checksum of all other note secret variables concatenated together
Can contain multiple file entries which are in following format:
Base64 encoded UTF-8 string that contains the name of the file
Base64 encoded byte array that contains the content of file
Integer, UNIX timestamp in seconds
Integer, UNIX timestamp in seconds
UTF-8 string (can only contain hex chars, so numbers 0-9 and letters A-F) that contain SHA-256 checksum of file entry variables concatenated together. Integer variables are first turn into little-endian byte arrays.
Can contain multiple file entries which are in following format:
Base64 encoded UTF-8 string, is used to pair one KDF entry to this file entry
Base64 encoded byte array that contains encrypted AUDALF bytes. AUDALF contains following entries:
UTF-8 string that contains the file name
Byte array that contains the file content
64 bit unsigned integer, Unix time in seconds (see type ID 117440513 in AUDALF specifications)
64 bit unsigned integer, Unix time in seconds (see type ID 117440513 in AUDALF specifications)
UTF-8 string (can only contain hex chars, so numbers 0-9 and letters A-F) that contain SHA-256 checksum of all other file entry secret variables concatenated together
Can contain multiple contact informations which are in following format:
Base64 encoded UTF-8 string that contains first name of the contact
Base64 encoded UTF-8 string that contains last name of the contact
Base64 encoded UTF-8 string that contains middle name of the contact
Base64 encoded UTF-8 string that contains name prefix of the contact
Base64 encoded UTF-8 string that contains name suffix of the contact
Base64 encoded UTF-8 string that contains nickname of the contact
Base64 encoded UTF-8 string that contains company of the contact
Base64 encoded UTF-8 string that contains job title of the contact
Base64 encoded UTF-8 string that contains department of the contact
Base64 encoded UTF-8 string that contains tab (\t) separated email entries. Amount MUST match Email descriptions entries
Base64 encoded UTF-8 string that contains tab (\t) separated email description entries. Amount MUST match Email entries
Base64 encoded UTF-8 string that contains tab (\t) separated phone number entries. Amount MUST match Phone number descriptions entries
Base64 encoded UTF-8 string that contains tab (\t) separated phone number description entries. Amount MUST match phone number entries
Base64 encoded UTF-8 string that contains country
Base64 encoded UTF-8 string that contains street address
Base64 encoded UTF-8 string that contains additional street address info
Base64 encoded UTF-8 string that contains postal code
Base64 encoded UTF-8 string that contains city
Base64 encoded UTF-8 string that contains PO Box
Base64 encoded UTF-8 string that contains birthday
Base64 encoded UTF-8 string that contains tab (\t) separated website address entries
Base64 encoded UTF-8 string that contains relationship
Base64 encoded UTF-8 string, additional notes for this contact
Integer, UNIX timestamp in seconds
Integer, UNIX timestamp in seconds
UTF-8 string (can only contain hex chars, so numbers 0-9 and letters A-F) that contain SHA-256 checksum of contact information variables concatenated together. Integer variables are first turn into little-endian byte arrays
Can contain multiple encrypted Contact informations which are in following format:
Base64 encoded UTF-8 string, is used to pair one KDF entry to this Contact information secret
Base64 encoded byte array that contains encrypted AUDALF bytes. AUDALF contains following entries:
UTF-8 string that contains first name of the contact
UTF-8 string that contains last name of the contact
UTF-8 string that contains middle name of the contact
UTF-8 string that contains name prefix of the contact
UTF-8 string that contains name suffix of the contact
UTF-8 string that contains nickname of the contact
UTF-8 string that contains company of the contact
UTF-8 string that contains job title of the contact
UTF-8 string that contains department of the contact
UTF-8 string that contains tab (\t) separated email entries. Amount MUST match Email descriptions entries
UTF-8 string that contains tab (\t) separated email description entries. Amount MUST match Email entries
UTF-8 string that contains tab (\t) separated phone number entries. Amount MUST match Phone number descriptions entries
UTF-8 string that contains tab (\t) separated phone number description entries. Amount MUST match phone number entries
UTF-8 string that contains country
UTF-8 string that contains street address
UTF-8 string that contains additional street address info
UTF-8 string that contains postal code
UTF-8 string that contains city
UTF-8 string that contains PO Box
UTF-8 string that contains birthday
UTF-8 string that contains tab (\t) separated website address entries
UTF-8 string that contains relationship
UTF-8 string, additional notes for this contact
64 bit unsigned integer, Unix time in seconds (see type ID 117440513 in AUDALF specifications)
64 bit unsigned integer, Unix time in seconds (see type ID 117440513 in AUDALF specifications)
UTF-8 string (can only contain hex chars, so numbers 0-9 and letters A-F) that contain SHA-256 checksum of contact information variables concatenated together. Integer variables are first turn into little-endian byte arrays
Can contain multiple file payment cards which are in following format:
Base64 encoded UTF-8 string, used to identify entries (doesn't need to be unique)
Base64 encoded UTF-8 string, name displayed on payment card
Base64 encoded UTF-8 string, card type (usually either Credit or Debit)
Base64 encoded UTF-8 string, number on the card
Base64 encoded UTF-8 string, security code on the card
Base64 encoded UTF-8 string, first valid date of the card (usually month / year)
Base64 encoded UTF-8 string, expiration date of the card (usually month / year)
Base64 encoded UTF-8 string, additional notes for this payment card
Integer, UNIX timestamp in seconds
Integer, UNIX timestamp in seconds
UTF-8 string (can only contain hex chars, so numbers 0-9 and letters A-F) that contain SHA-256 checksum of contact information variables concatenated together. Integer variables are first turn into little-endian byte arrays
Can contain multiple encrypted payment cards which are in following format:
Base64 encoded UTF-8 string, is used to pair one KDF entry to this payment card secret
Base64 encoded byte array that contains encrypted AUDALF bytes. AUDALF contains following entries:
UTF-8 string, used to identify entries (doesn't need to be unique)
UTF-8 string, name displayed on payment card
UTF-8 string, card type (usually either Credit or Debit)
UTF-8 string, number on the card
UTF-8 string, security code on the card
UTF-8 string, first valid date of the card (usually month / year)
UTF-8 string, expiration date of the card (usually month / year)
UTF-8 string, additional notes for this payment card
64 bit unsigned integer, Unix time in seconds (see type ID 117440513 in AUDALF specifications)
64 bit unsigned integer, Unix time in seconds (see type ID 117440513 in AUDALF specifications)
UTF-8 string (can only contain hex chars, so numbers 0-9 and letters A-F) that contain SHA-256 checksum of all other payment card secret variables concatenated together
{}