SQRL (secure quick reliable login) for pen-test
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Daniel Persson 47f9736db2
Merge pull request #471 from kalaspuffar/bugfixes
1 year ago
app Multiple bugfixes 1 year ago
doc Added flow chart from @sengsational 2 years ago
google-play-assets Updated feature image. 2 years ago
gradle/wrapper First implementation of startup guide. 1 year ago
.gitignore Bump version. 2 years ago
.travis.yml Update travis script. 2 years ago
CHANGELOG Update changelog. 1 year ago
CODE_OF_CONDUCT.md Added code of conduct. 3 years ago
CONTRIBUTING.md Contribution doc. 3 years ago
ISSUE_TEMPLATE.md Added issue template. 3 years ago
LICENSE Initial commit 3 years ago
PULL_REQUEST_TEMPLATE.md Added pull request template. 3 years ago
README.md Update language list. 1 year ago
android-wait-for-emulator add script for waiting for emulator 2 years ago
build.gradle First implementation of startup guide. 1 year ago
gradle.properties More work. 3 years ago
gradlew Added gradle back for travis. 3 years ago
gradlew.bat Added gradle back for travis. 3 years ago
privacy_policy.html Added privacy policy. 3 years ago
privacy_policy_sqrl.html Changed company name. 3 years ago
settings.gradle Setting up initial android project. 3 years ago


SQRL Login

Build Status CII Best Practices

This repository is an implementation for SQRL (Secure Quick Reliable Login) on Android.


This is an open source project with an open attitude. The application is meant to be free and available to anyone. I want this project to be successful. I've put in some of my time, and we have contributors to this project, but all releases to Google Play are done by me (Daniel Persson). This is a labor of love for me, so I'm trying to keep this project clean and working. I recognize that using a product requires trust so for you to understand me perhaps better and if you are a developer you might find something interesting. Please take a look at my youtube channel for more of me.


Help wanted / appreciated

We are closely nearing a full implementation of the specification. But there is still a lot of things to do.

Some of these areas are not my speciallity so all help / merge requests are welcome.

Thank you for your time.


Before you begin using SQRL to login to websites, your SQRL private identity must be created. You only need one, probably for life, because it reveals NOTHING about you, and it's highly secure. It's just a very long (77-digit) random number.

From then on, whenever you login with SQRL to a website, your private identity is used to generate another 77-digit number for that one website. Every website you visit sees you as a different number, yet every time you return to the same site, that site's unique number is regenerated.

This allows you to be uniquely and permanently identified, yet completely anonymous.

Since you never need to use an eMail address or a password, you never give a website your actual identity to protect. If the website's SQRL identities are ever stolen, not only would the stolen identities only be valid for that one website, but SQRL's cryptography prevents impersonation using stolen identities.

This is as good as it sounds. It's what we've been waiting for.


Follow the install instructions below. When the application is installed you get the choice to either create or import an existing identity from a textual version or via scanning a QR code.

Follow these instructions in the application in order to get your identity setup and ready for use. After that you can just visit a site you want to login to either on your phone or other device.

Then you scan the QR code on the page or if you are on the same device you click the provided "Login with SQRL" link and the application opens up in order to enable you to login.

On the login prompt on your phone you need to verify that the domain your visiting is correct so you don't fall victim to a man in the middle attack. Then you supply the identity password, the application will then contact the server in order to verify your identity.

You may be required to create an account on the site if you haven't visited before. Then when ever you return you repeat the procedure from scanning the QR code or clicking the login link to verify your identity.

If you have any questions you can freely ask them in the SQRL forum at SQRL forum or opening a ticket on the issue tracker here on github.


The client is available on google play. Following the link below you will be redirected to the store page. Get it on Google Play

We recommend that you download apps from Google Play. You can also get them from other sources. Get it on F-Droid

Build from source

There is two different ways to build this project.

Android studio

First of you can install android studio, import the project and run / build / release it using the graphical interface.


You can build using gradle, the executibles are not supplied with this repository so in order to do this you need android studio to generate these files. But after the project is setup you may use the command below to build your release using the Android Studio gradle implementation from the command line.

./gradlew assembleRelease

System images