This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.

1Password file format

webie
webie
edited July 2012 in Windows
Are there any plans to "open-up" 1Password Agile Keychain format?



After reading [url="http://help.agilebits.com/1Password3/agile_keychain_design.html"]http://help.agilebit...ain_design.html[/url] I understand that 1Password file format is essentailly a JSON file. What I don't understand is how to decrypt the following fields using a master password.

encrypted" : "..."

usernameHash" : "...",



You use PBKDF-SHA1 to derive a decryption key for AES-128 from master password but exactly which mode of AES is used. What about IV? Number of iterations? Do you plan to document this?



Thanks!
Flag

Comments

  • khad
    khad Social Choreographer
    Welcome to the forums, webie! I wanted to make sure you know we saw your post. We should be able to get you a comprehensive reply soon. Thanks for your patience in the meantime.
    Flag
  • webie
    webie
    I found out the answers I was looking for. https://bitbucket.org/gwik/agilekeychain explains "Agile Keychain" file format well with code.
    Flag
  • khad
    khad Social Choreographer
    Ah, yep! I was actually trying to find that link yesterday but didn't have it handy. I'm glad you were able to find it. Let me know if there is anything else we can help with. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />



    Cheers,
    Flag
  • jpgoldberg
    jpgoldberg Agile Customer Care
    Hi webie!



    I certainly could do a better job documenting the format, but we are busy with the next generation format, which again our [i]intent[/i] is to fully document. I'm glad you found what you are looking for.



    Just out of curiosity (and don't feel obliged to answer), were you involved the development of the [url="http://www.openwall.com/lists/john-users/2012/07/20/3"]1Password plug-in for John the Ripper[/url]? I'll be blogging about that shortly, but let me just say that we've known since we developed the agilekeychain that automated password cracking was inevitable. And when last month we saw JtR plug-ins for other password mangers, it was clear that this was coming soon.



    We've been advising users to have good master passwords for a long time and using PBKDF2, under the assumption that such crackers may exist (just not publicly). Now that it is public, it helps us better make the case to users to pick good master passwords.



    Cheers,



    -j
    Flag