1

My Firefox extension needs to;

  • store user credentials in a file that will be stored in users local filesystem.
  • when credentials are needed, decrypt file read values and encrypt it again.
  • sometimes send encrypted file over http to a server.

I cant find any XPCOM component to encrypt / decrypt a file. Should i write my own XPCOM object, or is there any other reasonable solution for that.

[Note:] This may like Firefox's password management system. Firefox stores master password and keys in key3.db file and use these values to access credentials stored in signons.sqlite file.

Firefox uses nsILoginManager interface for its operations.

yuceel
  • 1,943
  • 2
  • 18
  • 27

1 Answers1

2

XPCOM doesn't currently provide a way to use the encryption capabilities of NSS. You can use js-ctypes to call NSS functions directly - not simple but doable. You can take a look at the WeaveCrypto.js module for an example implementation using symmetric keys. The DOMCrypt extension for example essentially bundles WeaveCrypto.js with the extension and only calls its functions then (using the version distributed with the browser isn't recommendable - this is an internal module and its API could change any time).

Wladimir Palant
  • 56,865
  • 12
  • 98
  • 126
  • Thanks for your answer Wladimir. I am looking for encryption/decryption operation on a file [not cleartext] but i cant find any way to do this. My other big problem is keeping symmetric key as secret. It is client side application so i have to provide client with key and this is unsecure. What do you think about using LiveConnect and hardcoded secret key in obfuscated java code ? But this time, i will be dependent on Jre and will have performance penalty. Is it easy process to use LiveConnect? – yuceel Oct 15 '11 at 15:08
  • 1
    The operation to encrypt/decrypt a file obviously consists out of reading the file into a string and encrypting/decrypting a string ;). And there is **no** secure way to store a symmetric encryption key on the client side, forget it. Depending on your use case you might consider asymmetric encryption. – Wladimir Palant Oct 17 '11 at 05:23
  • Thanks Wladimir. I will find a proper way for my context and update here. But I still wonder how firefox handles its key3.db to store enc/dec key. [Or how it keeps master password secret]. Thanks. – yuceel Oct 17 '11 at 10:59
  • 1
    @MustafaYüceel: `key.db` is handled by NSS directly, Firefox merely calls NSS functions. – Wladimir Palant Oct 17 '11 at 11:35