Closed Bug 1581761 Opened 6 years ago Closed 6 years ago

Store a backup of the symmetric key used for the Secret Decoder Ring in the profile directory

Categories

(Core :: Security: PSM, enhancement)

Product:
Core
Component:
Security: PSM
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: KaiE, Unassigned)

References

Details

Firefox and Thunderbird encrypt saved logins. They are encrypted with a symmetric key stored by NSS. That key is used by the PSM's SDR (Secret Decoder Ring).

It would be helpful to have the ability to create a backup of that key, still wrapped with the same master password.

Suggestion for discussion:

PSM could automatically create a backup file of the key in the profile directory. If the file isn't there, the backup could be created at login time, after a successful login (the password is available at that time, and can be used for PBE of the backup).

Whenever the master password is changed using PSM, replace the backup file.

See also bug 1581759, exporting that key using symkeyutil seems impossible at this time.

Today, if the key database file is corrupted, the saved logins and private keys for user certificates will be lost.

See Also: → 1581759

I think our engineering time is better spent moving away from the PK11SDR API entirely.

Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.