Open Bug 1846723 Opened 2 years ago Updated 1 year ago

SecretDecoderRing (SDR) should use AES

Categories

(Core :: Security: PSM, enhancement, P3)

Product:
Core
Component:
Security: PSM
Type:
enhancement

Tracking

()

People

(Reporter: KaiE, Unassigned)

References

(Depends on 1 open bug)

Details

(Whiteboard: project-tracker)

Attachments

(1 file)

WIP: Bug 1846723 - Extend nsISecretDecoderRing to support encryption with AES.
48 bytes, text/x-phabricator-request
Details | Review

As of today nsISecretDecoderRing uses triple-DES.
I suggest to switch it to use AES by default when encrypting.

That will require that the NSS database contains another symmetric key of type AES.

(I don't know yet if there will be any adjustments necessary for the primary password, for handling both the legacy triple-DES and the new AES key.)

I think the decryption code should be able to handle data encrypted with any algorithm, as explained in bug 198090.

I wonder if we should add another Encrypt API function call, that allows explicitly specifying which algo to use. At least for development/testing it would be helpful.

Code to experiment using the JS console:

let sdr=Cc["@mozilla.org/security/sdr;1"].getService(Ci.nsISecretDecoderRing);
sdr.encryptString("a");
sdr.encryptStringAES("a");

Summary: nsISecretDecoderRing should support AES → SecretDecoderRing (SDR) should use AES
Whiteboard: project-tracker
Severity: -- → N/A
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: