1902336 - Recovered payment methods need to be decrypted and reencrypted with the OSKeyStore

Status: RESOLVED FIXED

(Firefox :: Profile Backup, task, P3)

Description

[Mike Conley (:mconley) (:⚙️)]

Once bug 1901132 is fixed, we should have the OSKeyStore recovery code wrapped in an encrypted single-file backup archive. Once given the right recovery code, the ArchiveDecryptor should have the original OSKeyStore secret from the device that the backup was created on.

We should then:

1. Create a new nativeOSKeyStore with a unique temporary name, and provide the original OSKeyStore secret ("recovery code") to it
2. Use that nativeOSKeyStore to decrypt the payment methods
3. Re-encrypt the payment methods using the current system OSKeyStore.

I think we can probably do this at recovery time before launching the new profile, but it'll mean passing in the ArchiveDecryptor (or the original OSKeyStore secret) into the CredentialsAndSecurityBackupResource's recover method.

Comment 1

[Mike Conley (:mconley) (:⚙️)]

Attachment: Bug 1902336 - Make sure to properly re-encrypt payment methods with the local OSKeyStore after backup recovery. r?#backup-reviewers!

Comment 2

[Pulsebot]

Pushed by mconley@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/2d0a5e716366
Make sure to properly re-encrypt payment methods with the local OSKeyStore after backup recovery. r=backup-reviewers,sthompson

Comment 3

[Norisz Fay [:noriszfay]]

https://hg.mozilla.org/mozilla-central/rev/2d0a5e716366