Closed
Bug 568937
Opened 15 years ago
Closed 14 years ago
Private keys in ~/.jetpack/keys should be encrypted somehow, maybe
Categories
(Add-on SDK Graveyard :: General, defect)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: avarma, Unassigned)
Details
Attachments
(1 file)
|
1.96 KB,
application/javascript
|
Details |
I was just collaborating on an experimental Jetpack-based addon with dmose and had to transfer the private key of our addon to him so that he could publish it too (since we're equal co-authors of the addon). However, because it was easiest, I just emailed the file to him. Not very secure, huh?
While I know that we can *advise* folks to do this kind of thing in a more secure way, I suspect most of them will just do what I did, because it involves the least hassle. If there was a really easy way for me to password-protect the file before sending it then that might have been awesome.
I think Lucas Adamski also suggested encrypting the file on-disk in case the user's filesystem is compromised.
This bug is probably low priority right now and we can mark it WONTFIX later if we decide not to pursue it, but I thought I'd file it here so we don't forget about it.
|
||
Comment 1•15 years ago
|
||
I think you should rather use nsILoginInfo and stuff. I have implemented a Jetpack CommonJS module for that at http://gitorious.org/addon-sdk/bugzilla-triage-scripts/blobs/master/lib/passwords.js
|
|
||
Updated•15 years ago
|
OS: Mac OS X → All
|
|
||
Comment 2•15 years ago
|
||
|
Reporter | |
Comment 3•15 years ago
|
||
Oh, interesting. This seems like it'd require launching Firefox/XULRunner during the XPI build process then, right? I guess it could create a special "jetpack SDK profile" somewhere to store everything... Or were you expecting the user's default profile to be used? Or am I totally misinterpreting what you're suggesting here?
|
|
||
Comment 4•15 years ago
|
||
Oh, shut, I got mislead by "private key" into nsILoginInfo discussion. This bug has obviously nothing to do with it. I have made now new bug 610607 for nsILoginInfo implementation for https://wiki.mozilla.org/Labs/Jetpack/SDK/APIs
|
||
Comment 5•15 years ago
|
||
The Add-on SDK is no longer a Mozilla Labs experiment and has become a big enough project to warrant its own Bugzilla product, so the "Add-on SDK" product has been created for it, and I am moving its bugs to that product.
To filter bugmail related to this change, filter on the word "looptid".
Component: Jetpack SDK → General
Product: Mozilla Labs → Add-on SDK
QA Contact: jetpack-sdk → general
Version: Trunk → unspecified
|
|
||
Comment 6•14 years ago
|
||
This would be better done external to the SDK (sending via secure mail, secure IRC, etc.).
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•