SDR backup

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

SDR backup

Wolfgang Rosenauer-2
Hi,

I have an issue with NSS and mozilla's password manager.
The password manager is using the SDR to encrypt its passwords. The
problem is that the application I'm working on has to replace the user's
keystore with every update because there are special keys in that
database. So the user gets a new SDR with every update rendering his
saved password manager credentials useless.
So is there a way to save away that key temporary or is it possible to
import this key into the NSS database?

Thanks,
 Wolfgang
_______________________________________________
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: SDR backup

Nelson Bolyard
Wolfgang Rosenauer wrote:

> I have an issue with NSS and mozilla's password manager.
> The password manager is using the SDR to encrypt its passwords. The
> problem is that the application I'm working on has to replace the user's
> keystore with every update because there are special keys in that
> database.

If you believe your application needs to replace the user's keystore with
every application update, then I agree, that's a problem. Your application
ought not to need to replace the user's keystore with each update.  If
some contents of the key DB need to be updated from time time time, then
the application ought to do that in a way that does not necessitate
replacing the entire DB.

> So the user gets a new SDR with every update rendering his
> saved password manager credentials useless.

You seem to understand why replacing the DBs is a problem.
So, don't update them in that fashion.  Define your method of updating
key information in a way that does not invalidate stored credentials.

> So is there a way to save away that key temporary or is it possible to
> import this key into the NSS database?

It is certainly possible to import keys into the DB.

--
Nelson B

_______________________________________________
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto