Hello Kai, Thanks a lot for your answer. I think I might not have been clear enough. Please see below.
> > this simply prepares an empty database that you need for future > operations. Right. > > > However this initalization does not add to this file a private key > > to encrypt the usernames and passwords that will be present on > > signons.sqlite. > > File signons.sqlite is not managed by code at the NSS C library > level. > I don't have any problem with manipulating signons.slite. Writing the right SQL to it makes it work. Here is an example entry: VALUES(2,'https://MYSERVER.DOMAIN:COM','Zimbra',NULL,'','','MEIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECLDSy8T1YP62BBhezsrIb0gzLYQ7BklOk8BPEp+K2sa8u5c=','MDIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECJTQRSQWIMK0BAjAOa6J3nsBkg==','{3be0a83f-5b93-4b72-876b-736add0de95d}',1,1352869228765,1352869228765,1352869228765,1); The fields starting by MEIEEP... are the encrypted username and password. They were hased using libnss but that was only possible because key3.db was not only created also but initialized with the symmetric encryption key that thunderbird generates the first time a password is stored. I did this by adapting the code present here: https://hg.cryptobitch.de/firefox-passwords/file/ The result is attached. So I need to find out how to call libnss se actually generate a key for key3.db. But I'm half amazed that it isn't possible via certutil or other CLI interface. > It looks like the file is managed by Mozilla's toolkit code, > "mozilla/toolkit/components/passwordmgr". > > In order to manage the contents of such files, you should probably > make > use of that code. I really only need to generate an encryption key and add it to key3.db. All the rest works already. (I will share the whole thing as soon as I have this sorted out - it is getting quite interesting: pref generation,signons.sqlite generation, etc) > > Question: how can I insert such a key from the command line? > > You probably have to create your own little wrapper application > around > Mozilla, maybe using XulRunner, and call the appropriate APIs from > Mozilla's password manager. I would to have a starting point to look at. > In should be clear by now that you don't want to insert into key3.db, > but additional background: I still do :-) You can compare a clean key3.db created with certutil with a key3.db that is present after you save a password a close the application. Just run db_dump185 an see the difference. > > key3.db is a low level storage file managed by NSS. Only NSS APIs are > used to manipulate it. > > Mozilla's application passwords aren't stored in key3.db. Rather, > key3.db contains a symmetric key for symmetric encryption. > Precisely. That's what I want to generate programatically. Best regards Gustavo -- Angulo Sólido - Tecnologias de Informação http://angulosolido.pt
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
