infinity0/mozilla-gnome-keyring-legacy

A mozilla extension to store passwords and form logins in gnome-keyring

This replaces the default password manager in Firefox and Thunderbird with an implementation which uses Gnome Keyring. This is a centralised system-based password manager, which is more simple to handle than per-application management.

You can find more technical information on bugzilla[1] or on the github project pages[2].

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=309807 [2] https://github.com/infinity0/mozilla-gnome-keyring

Usage

You can change the keyring in which passwords are saved by creating or editing the preference item "extensions.gnome-keyring.keyringName". The default keyring is "mozilla". This is a per-profile setting, so if you don't manually change it, all profiles will share the same keyring.

You can backup your passwords easily, separately from the rest of your mozilla profile. Your keyrings are stored ~/.gnome2/keyrings - even gnome-keyring 3.2 does this, although this may change in the future.

You can also take advantage of the more fine-tuned keyring management features of gnome-keyring, such as:

no need to prompt for password, if you store in the "login" keyring and the password for that keyring is the same as your login password.
if the keyring is already open, don't need to prompt for a password each time you start Firefox or Thunderbird.
you can explicitly re-lock the keyring when you feel you need to.
in gnome-keyring 3, you can set policies to automatically re-lock the keyring after e.g. a certain amount of time, or a certain amount of time being idle.
in gnome-keyring 3, the keyring password prompt disables keyboard input to other windows, so you don't need to worry about accidentally typing it somewhere you shouldn't

Note: gnome-keyring stores the passwords encrypted on permanent storage but it keeps unlocked passwords in memory without encryption. As a result, programs with access to the memory space of gnome-keyring (such as debuggers and applications running as root) may be able to extract the passwords. The same applies to the default Firefox and Thunderbird implementations, so this extension should not be any less secure.

Non-working cases and workarounds

Passwords will not be saved or filled in if:

the username or password element has attribute autocomplete="on"
- workaround: delete the attribute using the DOM inspector
the username or password element is already filled in by the page
- see https://bugzilla.mozilla.org/show_bug.cgi?id=618698
- note: not a browser bug
(mozilla bug): the page is XML+XSLT
- see https://bugzilla.mozilla.org/show_bug.cgi?id=354706

Migrating old passwords

Currently there is no migration facility. If you have many passwords in the default password manager, you'll need to manually transfer them to gnome-keyring:

create a TEMP profile, and install/enable this extension in it
in the TEMP profile, edit extensions.gnome-keyring.keyringName to whatever you eventually want to use
restart the TEMP profile for setting changes to take effect
open up the SUBJ profile using "firefox -no-remote -P " so that you have both profiles open
open up the password manager on the SUBJ profile
for each website list, visit it in the TEMP profile and login again, which should trigger the "save password" prompt
- In the password manager for Firefox 7+ you can right-click and do "copy password", which makes this a little easier. For earlier versions, you'll need to manually type the password. Sorry.
close the TEMP profile and delete it.
in the SUBJ profile, install/enable this extension, and edit extensions.gnome-keyring.keyringName to whatever you chose before
restart the SUBJ profile for setting changes to take effect

Your old data in the default password manager remains untouched, so you also need to delete that manually if you want to. This is done by going to your profile folder, and deleting the key3.db and signons.sqlite files (signons.txt/signons2.txt/signons3.txt for older versions). The old data may still be forensically retrievable from your disk, but if you were protecting it with a master password, this data would still be be encrypted.

Deleting old data will also clear the master password for the default password manager. If you don't clear it, you'll still be asked for it when you choose to "show passwords", even if this extension is active.

Developer information

Build dependencies:

libgnome-keyring-devel (may be called libgnome-keyring-dev)
xulrunner-devel (may be called xulrunner-dev)

xulrunner must be version 31 or greater. For support for older versions of Firefox/Thunderbird, see previous releases of this software.

[1] https://github.com/fat-lobyte/mozilla-gnome-keyring/tree/ubuntu [2] https://github.com/infinity0/mozilla-gnome-keyring/issues/20 [3] https://github.com/mdlavin/firefox-gnome-keyring/issues/#issue/4