Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Adding Chrome OS (with smart card) support via a non-native browserpass-native replacement

See original GitHub issue

Unfortunately, browserpass cannot be used on Chrome OS since this platform lacks support for native messaging. I am the author of smart-pass, a fork of an earlier version of browserpass, which gets around this issue by offloading the work done by gpg to a smart card (e.g. a Nitrokey or YubiKey). Smart card support is available for Chrome OS thanks to the official Smart Card Connector app.

Now that the shiny new version 3 of browserpass is out (thanks a lot for that!) and provides a documented protocol for communication with browserpass-native, I think that it would not be too difficult to convert the functionality provided by smart-pass into a Chrome OS extension replacing browserpass-native on that platform.

The rough plan for this would look as follows:

  1. Develop a Chrome extension that speaks the browserpass-native protocol and provides the functionality of the native helper, for example by fetching .gpg files from Google Drive and decrypting them on a smart card.
  2. Change hostAction to make it speak to a configurable, whitelisted non-native extension that provides the functionality of browserpass-native.

If there is interest in Chrome OS support along this route and the resulting extension could become part of the official family of browserpass repos, I would try to carry out the work needed to make it happen. Please let me know what you think.

Issue Analytics

  • State:open
  • Created 4 years ago
  • Comments:13 (11 by maintainers)

github_iconTop GitHub Comments

fmeumcommented, Apr 24, 2019

In order to provide more of a basis to the discussion about whether or not something like browserpass-chromeos is a good idea, I went ahead and drafted up the structure of a Chrome App clone of browserpass-native. It supports and validates the communication protocol and tries to mimic browserpass-native’s behavior as closely as possible. It supports all actions, with the crucial exception that “fetch” will not decrypt the file contents before sending them back to browserpass-extension, but rather considers the content of the *.gpg files to be plaintext. Of course this makes it unfit for actual use, but should allow you to get a feel for the ergonomics and performance of everything the app would do except for the smart card decryption (and therefore PIN entry UI) functionality.

The app is available at and can be loaded as an unpacked extension on all platforms. If you want to give it a try, the README contains a minimal patch that needs to be applied to browserpass-extension for it to communicate with browserpass-chrome.

fmeumcommented, Dec 22, 2019

I finished a first feature-complete version, which is now available at FabianHenneke/browserpass-chromeos. I maintain a patched fork of browserpass-extension with Chrome OS support at FabianHenneke/browserpass-extension.

When you have the time, just take a look and let me know what you like and what you would prefer to be done differently. I could then improve the UI, add comments,… You can take your time though, I will have less time to work on this in the future anyway.

I have made preparations for adding support for #61 via isomorphic-git and openpgp-js. This includes a database for public keys that can either be extracted from a smart card or added from a file. It shouldn’t take me too long to implement the rest when #61 should finalize.

A noteworthy omission is the lack of support for ECC keys. These are not only somewhat painful to implement (the card only takes care of the key exchange part), they also have the UX drawback of requiring additional information for decryption that does not seem to be available from the card. I would probably defer adding support for this until #61 makes public key management necessary anyway.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Use smart cards on ChromeOS - Google Support
This article focuses on the steps required to successfully start using your smart card on ChromeOS on your personal, unmanaged device.
Read more >
Step 1 - Setting up for ChomeBook and Chrome OS
Step 1 - Setting up for ChomeBook and Chrome OS · Note: · To get started you will need: · General: · You...
Read more >
Smart Card Connector
Overview. By Google. Enable Smart Card access on your Chromebook. This application provides basic support for Smart Cards on Chrome OS.
Read more >
MilitaryCAC's Use your CAC on a Chromebook
Utilizing your CAC with Chrome OS "may" work if you follow these instructions ... Double click the CSSI SmartCard Middleware app on your...
Read more >
Early access to Chrome OS Flex: The upgrade PCs and Macs ...
Chromebooks don't slow down over time, stay up to date, provide proactive protection, and are easy to manage. To help even more organizations ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found