Adding Chrome OS (with smart card) support via a non-native browserpass-native replacementSee original GitHub issue
Unfortunately, browserpass cannot be used on Chrome OS since this platform lacks support for native messaging. I am the author of smart-pass, a fork of an earlier version of browserpass, which gets around this issue by offloading the work done by gpg to a smart card (e.g. a Nitrokey or YubiKey). Smart card support is available for Chrome OS thanks to the official Smart Card Connector app.
Now that the shiny new version 3 of browserpass is out (thanks a lot for that!) and provides a documented protocol for communication with browserpass-native, I think that it would not be too difficult to convert the functionality provided by smart-pass into a Chrome OS extension replacing browserpass-native on that platform.
The rough plan for this would look as follows:
- Develop a Chrome extension that speaks the browserpass-native protocol and provides the functionality of the native helper, for example by fetching
.gpgfiles from Google Drive and decrypting them on a smart card.
- Change hostAction to make it speak to a configurable, whitelisted non-native extension that provides the functionality of browserpass-native.
If there is interest in Chrome OS support along this route and the resulting extension could become part of the official family of browserpass repos, I would try to carry out the work needed to make it happen. Please let me know what you think.
- Created 4 years ago
- Comments:13 (11 by maintainers)
Top GitHub Comments
In order to provide more of a basis to the discussion about whether or not something like browserpass-chromeos is a good idea, I went ahead and drafted up the structure of a Chrome App clone of browserpass-native. It supports and validates the communication protocol and tries to mimic browserpass-native’s behavior as closely as possible. It supports all actions, with the crucial exception that “fetch” will not decrypt the file contents before sending them back to browserpass-extension, but rather considers the content of the
*.gpg files to be plaintext. Of course this makes it unfit for actual use, but should allow you to get a feel for the ergonomics and performance of everything the app would do except for the smart card decryption (and therefore PIN entry UI) functionality.
The app is available at https://github.com/FabianHenneke/browserpass-chromeos and can be loaded as an unpacked extension on all platforms. If you want to give it a try, the README contains a minimal patch that needs to be applied to browserpass-extension for it to communicate with browserpass-chrome.
I finished a first feature-complete version, which is now available at FabianHenneke/browserpass-chromeos. I maintain a patched fork of browserpass-extension with Chrome OS support at FabianHenneke/browserpass-extension.
When you have the time, just take a look and let me know what you like and what you would prefer to be done differently. I could then improve the UI, add comments,… You can take your time though, I will have less time to work on this in the future anyway.
I have made preparations for adding support for #61 via isomorphic-git and openpgp-js. This includes a database for public keys that can either be extracted from a smart card or added from a file. It shouldn’t take me too long to implement the rest when #61 should finalize.
A noteworthy omission is the lack of support for ECC keys. These are not only somewhat painful to implement (the card only takes care of the key exchange part), they also have the UX drawback of requiring additional information for decryption that does not seem to be available from the card. I would probably defer adding support for this until #61 makes public key management necessary anyway.