MozillaZine

What encription method is used in logins.json?'

Discussion of features in Mozilla Firefox
Olhanzilla

User avatar
 
Posts: 146
Joined: February 10th, 2005, 8:29 pm

Post Posted December 27th, 2017, 12:09 pm

What is the encryption method used for the encrypted user name and password in the logins.json file?

Given that there is no replacement for the Password Export extension (apparently because extensions cannot yet get at passwords in 57) I want to write a standalone program to export and import passwords.

Apparently the master password is in key3.db and the saved passwords are in logins.json. It appears that if you do not set a master password, a blank password is used to encrypt the logins.json user name and password fields

The format of the logins.json file is quite simple but I need to know the encryption method used to retrieve the user name and password and the format and encryption used in the key3.db file.

Does anyone know what encryption method is used and, perhaps, can point me at code that would decrypt the fields?

I also need the format of the date fields in the logoins.json file - how are they formatted? Here's an example: 1466569273228

FYI - here's the format of an entry in the logins.json file, the encrypted fields have been mangled:

Code: Select all
"id":1,
"hostname":"http://www.example.com/",
"httpRealm":null,
"formSubmitURL":"http://downloads.example.com/",
"usernameField":"userName",
"passwordField":"password",
"encryptedUsername":"MDoEEPgAA98utyfAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECAcg3+WDArAeBBCukYFxEhYj3iE8UUV1LN+/",
"encryptedPassword":"MEIEEPgAAAtfiojljAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECFaqHMkFMc8YBBi2Ay0JInEnnVkmw10auloMCk6s/WbOtEQ=",
"guid":"{8be5cdad-b01d-490f-b003-c7fcdedd1e0b}",
"encType":1,
"timeCreated":1466569273228,
"timeLastUsed":1466569273228,
"timePasswordChanged":1466569273228,
"timesUsed":1


Another FYI - there is an online converter - https://json-csv.com/ - which will convert .json files to .csv files. Use of the page is fairly intuitive.

DanRaisch
Moderator

User avatar
 
Posts: 120589
Joined: September 23rd, 2004, 8:57 pm
Location: Somewhere on the right coast

Post Posted December 27th, 2017, 2:07 pm


therube

User avatar
 
Posts: 19186
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post Posted December 27th, 2017, 2:25 pm

Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript

Olhanzilla

User avatar
 
Posts: 146
Joined: February 10th, 2005, 8:29 pm

Post Posted December 27th, 2017, 3:36 pm

DanRaisch wrote:See this thread -- https://support.mozilla.org/en-US/questions/824120


I read the page you refereed to, it says:

When using a master password, the data is encrypted using Triple DES Encryption in CBC mode.

The text "Triple DES Encryption in CBC mode" is a link but it produces a 404, not found error.

I did some searching on Triple Des Encryption and found some material including https://code.google.com/archive/p/crypto-js/ I also found some C code.

I can quickly toss together some JavaScript to text the logarithm. I'll come back and post the results - in a couple days.

Olhanzilla

User avatar
 
Posts: 146
Joined: February 10th, 2005, 8:29 pm

Post Posted December 27th, 2017, 3:39 pm



Thanks for the reply.

See my reply to DanRaisch.

Return to Firefox Features


Who is online

Users browsing this forum: No registered users and 0 guests