Re: programatically populating key3.db with a password encryption key

Wed, 14 Nov 2012 09:28:19 -0800 

Hi Kai,

Here goes some feedback from symkeytuil.

> Use "symkeyutil -d directory -L" to see a list of keys contained in a
> NSS DB.
> 
> -H for help
> 
> -K to generate a new key. Look at the Mozilla and the list output to
> deduce what parameters you need.
> 

1) Test with a key3.db initialized by saving+removing a credential pair in 
thunderbird.

-----------------------------
user@AS2-VDI:~$ /usr/local/AS/bin/symkeyutil  -d .thunderbird/linuxint.default/ 
-L
     Name            Len Strength     Type    Data
NSS Certificate DB:
                      24    168         des3  <restricted>

user@AS2-VDI:~$ python moz_encrypt.py -t -s "mypassword"
MDoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECBi/67pZPKeMBBDcAyRu26fApXi5R8Wq14Eo
-----------------------------

This key is good. We can hash a password with it!

2) Test with a key3.db initialized by certutil + symkeyutil

-----------------------------
user@AS2-VDI:~$ rm .thunderbird/linuxint.default/key3.db
user@AS2-VDI:~$ certutil -N -d .thunderbird/linuxint.default/ -f /tmp/file.txt
-----------------------------

NOTE: file.txt is empty. I'm not using a master password.

-----------------------------
jpalma@AS2-VDI:~$ /usr/local/AS/bin/symkeyutil  -d 
.thunderbird/linuxint.default/ -L
-----------------------------

No contents, as expected.

-----------------------------
user@AS2-VDI:~$ /usr/local/AS/bin/symkeyutil  -d .thunderbird/linuxint.default/ 
-K -t des3 -s 24
                      24    168         des3  <restricted>
user@AS2-VDI:~$ /usr/local/AS/bin/symkeyutil  -d .thunderbird/linuxint.default/ 
-L
     Name            Len Strength     Type    Data
NSS Certificate DB:
                      24    168         des3  <restricted>
-----------------------------

The newly created key has the same parameters, apparently.

-----------------------------
user@AS2-VDI:~$ python moz_encrypt.py -t -s "mypassword"
Traceback (most recent call last):
  File "moz_encrypt.py", line 231, in <module>
    main_decryptor(options.directory, password, mystring, 
thunderbird=options.thunderbird)
  File "moz_encrypt.py", line 204, in main_decryptor
    decryptor.encrypt(mystring)
  File "moz_encrypt.py", line 178, in encrypt
    raise Exception (libnss.PORT_GetError())
Exception: -8126
-----------------------------

Does this keed need to be tagged as THE key that mozilla uses for signons.qlite 
password encryption?

Cheers
Gustavo

-- 
Angulo Sólido - Tecnologias de Informação
http://angulosolido.pt
-- 
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to