Robert wrote:
Hi!
I'm currently developing a password manager application for the Windows platform which monitors the Mozilla password file (12345678.s) and stores the password entries on a smart card. Ideally, the passwords should be written to Mozilla's password file when the card is inserted and deleted when the card is removed. However, there is a major problem: Mozilla only reads the password file when the browser (or the QuickLaunch tool) is first started, so modifying the file while Mozilla is running is pointless. Is there any way (Window message, etc.) to tell Mozilla that the password file has been changed so that it can update its internal list? If not, this would be a major improvement, which shouldn't be very difficult to implement :)
This might be a different application from what you want, however it is probably simpler to implement :
You could store the symmetric encryption key used to encrypt your password on your smartcard, instead of storing it in the security device. Therefore, you would only be able to access the passwords when the smartcard is inserted.
Assuming you already have a PKCS#11 driver for your smartcard, the code change to do that in Mozilla should only be a minor change - look at the SDR functions. You would just need additional UI to select which security device to use for the password key.
However I realize this does not offer the same benefits as storing the passwords themselves on the smartcard. With the approach described above you can't go from one machine to another with your smartcard and expect to transfer your passwords. If you always keep the password file encrypted, that problem might be solved by putting it on the network rather than on the local disk.
