How to store sentitive data in Chrome extension Manifest V3

About

Asked 26/4, 2022 at 22:47 Answered 27/4, 2022 at 6:26

Solved javascript reactjs google-chrome-extension cryptocurrency chrome-extension-manifest-v3

I'm working on a Chrome extension built with React that deals with crypto wallets, and I need to preserve their wallet object, so they don't have to decrypt it after every time they close the extension and open it again. So I need to store either the user's password or the wallet's mnemonic securely somehow.

Metamask uses a persistent background script to keep the object alive, but that requires manifest version 2, which is no longer supported for new extensions.

So is there any way to store a string securely in a Chrome extension in manifest version 3? Chrome storage and HTML5 local storage are no-gos.

Richardo answered 26/4, 2022 at 22:47 Comment(3)

You can use the native WebCrypto API to encrypt data with AES using the users passphrase, take a look at: SubtleCrypto.encrypt(...) – Blakemore 26/4, 2022 at 22:51

But then the user would still need to input their passphrase to decrypt it, right? I want it so the user doesn't have to input their passphrase within x minutes of closing the extension. – Richardo 26/4, 2022 at 22:55

In fact, the user's passphrase is exactly the data I'm trying to preserve and hide, so I can decrypt the wallet with it with no user input. – Richardo 26/4, 2022 at 22:58

Use chrome.storage.session, which is created for this exact purpose: to store variables in memory without persisting to the disk.

The API is the same as any other chrome.storage API, so the data must be JSON-compatible: string, number, boolean, null, array/object of these types.

The maximum capacity of the storage is currently 1MB.

async function foo() {
  // reading
  const foo = await chrome.storage.session.get('foo');
  // writing
  await chrome.storage.session.set({foo: 'bar'});
}

manifest.json:

  "permissions": ["storage"]

Galvanic answered 27/4, 2022 at 6:26 Comment(3)

I saw the session property in the storage API, but I thought it wasn't implemented yet, because it says "Pending" (developer.chrome.com/docs/extensions/reference/storage/…). I tried it just now, and even after updating @types/chrome to 0.0.183, I get TS2339: Property 'session' does not exist on type 'typeof storage' during webpack. Is this just a typescript issue? – Richardo 27/4, 2022 at 18:14

I just tried replacing all chrome.storage.local's in my generated js with chrome.storage.session's and it works, I guess this is a @types/chrome issue then. – Richardo 27/4, 2022 at 18:34

Try using the official types package. – Galvanic 27/4, 2022 at 18:47

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags