5

I'm working on a Chrome extension built with React that deals with crypto wallets, and I need to preserve their wallet object, so they don't have to decrypt it after every time they close the extension and open it again. So I need to store either the user's password or the wallet's mnemonic securely somehow.

Metamask uses a persistent background script to keep the object alive, but that requires manifest version 2, which is no longer supported for new extensions.

So is there any way to store a string securely in a Chrome extension in manifest version 3? Chrome storage and HTML5 local storage are no-gos.

vietnamese_chowder
  • 65
  • 5
  • You can use the native WebCrypto API to encrypt data with AES using the users passphrase, take a look at: [`SubtleCrypto.encrypt(...)`](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/encrypt) – Alicia Sykes Apr 26 '22 at 22:51
  • But then the user would still need to input their passphrase to decrypt it, right? I want it so the user doesn't have to input their passphrase within x minutes of closing the extension. – vietnamese_chowder Apr 26 '22 at 22:55
  • In fact, the user's passphrase is exactly the data I'm trying to preserve and hide, so I can decrypt the wallet with it with no user input. – vietnamese_chowder Apr 26 '22 at 22:58

1 Answers1

3

Use chrome.storage.session, which is created for this exact purpose: to store variables in memory without persisting to the disk.

The API is the same as any other chrome.storage API, so the data must be JSON-compatible: string, number, boolean, null, array/object of these types.

The maximum capacity of the storage is currently 1MB.

async function foo() {
  // reading
  const foo = await chrome.storage.session.get('foo');
  // writing
  await chrome.storage.session.set({foo: 'bar'});
}

manifest.json:

  "permissions": ["storage"]
wOxxOm
  • 65,848
  • 11
  • 132
  • 136
  • I saw the session property in the storage API, but I thought it wasn't implemented yet, because it says "Pending" (https://developer.chrome.com/docs/extensions/reference/storage/#property-session). I tried it just now, and even after updating @types/chrome to 0.0.183, I get `TS2339: Property 'session' does not exist on type 'typeof storage'` during webpack. Is this just a typescript issue? – vietnamese_chowder Apr 27 '22 at 18:14
  • I just tried replacing all `chrome.storage.local`'s in my generated js with `chrome.storage.session`'s and it works, I guess this is a `@types/chrome` issue then. – vietnamese_chowder Apr 27 '22 at 18:34
  • Try using the [**official** types package](https://www.npmjs.com/package/chrome-types). – wOxxOm Apr 27 '22 at 18:47