CloudServices/Sync/ExtensionStorage Design Doc

From MozillaWiki
< CloudServices‎ | Sync
Revision as of 19:13, 22 September 2016 by Glasserc (talk | contribs) (some more stuff)
Jump to navigation Jump to search

Extension Storage Sync is available through the chrome.storage.sync WebExtension API. It syncs as part of Firefox Sync, but using a different storage backend (Kinto).

As much as possible, Extension Storage Sync is meant to seem like "part of Sync" from the user's perspective. This means that Extension Storage Sync takes a similar approach to its cryptography as the rest of Sync.

      1. Kinto structure

Kinto is an object store with three levels -- buckets, which contain collections, which contain records. A given user just uses the "default" bucket, which is mapped to a different bucket for each user. Each extension gets its own collection. Each key/value pair that an extension stores becomes its own record.

      1. Crypto

When a user does a sync, we want the user's data to be stored securely, so we encrypt it. This encryption happens using the Kinto "remote transformer" feature. This means that encryption happens on the client side before sending the data, or just after receiving the data.

Each collection (thus, extension) gets its own key. These keys are stored in a separate "keyring", which is itself stored as a record in a special "crypto" collection. This record is encrypted using a key that is derived from a user's kB.

Retrieved from "https://wiki.mozilla.org/index.php?title=CloudServices/Sync/ExtensionStorage_Design_Doc&oldid=1148818"