Storage of passwords in Google Chrome Extension

Question

I started reading Google Chrome's documentation, and liked it's approach of using HTML and Javascript to create extensions. Reading this tutorial about Local Storage made me think about a lot of different uses.

I want to develop an extension to help me with corporate systems. It's very specific, and it's only going to be used inside a company.

This extension would do some activities to this corporate system, using javascript DOM, with just one click on Google's Chrome toolbar. To work with just one click, the extension needs to store a password in Chrome: so if you restart your system, you don't need to enter it again.

How do I do that? Persist a password in a Google Chrome extension to login to another system? I don't want to store it in "plain text", I would like to at least use some kind of encryption (maybe a Google Chrome API with this resource).

Is it possible? How do I persist this data with Google Chrome's extensions structure (best way)?

Answer 1

You could encrypt and store a user’s password with localStorage (or the Web SQL Database API). But not very securely. Anyone who gained access to the user’s computer could retrieve the ciphertext, pluck the encryption algorithm out of your extension source, and determine the plaintext password.

If feasible, here are a couple more bulletproof solutions:

• Piggyback on the user logging into a web interface. For an example, see the Google Mail Checker.

• Connect to the services through OAuth (or a similar authorization scheme). For an example, see the Google Wave Notifier.