Skip to content

Instantly share code, notes, and snippets.

@fmarier

fmarier/brave-password-storage-linux.md

Created August 9, 2023 23:21
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save fmarier/224729615bd5e887b9ac29236288f7a1 to your computer and use it in GitHub Desktop.
Save fmarier/224729615bd5e887b9ac29236288f7a1 to your computer and use it in GitHub Desktop.
Download ZIP
Testing the Brave password manager backend on Linux
Raw
brave-password-storage-linux.md

Saving a password in a new profile

First of all, let's start with a clean slate:

  1. Exit any Brave Browser.
  2. Open the seahorse application.
  3. WARNING: continuing will wipe all of your passwords in ALL Brave profiles.
  4. Look for "Brave Safe Storage" and right-click on it. Delete.
  5. Close the seahorse application.

Now, pick a website for which you'll save the password in Brave. I used https://www.libravatar.org/ just because I know it reliably triggers the "save this password" prompt.

Now let's save the password in Brave Nightly:

  1. Start Nightly using brave-browser-nightly --user-data-dir=/home/francois/brave-temp-profile (replacing "francois" with your username).
  2. Visit the target website, login and save the password to the password manager.
  3. Check brave://settings/passwords to make sure the password was saved successfully.
  4. Close Brave.

Looking at the password database directly

Let's check the password was saved in an encrypted way:

  1. Open seahorse again.
  2. Confirm that a new "Brave Safe Storage" entry was created.
  3. Close seahorse.
  4. Install sqlite3 using sudo apt install sqlite3.
  5. Open the password database manually: sqlite3 ~/brave-temp-profile/Default/Login\ Data
  6. List all passwords: select origin_url, username_value, password_value from logins;
  7. Confirm that the password_value (last column) starts with "v11" and not "v10".
  8. Exit sqlite3 by pressing Ctrl+d.

If we see that "v11", it means that Brave was able to connect to gnome-keyring using gnome-libsecret since that's the only secure storage wallet available by default in Ubuntu.

Opening an old password database using a new version of Brave

Finally, let's check upgrades:

  1. Delete the brave-temp-profile folder: rm -rf ~/brave-temp-profile
  2. Start Release using brave-browser-stable --user-data-dir=/home/francois/brave-temp-profile
  3. Visit the target website, login and save the password to the password manager.
  4. Check brave://settings/passwords to make sure the password was saved successfully.
  5. Close Brave.
  6. Follow the same sqlite3 procedure as before to check that the password was saved in "v11" format.
  7. Exit sqlite3 by pressing Ctrl+d.
  8. Start Nightly using brave-browser-nightly --user-data-dir=/home/francois/brave-temp-profile
  9. Check brave://settings/passwords to make sure the password is still readable.

If you can see the password in Nightly, that means that Nightly, using gnome-libsecret, can continue to read passwords that were saved in gnome-keyring (using the old library in Release).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment