Why do I need a browser extension?
A browser extension is needed to provide functionalities such as auto filling your passwords when visiting known websites, but more importantly to maintain a higher level of security and provide a secure random number generator.
The solution we opted-for to ensure code integrity was to split the application in two parts:
- Server side: the API who serves encrypted data
- Client side: the web extension who renders the assets and contains the logic to encrypt/decrypt data.
The web extension is published on browsers extension marketplaces (Firefox, Chrome, Edge). Each of them requires the extension to be cryptographically signed by Passbolt developers with a secret key, to make sure nobody can change that code while it is being transmitted from the marketplace.
Some points you must be aware of:
- The passbolt login page is rendered by the browser extension. By entering your passphrase, you unlock your PGP private key stored in the local storage of your browser to let the extension communicate with the passbolt API and perform the user authentication with GnuPG protocol.
- Most of passbolt application (passwords, users, or profile namespaces) isn’t rendered by the server but by the browser extension.
- End-to-end encryption is provided by the browser extension.
Other frequently asked questions in the same category
- What is passbolt?
- Why do I need a password manager?
- How does it work?
- How is passbolt different from other password managers?
- Is sharing the same password with multiple users a bad practice?
- I need a personal password manager, can I use passbolt?
- Why do I need a browser extension?
- When will you be releasing feature X or Y?
- How to you prioritize feature development?
- Where can I login?
- Where can I get help?