I'm currently using 1Password. And it requires code signature for using biometric to unlock 1Password and the LibreWolf browser. Can you add it to your browser, please?
Support Code Signature #1707
+1 for this whenever the roadmap allows for it.
For context here is the quote from the 1Password team
For security reasons, 1Password has to check the code signature in a browser before connecting to ensure that the browser is not modified or changed. LibreWolf doesn't have its code signature updated in 1Password, and that is why the 1Password app will not connect with the browser.
I don't know how much effort this would require but maybe code signing can be automated in CI. Then someone from the LibreWolf team could could communicate with the 1Password team on how they can keep updating them with new code signatures.
For context, this is what the problem looks like. In 1Password's settings you can add other browsers. I've used this to add other browsers such as Orion:
Trying to add Librewolf results in this error:
That application didn't work
The selected application was signed in an unsupported way or may be missing a required identifier.
Also seems to be the cause of
- issue #752
- possibly this reddit thread https://www.reddit.com/r/LibreWolf/comments/wclac1/1password_browser_extenstion_desktop_application/
Apple’s help page about app code signing
I am also having this issue. It is a usability issue for me because my master password is quite long and fingerprint auth would make the experience much better.
Edit: My solution is for Linux. Apologies for not clarifying previously!
I have this working on LibreWolf v138.0.4-1, 1Password browser extension version 8.10.76.34, and 1Password for Linux 8.10.76 (81076034).
How I got it working:
- Setup the 1Password extension and connect it to the 1Password app on Firefox FIRST, then go through this process.
- Follow the guide from 1Password to enable additional trusted browsers here: https://support.1password.com/connect-1password-browser-app/?linux+active=&linux%20active#appendix-add-additional-trusted-browsers
NOTE STEP ONE: DO NOT USE FLATPAK OR SNAP PACKAGES FOR THIS. IT WILL NOT WORK. - Copy the native messaging folder from
.mozillainto.librewolfby following the same method found here: https://github.com/keepassxreboot/keepassxc/discussions/7669#discussioncomment-2857593 - Without even restarting, the 1Password extension should now be able to communicate with the desktop app. It did for me at least!
@cordlord Thanks for the addition!
For context: The screenshots + 1Password community link are about macOS. For me copying the NativeMessagingHosts does not work on macOS - even if you use the macOS specific paths (~/Library/Application Support/librewolf/~/Library/Application Support/Mozilla`). I think this has to do with the way macOS code signing works.
@fmjansen No problem!
Apologies for not clarifying! This was linked from another issue and wanted to spread the word.
I believe you'd be correct, the link from my step 2 does mention using an Apple Code signed browser with this link: https://support.apple.com/guide/security/app-code-signing-process-sec3ad8e6e53/web
I believe this is still a problem in macOS. Is there a workaround? From the linked posts, I couldn't easily tell. If code signing through Apple is required to make this work, is there an issue to track for that? And is there a way to support that?
The issue that tracks code signature thing: #2664 (the pinned issue, right on the top ;P)
No due date set.
No dependencies set.
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?