No way to disable "Verify browser" in 1Password 7?

zzzamboni

Hi,

It seems that the "Verify browser code signature" advanced setting has disappeared in 1Password 7 (maybe before?). Is there any way, even if it's advanced/hidden/CLI, to disable it?

My use case: I like using Site-specific browsers for certain websites. I use a script I wrote to create customized versions of Firefox for this purpose. This creates a copy of Firefox in which the app name and icon have been changed, mainly by modifying its Info.plist and icons files. Unfortunately, this breaks the signature of the Firefox app and 1P completely refuses to activate the extension.

It would be nice to have a way of telling 1P "yes, I know the signature is broken, I really know what I'm doing, let me use it for this application".

Any way to make this happen?

Thanks as usual for a fantastic app!

---

1Password Version: 1Password 7 Version 7.4.2.BETA-0 (70402000)
Extension Version: 4.7.5.90
OS Version: macOS 10.15.1
Sync Type: Dropbox

ag_ana

Hi @zzzamboni!

I don't think there is currently any way to do this. Even if your use case would require this, 1Password refuses to connect to untrusted browsers for security reasons, and we don't want anyone to accidentally enable the option, and perhaps forget to disable it once they don't need it anymore.

zzzamboni

Hi @ag_ana,

Thanks for your reply - I had understood as much from other posts, but was still hopeful :)

As a follow up question, could you explain exactly what a "trusted browser" is for this purpose? Do you have to hard-code the signatures of known browsers into 1Password, or will any signed application work? I tried signing my SSBs using the codesign command and a self-signed certificate, but this did not work. Any technical details would be greatly appreciated.

rudy

@ZZamboni,

Do you have to hard-code the signatures of known browsers into 1Password

Yes.

or will any signed application work?

No.