- From: Antony Sargent <asargent@google.com>
- Date: Fri, 4 Jun 2010 11:22:49 -0700
On Fri, Jun 4, 2010 at 4:58 AM, Henri Sivonen <hsivonen at iki.fi> wrote: > After googling around a bit, I was unable to find a signed .crx file for > analysis. (I took apart 3 .crx files and gave up.) Is the signing mechanism > documented somewhere? .wgt reinvents the .jar signing wheel by the basic > idea of .jar signing with XML Signatures. > All .crx files are signed - they're just a zip with the public key and signature appended on to them. The chrome extensions gallery has lots of them: https://chrome.google.com/extensions For developers who choose to use it, the gallery takes care of generating/storing the private key and signing new versions. They just upload a plain zip file with their extension's resources. For those who want to do this themselves, the developer tools on the chrome://extensions page inside chrome itself lets you create a signed .crx file. You can find some documentation here: http://code.google.com/chrome/extensions/packaging.html And here's the browser code to create .crx files: http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/extensions/extension_creator.cc <http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/extensions/extension_creator.cc> -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20100604/9fe527c0/attachment-0001.htm>
Received on Friday, 4 June 2010 11:22:49 UTC