It'll trim the hash to get the first 32 characters of it. If it finds the public key in the key field of the manifest.json, it'll decode the Base64 into binary and then get its SHA256 hash. Public keys are associated with extensions via the "key" field in the manifest.json. Now that we understand how public keys play a role here, let's talk about where they're stored. Chrome does this every time you load an extension! Since your public key is readily available, skeptics can test the authenticity of the message using your public key and inspect the contents to make sure the hashed values match. And you can trust this message because the only person who can create this kind of message is the person with a certain private key tied to this extension's public key." So whenever you package a CRX file, a little header gets added that says "if you hash all the contents in this extension, you'll get this number: XYZ. The Chrome team uses digital signatures to accomplish that task. You have a Chrome Extension that you want to send to a friend, but your friend wants to ensure that nobody has tampered with it. So how does this relate to Chrome Extensions? For more information about public key cryptography, check out this great YouTube video from Computerphile discussing it. Okay, let's dig into that! What is a public key?įirst things first, what is a public key? Well, it's a concept from a type of cryptography known as Public Key or Asymmetric Cryptography. A Chrome Extension ID is the first 32 characters of the SHA256 hash of a public key, where characters 0-9a-f are translated to their respective a-p counterparts.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |