[Chrome] Application of RSA Algorithm in extended programs

The RSA algorithm is used in chrome extensions to sign and generate an ID for its. CRX Installation File. Let's take a look at the technical details one by one. Before proceeding, please note that the technical details of Web store in this article are inferred from some tests from the perspective of Chrome browser, to thoroughly understand the details of Web store, you cannot simply use this article.

There are two ways to generate an extension Installation File: one is generated by the extension developer during development, another method is to use Google's Web store (also known as gallery by Google) to submit a file generated by the background server. Although there are some differences between the two methods, we can roughly understand the Web store behavior from the developer generation method.

The developer of the extension can open the installation file generation dialog box through the entries listed.

In the [Package extension] dialog box (for example), you need to select the root directory of the package Extension Program and the optional private key file, which is related to the RSA algorithm, this is the focus we will discuss later.

When we do not select a private key file for packaging, chrome will generate a private key file suffixed with. pem for US (the file is generated at the same location as the specified extension directory ). The file contains the private key of the RSA algorithm, and the private key can be used to export the public key. This example shows how to use the OpenSSL tool to display the private key file and export the Public Key through the file.

The following activity diagram shows how chrome packages an extension in the background.

Shows the format of the generated. CRX (Binary) file. Note that the entire directory of the extension program is stored in a compressed package. at the end of the CRX file, the signature is the signature obtained through the public key, used to ensure the integrity of the compressed file content.

At this point, I believe that the reader has understood the role of the RSA Algorithm in the. CRX Installation File. Next, let us understand the ID of the extension (also known as the app ID ). Each extension in Chrome has an ID value (in this example, the ID value of the Adblock extension), which is obtained by performing hash operations on the public key.

The example shows how to generate the extension ID in the background when packaging the extension program in chrome, and also describes how to process the RSA key source.

Note that because the ID is generated through the public key, and the Public Key is exported by the private key, if you want to ensure that the ID of an extension will never change, the same one must be used in the packaging process. PEM file. In reality, we can choose not to specify the. pem file when packaging the extension for the first time so that Chrome can automatically generate the file for us, and then specify the. pem file in all subsequent packaging actions. Of course, if you do not care about the immutability of the ID, you can let the package automatically generate the. pem file each time. The readers can choose based on their own scenarios.

Once the extension is installed, You need to upload it through the developer Dashboard of Google Web store so that you can install it through Web store. Different from creating a. crxfile, the uploaded file is a. ZIP file generated by compressing the extended directory. Note that the manifest. JSON of the extension cannot contain the key and update_url fields. By studying the extensions installed by Chrome, we can find that the key field stores the Public Key mentioned earlier, and both fields are inserted by the server in the background. Because the. pem file does not need to be specified in this packaging method, we can assume that the packaging server will automatically generate a private key for it.

This article is from Li Yun's blog and must be kept at: http://blog.csdn.net/hzliyun/article/details/8980361.