You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you manually install extension from Chrome Web Store, then unzipped manifest.json will contain key property. This key is needed to sign CRX and produce constant extension ID. During unzipping Google Chrome automatically extracts public key from CRX, adds it to manifest.json and calculates extension ID. Example:
If you use unzip-crx to unzip CRX, you will notice that manifest.json is missing key. Example:
{
"manifest_version": 3
}
I don't sure if this project should be responsible for extracting key, but during development I encountered a need for the right key extraction, so I will submit the issue here. It would be nice to add it as a part of this project. But if it is out of scope, then at least add it in README.
import{parse,rsa_main_index,der2pem,u}from"./index.js";constfile="downloaded.crx";constbuff=awaitu.read(file);consthdr=parse(buff);constindex=rsa_main_index(hdr);constproof=hdr.sha256_with_rsa[index];constkey=der2pem(proof.public_key);letvalue=key;value=value.replace("-----BEGIN PUBLIC KEY-----","");value=value.replace("-----END PUBLIC KEY-----","");value=value.replaceAll("\n","");console.log(value);// MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDtAltq/HtarGbnR3hzjUeyBU5X1giAakPpIuBsjl6LRTklBHNETfi+aWA5BSq//xKnPbnmA5lHtxQWSh9E9tEKjxrdWeUwIsFBQaCFH2n25zihKhlkO50OD8iCJ6fwsJu4mTsSpmNJLrF8z4HLTrEjQPiJB6j/oNxldNKPuEbZfQIDAQAB
You also can use it as a child process (example for Linux):
Both ways results in a key value that I provided at the beginning. Now you can change content of manifest.json and add key property with a correct value.
Hi @Amaimersion 👋. Thank you for that detailed explanation. I don't think Including the key is out of scope. Would you be up for opening a PR using the first approach with the crx3-utils library?
If you manually install extension from Chrome Web Store, then unzipped
manifest.json
will contain key property. This key is needed to sign CRX and produce constant extension ID. During unzipping Google Chrome automatically extracts public key from CRX, adds it tomanifest.json
and calculates extension ID. Example:If you use
unzip-crx
to unzip CRX, you will notice thatmanifest.json
is missingkey
. Example:I don't sure if this project should be responsible for extracting
key
, but during development I encountered a need for the rightkey
extraction, so I will submit the issue here. It would be nice to add it as a part of this project. But if it is out of scope, then at least add it in README.This project https://github.com/gromnitsky/crx3-utils implements
key
extraction using Node. Usage:You also can use it as a child process (example for Linux):
Both ways results in a key value that I provided at the beginning. Now you can change content of
manifest.json
and addkey
property with a correct value.Additional links:
crx3-utils
's author explanation)The text was updated successfully, but these errors were encountered: