Skip to content
/ crx Public

A library to sign and verify CRX files using asymmetric keys

License

GPL-3.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

realtimetodie/crx

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.github/workflows
.github/workflows
 
 
example
example
 
 
proto
proto
 
 
src
src
 
 
test
test
 
 
.gitignore
.gitignore
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
build.rs
build.rs
 
 

Repository files navigation

crx

A library to read and write CRX packages.

About

Chrome web extensions and themes are packaged as CRX packages using asymmetric keys.

The CRX package format prepends a Protocol Buffer to a message that can contain an unlimited number of public key and signature proofs.

Supported key sizes and EC curves

  • RSA 1.2.840.113549.1.1.1: 1024, 2048, 4096
  • EC 1.2.840.10045.2.1: NIST P-256

Example

Signing, verifying and writing a Chrome web extension as a CRX package

use crx::Crx;
use pkcs8::der::SecretDocument;
use rand::thread_rng;
use std::fs;

let zip = fs::read("test/extension.zip")?;

let (_, secret_doc) = SecretDocument::read_pem_file("test/rsa2048-key.pem")?;
let secret_docs = vec![secret_doc];

let mut rng = thread_rng();

let crx = Crx::try_sign_with_rng(&mut rng, secret_docs, &zip)?;
assert!(crx.verify().is_ok());

println!("Chrome web extension ID: {}", crx.id);

fs::write("test/extension.crx", crx.to_crx())?;

Reading and extracting a Chrome web extension archive from a CRX package

use crx::Crx;
use std::fs;

let crx = Crx::read_crx_file("extension.crx")?;
assert!(crx.verify().is_ok());

println!("Chrome web extension ID: {}", crx.id);

fs::write("extension.zip", crx.as_bytes())?;

Command line tool

Usage: crx <COMMAND>

Commands:
  sign      Sign a web extension archive and create a CRX package
  info      Print information of a CRX package
  verify    Verify the integrity of a CRX package
  extract   Extract the web extension archive from a CRX package
  help      Print this message or the help of the given subcommand(s)

Options:
  -h, --help     Print help
  -V, --version  Print version

Signing a web extension archive and creating a CRX package

$ crx sign --key rsa.pem extension.zip

This will output a new CRX package extension.crx in the current working directory.

When you sign a CRX package using the crx command line tool, you must provide the signer's private key using the --key option.

Usually, you sign a CRX package using only one signer. If you need to sign a CRX package using multiple signatures, use the --key option multiple times.

You can specify the output directory using the --out option.

$ crx sign --key rsa.pem --out=example.crx extension.zip

Verifying the integrity of a CRX package

$ crx verify --key rsa.pem extension.crx

This will validate the signatures of the CRX package. If you need to verify a CRX package using multiple signatures, use the --key option multiple times.

About

A library to sign and verify CRX files using asymmetric keys

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Languages