Assume there are 5 files in this test extension:
manifest.json, background.js, doT.html., mixedcase.html, mixedCase.html
1. Generate base64 url encode hashes, e.g.
$ tr -d \\n < manifest.json | openssl dgst -sha256 -binary | base64 -w0 | tr / _ | tr + \- | tr -d '='
ysCDJuQ1s7vWF4yUZTRB2_XDE6vfFyQcIPSmyvNvqEw
gen/payload.json file contains these hashes.
Note that "mixedCase.html" is special and it is not listed under this dir
(because there would be name collision with mixedcase.html on windows). The file
is left under gen/ dir for reference.
Also note that "doT.html." isn't listed as we cannot upload files ending with a
"." in our repo.
2. Generate public/private key pairs.
$ openssl genrsa -out private_key.pem 2048
$ openssl rsa -in private_key.pem -pubout -out public_key.pem
3. Start with an existing verified_contents.json and generate signatures of the
payload:
a) Take the contents of payload.json and base64url encode them:
$ cat payload.json | tr -d \\n | base64 -w0 | tr / _ | tr + \- | tr -d '=' > payload_encoded.txt
b) Put the contents of payload_encoded.txt into the "payload" field of
verified_contents.json.
c) Copy the contents of the "protected" field (the one with {"kid":
"webstore"}) from verified_contents.json into protected.txt.
d) Concatenate the "protected" and "payload" fields with a '.' separator.
$ echo -n '.' | cat protected.txt - payload_encoded.txt > signature_input.txt
e) Sign it
$ tr -d \\n < signature_input.txt | openssl dgst -sha256 -sign private_key.pem -binary | base64 -w0 | tr / _ | tr + \- | tr -d '=' > signature.txt
f) Put the contents of signature.txt into the "signature" field in
verified_contents.json.
Codebase Browser
chromium