为Chrome扩展程序创建唯一的扩展程序ID和密钥? [英] Making a unique extension id and key for Chrome extension?
问题描述
我有一个Chrome扩展程序,但基于网上找到的一些示例.它不在crx文件中.扩展ID是示例中使用的扩展ID.我想在将扩展程序上传到chrome存储之前对其进行更改.我的问题是我该如何更改?我是否要手动更改manifest.json文件中的字母?还是因为某些格式的扩展名必须是固定格式而必须从某些内容中生成?密钥也一样,现在准备好了,我可以在执行任何其他操作之前随意更改这两个吗?
I have a Chrome extension I made, but based it on some example found online. Its not in a crx file. The extension ID is the one used in the example. I would like to change it before I upload my extension to the chrome store. My question is how do I change this? Do I just manually change the letters in my manifest.json file? Or does the extension id have to be generated from something because its in a fixed format? Same for the key, can I just randomly change these two before I do anything else now that I'm ready?
{
// Extension ID: rnldjzfmornpzlahmmmgbagdohdnhdic
"key": "MIGfMA3GCSqGSIb3DFEBAQUAA4GNADCBiQKBgQDcBHwzDvyBQ6bDppkIs9MP4ksKqCMyXQ/A52JivHZKh4YO/9vJsT3oaZhSpDCE9RCocOEQvwsHsFReW2nUEc6OLLyoCFFxIb7KkLGsmfakkut/fFdNJYh0xOTbSN8YvLWcqph09XAY2Y/f0AL7vfO1cuCqtkMt8hFrBGWxDdf9CQIDAQAB",
"name": "Name of extension",
...
推荐答案
请注意,扩展名签名包含两个键":
Note that extension signing consists of two "keys":
- 用于签署CRX文件的私钥文件
.pem,必须保持不变,以备将来更新. - 清单中生成的公共密钥-不能用于对以后的更新进行签名(而是用来验证签名),但是可以用于对未打包的扩展名强制使用特定的ID ,因为ID是作为公钥的哈希值派生的. (对于那些好奇的人,如果没有
key,则未打包的扩展名会退回到散列路径).
- The private key file,
.pem, that is used to sign CRX files and must remain the same for future updates. - The resulting public key in the manifest - can't be used to sign future updates (used to verify the signature instead), but can be used to force a particular ID for unpacked extensions since the ID is derived as a hash of the public key. (For those curious, if
keyis not present an unpacked extension falls back to hashing the path).
您有2个选择:
-
让Google处理.
Let Google handle it.
从清单中完全删除key字段;然后将其提交给商店.
Remove the key field from the manifest completely; then submit it to the store.
CWS将为您的扩展生成一个新的密钥对(并因此生成一个新的ID),该密钥对将在更新之间保留.如果您需要维护开发版本的ID(并非总是一个好主意,因为Chrome会与自动更新混淆,但在storage.sync测试期间却是个好主意),则可以从开发人员信息中心提取新的公共key在您的商品上使用更多信息"链接.
CWS will generate a new keypair for your extension (and, consequently, a new ID), which will be preserved between updates. If you need to maintain the ID for your development version (not always a good idea, as Chrome will get confused with autoupdates, but a good idea during storage.sync testing), you can extract the new public key from your Developer Dashboard using "More info" link on your item.
但是,无法从CWS获取.pem密钥.您将永远被锁定在CWS中作为自动更新源.但这无关紧要,因为Chrome不允许从其他位置安装扩展程序.
However, there is no way to get the .pem key from CWS. You are forever locked in CWS as auto-update source. That shouldn't matter though as Chrome disallows extension installs from elsewhere.
保留对私钥的控制.
注意:此方法可能现在已不推荐使用,并且没有太多实际理由使用它.
您可以使用打包扩展名"功能从chrome://extensions生成扩展名的CRX文件.
You can generate a CRX file of your extension from chrome://extensions using "Pack extension" function.
如果您不提供现有的.pem文件,则Chrome会为您的扩展程序生成一个新的密钥对(并因此生成ID).
If you don't provide an existing .pem file, Chrome will generate a new keypair (and thus, ID) for your extension.
小心翼翼地保护生成的.pem键 .当涉及更新时,它可以用作模拟您的开发人员.
Guard the resulting .pem key with your life carefully. It can be used to impersonate you as a developer when it comes to updates.
Then, when you submit the extension to CWS, include the .pem in the archive's root as key.pem (Note: removed from documentation; links to an archived version). This instructs CWS to use it instead of generating a new keypair. Note that you have to provide your private key to Google, since it modifies the extensions before signing.
由于ID是(随机生成的)公钥的哈希,因此与现有扩展名冲突的可能性很小.如果发生这种情况,只需为另一个文件重新生成.pem文件.
Since the ID is a hash of a (randomly-generated) public key, there is a tiny chance of collision with an existing extension. If that happens, just re-generate the .pem file for a different one.
无论哪种情况:上传时,请勿在清单中包含key字段,否则CWS可能会拒绝它.
In either case: do not include the key field in the manifest when uploading, or CWS may reject it.
此外,请勿在您的扩展程序中的任何位置对扩展程序ID进行硬编码.可以使用以下功能之一进行访问:
Also, do not hardcode the extension ID in your extension anywhere. It's accessible using one of those functions:
chrome.runtime.getManifest().id // gives "youridehere"
chrome.runtime.getURL("something") // gives "chrome-extension://youridhere/something"
在CSS文件中,您可以将__MSG_@@extension_id__用作宏:
And in CSS files, you can use __MSG_@@extension_id__ as a macro:
background-image:url('chrome-extension://__MSG_@@extension_id__/background.png');
这篇关于为Chrome扩展程序创建唯一的扩展程序ID和密钥?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
