crx icon indicating copy to clipboard operation
crx copied to clipboard

Published 20 hours ago verified publisher icon thom4parisot

API for public PKCS PEM string

Open NN--- opened this issue 6 years ago • 7 comments

I had to do it manually instead of using crx object.

var pem = fse.readFileSync(pemFile);
var key = new RSA(pem);
var publicKeyPem = key.exportKey("pkcs8-public-pem");

This key in PKCS format without line ending and header, footer is used in 'key' property in the manifest. https://developer.chrome.com/apps/manifest/key

This allows to have consistent extension id for unpacked extension placed in any folder.

NN--- avatar Mar 19 '18 17:03 NN---

So if I understand well, you are asking to generate a privateKey with crx?

Does the command crx keygen work for you? Or it's not what you are looking for?

thom4parisot avatar Mar 20 '18 08:03 thom4parisot

Not exactly. When you install extension, Chrome saves it unpacked inside profile foler\extensions https://chromium.googlesource.com/chromium/src/+/lkcr/docs/user_data_dir.md

For each extension there is a manifest.json with "key" property. This key is a public key in PKCS-8 format. If you take any unpacked extension and copy the key property value, you get the same id.

NN--- avatar Mar 20 '18 09:03 NN---

Hm I see.

There is a method to generate a public key:

https://github.com/oncletom/crx/blob/120c3611f07e907159580974f85dfcb1b4b8b0dc/src/crx.js#L142-L154

crx.generateAppId can give you the extension ID based on the generated public key.

Would that work?

thom4parisot avatar Mar 20 '18 11:03 thom4parisot

It is not the same. I need pem format, and this makes der format.

NN--- avatar Mar 20 '18 13:03 NN---

I see, that's something I never looked out (their difference of use of the various formats).

As far as I can see, it's just a matter of passing a different parameter to the exportKey method.

There is maybe a way to derive a PEM key from a DER key but it looks fine to change the signature of the generatePublicKey method to accept a public key format ('pem' or 'der'; the latter being the default one).

What do you think?

The geneneratePrivateKey contained in the bin/cli.js file could also be relocated to make it more convenient to manipulate public/private key operations.

thom4parisot avatar Mar 20 '18 16:03 thom4parisot

Yeah, possible solution with default to der. Personally I use both, I need to know extension id and the public key pkcs to make local builds with the same id.

NN--- avatar Mar 20 '18 16:03 NN---

I think not bad.

I use this code.

private async getPublicPem(der: Buffer): Promise<string> {
    try {
      const pkcs: RSA.FormatPem = 'pkcs8-public-pem';
      const key: RSA = new RSA();
      key.importKey(der, 'pkcs8-public-der');
      return key.exportKey(pkcs);
    } catch (e) {
      throw new Error(e);
    }
  }
```

insanehong avatar May 15 '19 15:05 insanehong