chrome.certificateProvider

251 views

Skip to first unread message

Dayanand Saraswati

unread,

Mar 21, 2016, 7:49:48 AM3/21/16

to Chromium-Extensions-Announce

Hi,

I am trying to implement chrome.certificateProvider. I am facing issues in the getPrivateKeyHandle and signMessage functions of the API. Can someone point me to the library/function to be used for this purpose. If this question seems dumb to you, please consider me a beginner and spare a few minutes to answer it. I am really stuck at this point.

Antony Sargent

unread,

Mar 22, 2016, 12:59:18 PM3/22/16

to Dayanand Saraswati, Chromium-Extensions-Announce

A few points to be aware of:

-Just to be sure you're aware, this API is only available on ChromeOS.

-The getPrivateKeyHandle function is just a part of some sample code, not part of the API itself. Also, there's no function named signMessage; maybe you're referring to the signDigest part of the sample code?

In the example, the getPrivateKeyHandle function would read the private key for the given certificate from some source (possibly a file bundled with the extension itself, or on the filesystem, or over the network). Then the signDigest function would take the prepared digest/hash and use the private key to generate a signature in the format documented for the onSignDigestRequested here. Another possibility would be that the private key isn't held locally, but rather on some server which you can talk to over the network to send it the digest/hash and have it return the signature to you.

If you aren't familiar with PKCS#1, RSA, or digital signature schemes, I suggest you read the following:

https://en.wikipedia.org/wiki/PKCS_1

https://en.wikipedia.org/wiki/Digital_signature

https://www.openssl.org/docs/manmaster/apps/rsautl.html

https://www.emc.com/emc-plus/rsa-labs/standards-initiatives/pkcs-rsa-cryptography-standard.htm

Also, I humbly suggest that if you are not already pretty familiar with the above concepts, you might view that as a warning sign that you shouldn't be using this API. If you're just playing around for curiosity/personal education that's fine, but if actual important private user/business data is at stake, I'd really suggest you get help from a security software professional who understands this stuff well, as there are a lot of subtle ways to get it wrong in a way that can put the confidentiality/integrity of data in jeopardy.

On Mon, Mar 21, 2016 at 4:49 AM, Dayanand Saraswati <dayana...@gmail.com> wrote:

Hi,
I am trying to implement chrome.certificateProvider. I am facing issues in the getPrivateKeyHandle and signMessage functions of the API. Can someone point me to the library/function to be used for this purpose. If this question seems dumb to you, please consider me a beginner and spare a few minutes to answer it. I am really stuck at this point.

--
You received this message because you are subscribed to the Google Groups "Chromium-Extensions-Announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To post to this group, send email to chromium-...@chromium.org.
Visit this group at https://groups.google.com/a/chromium.org/group/chromium-extensions/.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/21bea4e9-7751-4ff3-a857-efd07d4fe469%40chromium.org.
For more options, visit https://groups.google.com/a/chromium.org/d/optout.

Reply all

Reply to author

Forward

0 new messages