Loading extensions from command line with a specific ID

[Mustafa Acer]

Hi all,

I'd like to load extensions with their own IDs to preserve
chrome-extension:// urls. This is going to be used in fuzzing.

As I understand it's not possible to load an extension with
--load-extension flag and assign a specific ID to it.
It looks like I need to modify the registry to do this.

Is there a way to load an extension with a specific ID,
without modifying any permanent settings? Does it make sense
to add such a command line option for testing?

I was thinking of something like --load-extension=<path>::<extension_id>

Thanks,
Mustafa

[Yoyo Zhou]

Or you could modify the manifest.json:

http://developer.chrome.com/extensions/manifest.html#key

But I imagine this is still a pain.

> --
> You received this message because you are subscribed to the Google Groups "extensions-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to extensions-de...@chromium.org.
> For more options, visit https://groups.google.com/a/chromium.org/groups/opt_out.
>
>

[Mustafa Acer]

So if I load the extension once and then copy over the key, that should retain the extension ID right?
Is this key the public key that the CRX is signed with?

[Yoyo Zhou]

When you say "load the extension once", do you mean the crx or the
unpacked extension?

If it's the crx, then yes, that contains the public key that the
extension ID is derived from.

Unpacked extensions have their keys generated from their directory path.

I wonder if the easiest thing to do is to add a --load-packed-extension flag...

On Tue, Jun 18, 2013 at 5:21 PM, Mustafa Acer <mea...@chromium.org> wrote:
> So if I load the extension once and then copy over the key, that should retain the extension ID right?
> Is this key the public key that the CRX is signed with?
>

[Mustafa Acer]

On Tuesday, June 18, 2013 5:32:14 PM UTC-7, Yoyo Zhou wrote:
> When you say "load the extension once", do you mean the crx or the
>
> unpacked extension?

I meant the CRX . I'd load the CRX itself,
then get the key, and then copy the key to the unpacked extension.
I can automate the preprocessing of the CRX so that I extract the keys
from the CRX, but that'll require being able to load CRX directly,
which is where the --load-packed-extension flag helps.

So the question is how to extract the public key from the CRX, right?
I'll probably write a script to do this, by following the code in https://code.google.com/p/chromium/codesearch#chromium/src/chrome/browser/extensions/sandboxed_unpacker.cc&sq=package:chromium&type=cs&rcl=1371555358

[Matt Perry]

See https://code.google.com/p/chromium/codesearch#chromium/src/tools/crx_id/crx_id.py

It would also be nice to have a commandline tool that generates a random CRX key pair and shows you the public key. Then you could use that key in a test extension's manifest. It's a pretty common use case.

[Mustafa Acer]

On Tuesday, June 18, 2013 6:05:50 PM UTC-7, Matt Perry wrote:
> See https://code.google.com/p/chromium/codesearch#chromium/src/tools/crx_id/crx_id.py

Thanks!

> It would also be nice to have a commandline tool that generates a random CRX key pair and shows you the public key. Then you could use that key in a test extension's manifest. It's a pretty common use case.
>

+1 (I'm not volunteering though :)

[Michael Courage]

This isn't quite as nice as a special purpose tool, but it's relatively easy to make a valid key with these openssl commands:

openssl genrsa -out privkey.pem 1024

openssl rsa -pubout -outform DER -in privkey.pem | openssl base64