Making a unique extension id and key for Chrome extension?

Question

I have a Chrome extension I made, but based it on some example found online. Its not in a crx file. The extension ID is the one used in the example. I would like to change it

Answer 1

You can create you own key and extension ID for the manifest:

openssl genrsa 2048 | openssl pkcs8 -topk8 -nocrypt -out key.pem

Key:

openssl rsa -in key.pem -pubout -outform DER | openssl base64 -A

Extension ID:

openssl rsa -in key.pem -pubout -outform DER | shasum -a 256 | head -c32 | tr 0-9a-f a-p

Answer 2

Note that extension signing consists of two "keys":

• The private key file, .pem, that is used to sign CRX files and must remain the same for future updates.
• The resulting public key in the manifest - can't be used to sign future updates (used to verify the signature instead), but can be used to force a particular ID for unpacked extensions since the ID is derived as a hash of the public key. (For those curious, if key is not present an unpacked extension falls back to hashing the path).

You have 2 options:

1. Let Google handle it.

   Remove the key field from the manifest completely; then submit it to the store.

   CWS will generate a new keypair for your extension (and, consequently, a new ID), which will be preserved between updates. If you need to maintain the ID for your development version (not always a good idea, as Chrome will get confused with autoupdates, but a good idea during storage.sync testing), you can extract the new public key from your Developer Dashboard using "More info" link on your item.

   However, there is no way to get the .pem key from CWS. You are forever locked in CWS as auto-update source. That shouldn't matter though as Chrome disallows extension installs from elsewhere.

2. Retain control of the private key.

   Note: this apporoach may be deprecated by now, and there's not much practical reason to use it.

   You can generate a CRX file of your extension from chrome://extensions using "Pack extension" function.

   If you don't provide an existing .pem file, Chrome will generate a new keypair (and thus, ID) for your extension.

   Guard the resulting .pem key with your life carefully. It can be used to impersonate you as a developer when it comes to updates.

   Then, when you submit the extension to CWS, include the .pem in the archive's root as key.pem (Note: removed from documentation; links to an archived version). This instructs CWS to use it instead of generating a new keypair. Note that you have to provide your private key to Google, since it modifies the extensions before signing.

   Since the ID is a hash of a (randomly-generated) public key, there is a tiny chance of collision with an existing extension. If that happens, just re-generate the .pem file for a different one.

In either case: do not include the key field in the manifest when uploading, or CWS may reject it.

---

Also, do not hardcode the extension ID in your extension anywhere. It's accessible using one of those functions:

chrome.runtime.getManifest().id // gives "youridehere"
chrome.runtime.getURL("something") // gives "chrome-extension://youridhere/something"

And in CSS files, you can use __MSG_@@extension_id__ as a macro:

background-image:url('chrome-extension://__MSG_@@extension_id__/background.png');