Extension - open-eid/chrome-token-signing GitHub Wiki

• Available for Chrome 40+
  • As specified in the extension manifest
• Core functionality:
  • Native messaging to NativeMessagingAPI-compatible executables
    • Provided by the non-persistent background page
    • Due to technical reasons uses the long-running background page
  • Exposing a hwcrypto.js-ish interface to websites
    • Implemented by content script that makes support code available to websites

In progress:

• Has a page action when website makes use of the functionality
• To allow disabling access to smart cards permanently for a site
• Has options for advanced behaviour settings
• Backend selection (PKCS#11, with module path or CAPI)
• Exposing to websites

Distribution

• Distributed via Chrome Web Store from group account
• Native component installers set up automatic extension installation from the store by installing either a JSON file or by changing the registry and allow access only from this extension by installing the native messaging host manifest.
• Corporate settings might also consider force-installing the extension with policy. See http://dev.chromium.org/administrators/policy-list-3#ExtensionInstallForcelist
• Installing extension checks for the presence of native host component and directs user to installation page if missing.

Security considerations

• Generic postMessage() security

Development

See DeveloperTips

API

The extension API is very similar to the hwcrypto.js API. See the details over there. See also the Native Messaging API for more detailed description.

VERSION message

• getVersion()
• Returns "extension version/native host version":
• Example: "0.0.20/1.0.0.0" where
• 0.0.20 is the extension version
• 1.0.0.0 is the native host version

CERT message

• getCertificate(options) with parameters
• options.lang language
• Returns a JSON object with hex parameter containing the certificate
• Example: {"hex": "308204FD308203E5...CDF738"}

SIGN message

• sign(cert, hash, options) with parameters:
• cert.hex Certificate in HEX
• hash.hex Hash in HEX
• hash.type Hash type
• options.lang language
• Returns a JSON object with hex parameter containing the signature
• Example: {"hex": "562112EB88E9513...E497313A8546"}