extension - open-eid/chrome-token-signing GitHub Wiki

• Available for Chrome 40+
  • As specified in the extension manifest
• Core functionality:
  • Native messaging to NativeMessagingAPI-compatible executables
    • Provided by the non-persistent background page
    • Due to technical reasons uses the long-running background page
  • Exposing a hwcrypto.js-ish interface to websites
    • Implemented by content script that makes support code available to websites

In progress:

• Has a page action when website makes use of the functionality
• To allow disabling access to smart cards permanently for a site
• Has options for advanced behaviour settings
• Backend selection (PKCS#11, with module path or CAPI)
• Exposing to websites

• Distributed via Chrome Web Store from group account
• Native component installers set up automatic extension installation from the store by installing either a JSON file or by changing the registry and allow access only from this extension by installing the native messaging host manifest.
• Corporate settings might also consider force-installing the extension with policy. See http://dev.chromium.org/administrators/policy-list-3#ExtensionInstallForcelist
• Installing extension checks for the presence of native host component and directs user to installation page if missing.

• Generic postMessage() security

See DeveloperTips

The extension API is very similar to the hwcrypto.js API. See the details over there. See also the Native Messaging API for more detailed description.

• getVersion()
• Returns "extension version/native host version":
• Example: "0.0.20/1.0.0.0" where
• 0.0.20 is the extension version
• 1.0.0.0 is the native host version

• getCertificate(options) with parameters
• options.lang language
• Returns a JSON object with hex parameter containing the certificate
• Example: {"hex": "308204FD308203E5...CDF738"}

• sign(cert, hash, options) with parameters:
• cert.hex Certificate in HEX
• hash.hex Hash in HEX
• hash.type Hash type
• options.lang language
• Returns a JSON object with hex parameter containing the signature
• Example: {"hex": "562112EB88E9513...E497313A8546"}