Confirmed users, Bureaucrats and Sysops emeriti
1,737
edits
AMO/SigningService: Difference between revisions
Jump to navigation
Jump to search
m
→Phase 1: Signing
| Line 22: | Line 22: | ||
'''Summary:''' | '''Summary:''' | ||
We currently don't sign add-ons at all on AMO, but we do sign apps on the Marketplace using [https://github.com/mozilla/trunion/ trunion] and could use the same system (with modifications). Review the diagrams below to see | We currently don't sign add-ons at all on AMO, but we do sign apps on the Marketplace using [https://github.com/mozilla/trunion/ trunion] and could use the same system (with modifications). A rough summary of trunion modifications are as follows: | ||
1. This CA will be entirely automated and self contained | |||
1. The CA's root certificate will be hard coded into Firefox/Fennec | |||
in a similar manner to the privileged FfxOS apps | |||
2. For every request to sign an addon: | |||
o a brand new 2048 bit or stronger RSA key pair will be | |||
generated by the signing service | |||
o the ephemeral public key will be certified by this CA | |||
o the ephemeral private key generated will then be used to | |||
sign the addon archive in Mozilla's own bastardized | |||
implementation of JAR signing that we know as "XPI signing" | |||
o the freshly certified ephemeral public key will be included | |||
in the addon as part of the signature chain | |||
o the ephemeral private key and certificate are thrown away | |||
Review the diagrams below to see the higher level view: | |||
[[File:Add-on_Signing_-_Main_Flow.png]] | [[File:Add-on_Signing_-_Main_Flow.png]] | ||