canmove, Confirmed users
1,570
edits
Extension Manager:Addon Update Security:Signature: Difference between revisions
Extension Manager:Addon Update Security:Signature (view source)
Revision as of 21:58, 8 August 2007
, 8 August 2007→Update Manifest Signature
(New page: This page sets out more details about the digital signature method of securing add-on update manifests. == Update Public Key == In order to verify the signature in the update manifest, a...) |
|||
| Line 48: | Line 48: | ||
The string includes the add-on's id, the version of every listed update and all the target application information as well as the url of the updated xpi and if present the hash for that xpi. | The string includes the add-on's id, the version of every listed update and all the target application information as well as the url of the updated xpi and if present the hash for that xpi. | ||
This is an example of the generated string: | |||
{dd0cc141-203e-4217-9218-0822d517d4ed}:2.0({ec8030f7-c20a-464f-9b0e-13a3a9e97384}:2:2.0.0.*:http://www.example.com/addon.xpi) | |||
This is then signed using the author's private key. The signature is base64 encoded and added as an em:signature resource to the add-on's update manifest. Following is an example update manifest with an included signature: | This is then signed using the author's private key. The signature is base64 encoded and added as an em:signature resource to the add-on's update manifest. Following is an example update manifest with an included signature: | ||