Reputation: 1733
How to ensure the Chrome App is native communicating with the right executable
I'm currently using a chrome App that communicates with an executable, using Chrome Native Messaging.
I'm wondering how my chrome app is exactly sure the executable is currently the good one, and not an executable that someone else would have replaced at the same directory as indicated in the registry.
Is there a means to indicate the hash of the executable in the chrome app manifest ?
Thanks in advance,
Upvotes: 1
Views: 126
Answers (1)
Reputation: 1733
It's currently impossible to guarantee 100% that the executable used to communicate with the extension is the right one.
However, you can use various techniques in order to complicate the task of the hacker.
- Obfuscation of your code (ConfuserEx is free and very effective)
- Using a public / private key pair (generated on the fly) and verify the signature of the response from the executable in server side
- hide your private key (is that really possible ?)
Remember that those techniques won't persist in the long term, it's a bit of a vain act.
It's safer to assume that the native host will be hacked eventually. And in the case it's hacked, the code contained in the executable is not critical, and furthermore, the perimeter of the extension is known on server side (in order to prevent attacks on server using the native messaging host).
Upvotes: 1
Related Questions
- Security of native messaging?
- communication between native-app and chrome-extension
- Chrome App fails to communicate with native host on windows
- Securing Chrome Native Message host
- How to get Chrome Native Messaging to Listen to application?
- Native messaging to .NET application on Windows
- What is causing an "Error connecting to native app" when connecting to a native host application with connectNative() in a Chrome extension?
- What is Native Messaging between applications and how does it work?
- Chrome Native Messaging Api not working on Linux
- launch my installed application from chrome browser