Reputation: 3555
What is the Chrome extension .pem file for?
When I created my first Google Chrome extension, I followed the labyrinth of instructions to a T and was left with a successfully launched extension. I was also left the new owner of an enigmatic .pem file that I was warned to place in a secure spot and never lose. I conscientiously placed the file in a safe place and possibly made several backups while I was at it. It has been several months now, and while I have launched some more extensions and made quite a few updates, I have, not once, looked back at the .pem file. What is this file that I have been guarding with my life -- and would it really be so terrible if I decided to clear out some clutter and delete it?
I have tried to investigate further into what this file is, but for something that is supposedly so crucial, there is very little information out there. The documentation states only:
Do not lose the private key! Keep the .pem file in a secret and secure place; it will be needed to update the extension.
This statement is most definitely untrue, as I have made quite a few updates with nary a glance at the .pem. I also found this question on SO, but the only information provided is that it is needed to:
Update the extension
Again, untrue, and:
Upload a previously packaged extension to the Chrome Web Store (make sure that the file is called key.pem
I am honestly not sure what case that refers to.
I have also managed to glean that the file has something to do with certificates and signing, a topic that I know very little about.
Can someone provide me with a comprehensive explanation of what exactly the .pem is and why, according to everything I've come across, I must keep track of it so carefully?
Upvotes: 8
Views: 10796
Answers (2)
Reputation: 8306
As far as I know, the .pem (and actually .crx files in general) are no longer used when publishing extensions to the chrome web store. They only come into play for local/sideloading development
The .pem file is used in combination with a .crx file when you are NOT using the chrome store, and instead sideloading your extension.
So, let's say you make an app, package it, and put the file on a fileshare. In the manifest.json, you might have a update_url set to deliver updates.
If you want to update the app in this case, it must be signed with the same .pem file when generating the .crx
https://developer.chrome.com/apps/autoupdate#update_url
Upvotes: 7
Reputation: 42534
The only use I know for the .pem file is to be able to preserve your extension ID when you upload the extension to the Chrome Web Store.
When you first upload an extension, the Web Store generates a new extension ID randomly.
If you DO NOT want the Web Store to generate an ID but rather you want to keep the ID you had locally on your computer (when you were developing the extension) then you upload the extension with the key.pem file included inside the package.
More info here: How to change chrome packaged app id Or Why do we need key field in the manifest.json?
And here: Transferring an existing extension to the gallery
Upvotes: 5
Related Questions
- What is the purpose of the computed_hashes.json and verified_contents.json files in a secure Chrome extension?
- Google Chrome Extension manifest.json file
- chrome store extension private rsa key
- chrome extension - manifest version 2
- What is "chrome-extension://"
- chrome extension strange request
- What is a .pem file and How to use it?
- Access .pem file which has been automatically generated by the Chrome Webstore
- OSS Chrome Extension - Should I check-in pem file?
- how does the manifest for chrome extensions work?