Reputation: 77
How to get browser certificate to digitally sign a payload using Chrome Extension
I am working on a chrome extension to get access to the list of certificates on my browser (Including the class 3 certificate I purchased).
This is the manifest.json
{
"manifest_version": 2,
"name": "Coding Train Extension 2",
"version": "0.001",
"permissions": ["storage", "activeTab", "scripting"],
"content_scripts": [
{
"matches":["<all_urls>"],
"js": ["content.js"]
}
],
"background":{
"scripts": ["background.js"]
},
"browser_action":{
"default_icon": "logo.png"
}
}
This is the background.js
console.log("This is inside background...");
chrome.browserAction.onClicked.addListener(collectAvailableCertificates);
function collectAvailableCertificates() {
// Return all certificates that this Extension can currently provide.
// For example:
return [{
certificateChain: [new Uint8Array()],
supportedAlgorithms: ['RSASSA_PKCS1_v1_5_SHA256']
}];
}
In this test, the content.js is not being used much. I have an icon of the extension on browser and on its click I am triggering the background.js. I am trying to emulate the APIs provided in the Chrome API documentation https://developer.chrome.com/docs/extensions/reference/certificateProvider/
How to call the methods like collectAvailableCertificates(), handleSignatureRequest(request) as seen in the document is what I am pursuing. My aim is to use this purchased certificate to digitally sign an xml payload.
Upvotes: 0
Views: 1670
Answers (1)
Reputation: 77541
The certificateProvider API has an entirely different goal in mind.
It's only available for Chrome OS as a way to manage certificate authentication for web requests - and not any other use of certificates (you seem to be aiming to sign an arbitrary payload in your code).
It also does not provide any cryptography required to use a certificate for signing, that's outside its scope (in fact, the extension using it is expected to implement signatures themselves), nor will it give you access to the OS certificate store if your certificate is stored there.
All this API does it make the browser aware what certificates made are available (by the extension) when a web server requests HTTPS client certificate authentication.
Nothing less, nothing more. Some Chrome APIs exist only for management functions on Chrome OS where other interfaces are unavailable.
The information regarding Chrome OS restriction was available on the documentation website as late as Oct 2021, but does not seem to be reflected in the current one, which is a documentation website bug. And it's not like it's been extended to work elsewhere - that would be mentioned on the What's New page, but it again confirms in Oct 2021 that it's a "Chrome OS API" and has no mentions since.
You should be looking at Web crypto APIs instead, e.g. SubtleCrypto.sign, but that would mean including your private key in the extension itself.
EDIT: Actually, Chrome has another related API, chrome.platformKeys, that may allow access to the OS certificate store (if that is your situation - needing to use an installed certificate without including it into the extension).
It can be used to request the public/private key out of the OS store and further use its own version of SubtleCrypto to work with them.
Upvotes: 1
Related Questions
- "No matching signature" error on adding a chrome.webRequest listener
- Is there any way to access certificate information from a Chrome Extension
- chrome extension bypass certificate exception
- Chrome Postman add a certificate to the request sent to a service
- Using a PAC file in a Chrome Extension to redirect HTTPS requests seems to fail
- js signature on chrome with OS keystore
- Signing an extension
- Get fingerprint of current page's SSL certificate in a Chrome extension
- HTTPS Ajax Request from a Chrome Extension not working
- Downloading HTTPS resources of a webpage for Google Chrome extension