What is the purpose of CRX file? - google-chrome

Chrome Store does not accept CRX file but simple ZIP file.
So I am confused why the CRX files exist? Also extracting the ZIP file and loading it unpacked option is still an option.
As far as I know Chrome does not allow extension installation other than Chrome Store.
So what is the purpose of the CRX file?

To add to the other answer: CRX has some extra metadata (it's signed with the extension's private key) compared to a ZIP. A CRX file can still be opened with a ZIP archiver though.
Since CWS does the signing itself (having the private key), it does not require a CRX.

It's possible to privately host an extension. To do this you need to host the CRX file. There's some information about this in the Google docs for hosting extensions.
If you have a managed Chromebook for example, then you can push out a privately hosted Chrome extension to users. There's an example of this in the Google help docs for managing apps/extensions under the 'Select apps and extensions for your users' section.
By privately hosting the extension it doesn't need to be in the Chrome store.

Related

Chrome extension - Can I share my extension as crx file for using someone?

I publish my extension in google web store and install it successfully in my chrome.
So I find extension's files in this directory:
C:\Users\User_Name\AppData\Local\Google\Chrome\User Data\Default\Extensions.
I use my extension for native messaging in chrome.
How do I get .crx file for publish my extension for other people without internet connections?
Or exactly like firefox *.xpi files.
Also:
If I pack extension's files in above DIR to zip and rename to crx file, and drop down to chrome this error occurs:
Package is invalid: CRX_HEADER_INVALID.
Packaging
Extensions and themes are served as .crx files. When uploading through the Chrome Developer Dashboard , the dashboard creates the .crx file automatically. If published on a personal server, the .crx file will need to be created locally or downloaded from the Chrome Web Store.
Download .crx from the Chrome Web Store
If an extension is hosted on the Chrome Web Store, the .crx file can be downloaded from the Developer Dashboard. Locate the extension under "Your Listings" and click on "More info". In the popup window, click the blue main.crx link to download it.
The downloaded file can be hosted on a personal server. This is the most secure way to host an extension locally as the contents of the extension will be signed by the Chrome Web Store. This helps detect potential attacks and tampering.
Create .crx locally
Extension directories are converted to .crx files at the Extensions Management Page. Navigate to chrome://extensions/ in the ominibox, or click on the Chrome menu, hover over "More Tools" then select "Extensions".
On the Extensions Management Page, enable Developer Mode by clicking the toggle switch next to Developer mode. Then select the PACK EXTENSION button.
Specify the path to the extension’s folder in the Extension root directory field then click the PACK EXTENSION button. Ignore the Private key field for a first-time package.
Chrome will create two files, a .crx file and a .pem file, which contains the extension’s private key.
Do not lose the private key! Keep the .pem file in a secret and secure place; it will be needed to update the extension.
Learn More
This is updated dashboard in order to download your crx file

Is it safe to upload my .crk and .pem file for my open source chrome extension?

Would it be safe if I uploaded the .crx and .pem files for an open-source chrome application? What could someone do if they had both of the files? I assume the files aren't needed anyway if you have the unpacked extension (as I understand it, the .crx file is the extension itself), so would uploading the files to GitHub give someone the opportunity to do someone malicious (should I gitignore the files), or would it be a safe way to back up these files?
The pem file for Google Chrome extensions are private keys and should not be distributed. The only way you would have gotten a pem file is by packaging up the extension on your own device. While you can do this the usefulness is limited as most users won't be able to install extensions via file instead of through the Chrome Web Store.
The private key is used to guarantee that future updates are from the same source as the original extension install. Anyone who has the private key can package extensions that Chrome users think were developed and deployed by you.
Note: if you have a Chrome extension pem file and have not yet published the extension to the Chrome Web Store, that anyone with the private key can create a listing of the extension and all existing users will automatically update to the CWS version.
A .pem file is just a shell for the real certificate. The only problem is that it can have a variety of different payloads like a private key of just a public certificate or even whole certificate chains. If the pem file you have is only a public certificate you can distribute it. If it has a private key then under no circumstance should you give it to anyone because they can impersonate you. You can check what the pem file has in it with the portecle application. A quick google search will bring you to the application home page.

How to make a .crx file installer?

I have made many CRX files for Google Chrome, and I was wondering if there was a way for someone to download the CRX file from my website and have it automatically installed (like it does for the Chrome Webstore)?
There's a special API from Google to install applications and extensions inline from your website. However, it is still hosted in the Chrome Web Store. The advantage is that user doesn't have to leave your website. It is called chrome.webstore API.
Nice read about API itself:
https://developer.chrome.com/extensions/webstore.html
More about inline installation:
https://developers.google.com/chrome/web-store/docs/inline_installation.

Upload extension in to app store with .crx and some addition files

I've developed extension for Chrome and I want to upload it in to Crome app store, but the issue is in that I have not only .crx file, which is needed but also some other files and dlls which should be installed in to "program files" folder.
So how can I upload my extension in to app store with .crx and some addition files?
Though I can't think of any reason why a Chrome Extension would need to install any DLLs, it is possible according to the Chrome Extension Developer FAQ. You'll end up using the NPAPI Plugin to access your DLLs, though you will need to go through an additional security review before your application gets published.

Now that chrome forces extensions to be downloaded using the webstore, is there a chance to migrate my old users?

I have an extension that I used to host on my server.
I have an update url pointing to my server where updates are automatically published to the users.
The newest chrome version does not allow installation of extensions over 3rd party urls, they need to be hosted in the webstore.
If I do that, do all users need to re-add the extension, or can they somehow migrate seemlessly to recieve future updates from the webstore?
Publish to the webstore, with the same id, by importing your existing key:
Put your private key as 'key.pem' in the root yof your extension directory and zip it along the extension. It will be removed upon upload.
Republish the old crx with update_url set to:
http://clients2.google.com/service/update2/crx
This way it will be seamless.
(Source:
https://groups.google.com/forum/?fromgroups#!topic/chromium-extensions/3vvygtEajMQ%5B1-25%5D
https://groups.google.com/a/chromium.org/forum/?fromgroups#!topic/chromium-apps/qZ5PXH2KzPs%5B1-25%5D )
You can still use 3rd party .crx extensions, themes, apps, etc.
But the file must be downloaded to a local folder and then dragged into the extensions manager (chrome://chrome/extensions/).