A random sampling of the extensions available on addons.mozilla.org shows that the majority of extensions available for download are unsigned. The only signed extension found in the search was the Google Toolbar.
The use of unsigned extensions encourages the end user to ignore the Unsigned warning in the corner.
(I’m not picking on Adblock specifically, it was [...]
XPISigner creates signed extensions or plug-ins for Firefox and Thunderbird.
It is a replacement for signtool.exe
Requirements:
Java 5 or higher
PKCS#12 (PFX) file containing your signing key and certificate
Your unpacked xpi directory structure
To sign the xpi file you need to point XPISigner at the directory containing your unpacked xpi.
XPISigner processes each file in the directory calculating the MD5 [...]
Let’s take a signed XPI apart and see what’re required to build a tool like XPISigner
We’ll use the Google Toolbar for Firefox as an example. It’s already signed and we can see it works when we download it.
Save off the xpi file from http://dl.google.com/firefox/google-toolbar.xpi
a blog about a little codesigning tool and its author.
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| May » | ||||||
| 1 | ||||||
| 2 | 3 | 4 | 5 | 6 | 7 | 8 |
| 9 | 10 | 11 | 12 | 13 | 14 | 15 |
| 16 | 17 | 18 | 19 | 20 | 21 | 22 |
| 23 | 24 | 25 | 26 | 27 | 28 | 29 |
| 30 | ||||||
