Google Chrome is using alpha numeric hashes as identifiers for the Chrome extensions. For eg. "ajpgkpeckebdhofmmjfgcjjiiejpodla" is the identifier for XMarks Bookmark Sync extension.
Which algorithm is in use here to generate such strings? How are they ensuring uniqueness?
Hi Vijay,
Chromium generates the id via public key. If you use the extension gallery, they handle all that for you.
From the source:
bool Extension::GenerateId(const std::string& input, std::string* output) {
CHECK(output);
if (input.length() == 0)
return false;
const uint8* ubuf = reinterpret_cast<const unsigned char*>(input.data());
SHA256Context ctx;
SHA256_Begin(&ctx);
SHA256_Update(&ctx, ubuf, input.length());
uint8 hash[Extension::kIdSize];
SHA256_End(&ctx, hash, NULL, sizeof(hash));
*output = StringToLowerASCII(HexEncode(hash, sizeof(hash)));
ConvertHexadecimalToIDAlphabet(output);
return true;
}
Take a look at extension.cc file it has more detailed information such as generating the .pem file exncoding/decoding, etc.
To be precise, it's the first 128 bits of the SHA256 of an RSA public key encoded in base 16.
Another random bit of trivia is that the encoding uses a-p instead of 0-9a-f. The reason is that leading numeric characters in the host field of an origin can wind up being treated as potential IP addresses by Chrome. We refer to it internally as "mpdecimal" after the guy who came up with it.
I've posted a short Ruby script to calculate the extension id from the private key: http://supercollider.dk/2010/01/calculating-chrome-extension-id-from-your-private-key-233. This pretty much follows Erik Kay's description of the format.