Extension Source Code

Setting up the extension source code for secure distribution.

Setting up the Browser Protector Extension For Distribution

Before deploying the Protegrity Browser Protector extension in your organization, you must set up the extension source code for secure distribution. This involves signing the extension and packaging it into a .crx file, which can then be distributed to users or deployed via MDM tools like Microsoft Intune.

Signing the extension ensures its integrity and authenticity, allowing browsers to verify that the extension has not been tampered with and originates from a trusted source. Packaging the extension into a .crx file makes it suitable for enterprise distribution and deployment.

Signing the Extension Binaries

Follow the steps below to create signed crx browser extension file.

Prepare the Extension Source Code

  1. Protegrity will provide the following artifact.

    • WAP_ALL-ALL-64_x86-64_Browser.Chrome-<version>.zip

    The deployment package you receive from Protegrity must be extracted to reveal the Protegrity Browser Extension source files.

  2. Extract the deployment package you receive from Protegrity to a folder. That folder will have Protegrity Browser Extension source files.

  3. Place the extension source files folder in a directory on your system.

Generate a Private Key

  1. A private key is required to sign the extension. If you do not already have a private key, you can generate one using a key management tool or browser-specific utilities.

You can use the Chrome Developer Tools to generate a private key during the signing process.

  1. Store the private key securely, as it is critical for signing the extension and maintaining its authenticity, for instance when pushing new versions of the extension.

Security Guidelines

  • Do not share the private key with unauthorized personnel.
  • Store the private key in a secure location, such as a password-protected key management system or hardware security module (HSM).
  • Ensure backups of the private key are kept in a secure environment.

Sign the Extension Using Chrome Developer Tools or the Chrome Command Prompt

Sign the Extension Using Chrome Browser Developer Tool

  1. Open the Google Chrome browser.

  2. Navigate to the extensions management page by entering the following URL in the address bar:

    chrome://extensions

  3. Enable Developer Mode.

    At the top right corner of the extensions page, toggle the Developer Mode switch to enable it.

  4. In Developer Mode, a new toolbar will appear at the top of the extensions page.

  5. Click the Pack Extension button to open the packaging tool.

  6. In the popup window:

    • Extension root directory: Click the Browse button and select the folder containing Protegrity Browser Extension source files.
    • Private key file (optional): If you already have a private key file (.pem), provide its path by clicking Browse and selecting the file. This ensures the same key is used to sign the extension.
    • If you do not provide a private key, Chrome will generate one for you during the packaging process.

  7. Click Pack Extension to generate the files.

Sign the Extension Using Chrome Command Prompt

  1. Open a terminal or command prompt on your system.

  2. Use Chrome’s chrome.exe tool or a third-party utility to sign the extension. For Chrome, the command is as follows:

    chrome.exe --pack-extension=path_to_extension_directory --pack-extension-key=path_to_private_key

Locate the Generated Files

Once the packaging process is complete, Chrome will create the following files:

  • A .crx file: This is the signed extension package, which can be distributed and installed.
  • Optional: A .pem file: If no private key was provided, Chrome will generate a new .pem file. This file contains the private key and must be securely stored.
  • The .crx file will be required in the Read Extension ID section.

Do not share the .pem file with unauthorized individuals, as it is used to sign future versions of the extension.

Read Extension ID

  1. Locate the .crx file from the Locate the Generated Files section.
  2. Open Chrome and navigate to the Extensions page:
    • Type chrome://extensions in the address bar and hit Enter.
  3. In the top-right corner of the Extensions page, toggle Developer mode ON.
  4. Drag the .crx file and drop it onto the Extensions page in Chrome.
  5. When prompted, click Add Extension to complete the installation.
  6. The 32 character long extension ID will be displayed on the extension tile, for instance: ID: abcdhleonbdlhddgbcfhffafcnjjabcd
  7. Note the pty_extension_id.

The extension ID stays the same when as long as the same private key (.pem file) is used to sign it, even when updating the extension.

Security Guidelines

  • Keep the .pem file secure. If it is lost, you will not be able to sign future versions of the extension, and you will need to distribute a new .crx signed with a new key.
  • Never share the .pem file publicly or store it in insecure locations.
  • Use a secure key management system to protect your private key.

By following these steps, you can create a signed .crx file that is ready for secure distribution and installation in Chrome.


Last modified : July 18, 2025