Allow an extension to configure Firefox security devices_PCKS11

ivan1224 · March 13, 2024, 6:50pm

Dear all,
can you please help me with creating PKCS11 add-on?

I made three files: Native messaging manifest (manifestmessaging.json), PKCS #11 manifest (manifestpkcs.json) and background-script.js. All three files are zipped in file ‘‘AkeEidPkcs11_64.zip’’ and saved into folder: C:\webext\AkeEidPkcs11_64.

Below are scripts. Please note that ID is actually 80 digit GUID.

manifestmessaging.json

{

“name”: “AkeEidPkcs11_64”,

“description”: “my pkcs11 extension”,

“path”: “C:\\Program Files\\AKE\\eID Middleware\\pkcs11\\AkeEidPkcs11_64.dll”,

“type”: “pkcs11”,

“allowed_extensions”: [

"myextension@mycompany.fr

"

]

}

manifestpkcs.json

{

“name”: “AkeEidPkcs11_64”,

“description”: “My pkcs11 extension”,

“path”: “C:\\Program Files\\AKE\\eID Middleware\\pkcs11\\AkeEidPkcs11_64.dll”,

“type”: “pkcs11”,

“version”: “1.0”,

“manifest_version”: 2,

“background”: {

“scripts”: [

“background-script.js”

]

},

“browser_specific_settings”: {

“gecko”: {

“id”: “myextension@mycompany.fr”,

“strict_min_version”: “130.0”

}

},

“permissions”: [

“pkcs11”

]

}

background-script.js

var AkeEidPkcs11_64App = {

var: loadPKCS11 = browser.pkcs11.installModule(“AkeEidPkcs11_64”)

};

In Regedit I created two registry keys with the following name:

HKEY_CURRENT_USER\LOCAL_MACHINE\SOFTWARE\Mozilla\NativeMessagingHosts\AkeEidPkcs11_64

HKEY_CURRENT_USER\LOCAL_MACHINE\SOFTWARE\Mozilla\PKCS11Modules\AkeEidPkcs11_64

Both keys have the same path: C:\webext\AkeEidPkcs11_64.

When I load file ‘‘AkeEidPkcs11_64.zip’’ in about:debugging, Load temporary Add-on, I get message: ''File C:\webext\AkeEidPkcs11_64\AkeEidPkcs11_64.zip does not contain a valid manifest’’.

Please advise what could be a problem. Thank you.

dotproto · April 22, 2024, 5:05pm

Your extension does not contain a manifest.json file. As noted on MDN, this is the only file that an extension must contain.

ivan1224 · April 23, 2024, 2:34pm

Hi Dotproto,

so I should have these two json files: Native messaging manifest (manifestmessaging.json) and PKCS #11 manifest (manifestpkcs.json) join in one file called manifest.json.
And I should then zip this .json file with file ‘‘background-script.js.’’?

Ivan

dotproto · May 3, 2024, 2:48am

The documentation is a bit confusing here, but I think what it’s trying to say is that there are two manifest files you’ll need to set up:

The extension’s manifest.json - the file that tells the browser that the extension exists. Must be located in the extension’s root directory.
The native manifest file - Provides the browser with information about the native messaging host that a paired extension may communicate with. This file must be registered with Firefox using an OS-specific strategy. See Manifest location for details.

It just so happens that extensions that can expose PCKS #11 modules on the user’s system are a special type of native extension. In this case, the native messaging manifest you’re configuring is a PCKS #11 Manifest. Since this is just a specialized native messaging manifest, the manifest location details provided above still apply.

Hope that helps!