5 Replies Latest reply on Oct 22, 2015 11:06 PM by matias.kiviniemi

    Extension signing

    JetawnS Level 1

      I have almost come to the conclusion selfsigning a photoshop extension is impossible with Photoshop CC 2015.  I have used ZXPSignCmd successfully but can not get my extension to get past the signing issue.  On load I get an error telling me the extension is not properly signed.  All is good in debub mode but try to load and panel appears but will not populate with content then errors with not properly signed.  Any help would be greatly appreciated. 

        • 1. Re: Extension signing
          JJMack Most Valuable Participant

          I don't create extensions. I only created one using one of Adobe configurator and that did the signing for its Photoshop version.  Adobe Photoshop extension feature environment seems to change with each release of Photoshop and are not compatible. I rather just write Scripts and record actions that work in all Photoshop versions. Adobe is working on that to the new ScriptUI CC 2015 does not work like ScriptUI did in prior versions of Photoshop and has issues.



          Did you do both ZXPSignCmd steps required for selfsigning

          Creating a self-signed certificate:


          ./ZXPSignCmd -selfSignedCert US NY MyCompany MyCommonName abc123 MyCert.p12

          This generates a file named MyCert.p12 in the current folder. You can use this certificate to sign your extension:


          ./ZXPSignCmd -sign myExtProject myExtension.zxp MyCert.p12 abc123

          This generates the file myExtension.zxp in the current folder, adding these two files to the packaged and signed extension in the final ZXP archive:

          • mimetype : A file with the ASCII name of mimetype that holds the MIME type for the ZIP container (application/vnd.adobe.air-ucf-package+zip).
          • signatures.xml: A file in the META-INF directory at the root level of the container file system that holds digital signatures of the container and its contents.
          • 2. Re: Extension signing
            matias.kiviniemi Level 3

            Are you talking about getting panel to load on your test machine or distributing to other people? With CC 2015 the big issue is that it no longer works with Adobe Extension Manager, i.e. a valid .zxp in general does not install properly by double clicking it. It's quite confusing since AEM still opens the files and can copy somethings in right places depending how you made the .zxp possibly leaving Photoshop in a mixed state state of files.


            My way of trying to maintain sanity

            • Have scripts to clean up everything you might have installed
              • Windows
                • (Addons install location) \Program Files (x86)\Common Files\Adobe\CEP\extensions
                • ("normal" install location) C:\<username>\AppData\Roaming\Adobe\CEP\extensions
              • Mac
                • ~/Library/Application Support/Adobe/CEP/extensions
            • Have scripts for copying development versions
            • Have scripts for repackaging
            • Before uploading to store create a test package that is not public but shared with you and verify all files get in right places
            • When not store testing, uninstall your extensions from Adobe Addons site so CC does not resync files back to you


            One specific point that might be your problem is that in debug mode Photoshop does not verify signature when loading panels. Not in debug mode it does and any leftover file in the folders will break this even with valid signature. Also the signature is in META-INF/signatures.xml and if you're testing by copying files then you get this by extracting the signed zxp


            If still in trouble tell us

            • Windows/Mac
            • How do you "install"
            • your .mxi/manifest.xml
            • 3. Re: Extension signing
              JetawnS Level 1

              Thanks for the response.  This is a panel that has been distributed through out several territories of my company and used for a while.  After the release of cc 2015 Eclipse no longer would time stamp with the standard https://timestamp.geotrust.com/tsa url.  This seems to be the issue.  Self signing my extensions is now problematic.  I have the same issue with the ZXPSignCmd utilizing both steps you mentioned.  This process of signing does not create the metainfo file that Eclipse does but does create the MetaInfo folder containing the signature file + mimetype file.  I'll keep plugging away at this.  Thank you for the information!

              • 4. Re: Extension signing
                DBarranca Level 4


                do you happen to use latest OSX El Capitan? It's known that ZXPSignCmd fails the timestamping with geotrust - don't ask me why - but it works with Mavericks. By the way, timestamping should be optional in most cases, so try doing just signing.



                Davide Barranca




                • 5. Re: Extension signing
                  matias.kiviniemi Level 3

                  Another signing issue I've experienced was in the formatting of the cert file. I.e. after some update things just stopped working because some variation of the certificate file format/structure stopped being supported. The solution was to import the cert to browser(s) and try re-exporting it with different options until some worked.