Securing Chrome Native Message host

Question

I'm developing an application using Chrome Native Messaging that starts through a Chrome Extension.

My question is: How can I ensure that host application is really the same supplied by me?

I need to ensure the authenticity the application called by extension. How do I get it if I don´t have permission to read registry or check if something was changed?

Answer 1

That is an excellent question, and my guess is the answer is "unfortunately, you can't".

It would be interesting to implement some sort of cryptographic hash like the ones Chrome uses to verify extension files, but that's not a very strong guarantee.

Consider (all of this hypothetical):

• You can secure the registry entry / manifest pretty easily this way, but what about the file itself?
• Suppose you pin a hash of the executable, then it becomes painful to update it (you'll have to update the extension too in sync). Can be resolved with some kind of public key signature though instead of a hash.
• Suppose you pin the executable in the manifest. What about its data files? More importantly, what about the libraries a native app uses?

Securing a Chrome extension/app is easy, since the only "library"/runtime you rely on is Chrome itself (and you put trust into that). A native app can depend on many, many things on the system (like the already mentioned libraries), how do you keep track?

Anyway, this seems like an interesting thing to brainstorm. Take a look the Chrome bug tracker if there is already anything similar, if not - try to raise a feature request. Maybe try some Chromium-related mailing list to ask the devs.