Skip to main content
Matrix42 Self-Service Help Center

Sign Releases using your Matrix42 Developer Identity

This is a step-by-step guide on how to digitally sign your Digital Workspace Platform Extension to ensure the latest security standards for all consumers of your Extension.

Prerequisites

Signing your Configuration Package

To sign your Configuration Package all you need is the Matrix42 Command-Line Interface (CLI), the ZIP file containing your Extension data and the PFX file which resembles your Developer Identity:

> m42 sign path/to/extension.zip --identity path/to/identity.pfx

You will be prompted to enter the password of your Developer Identity.

After the signing is done the specified ZIP file will be approximately 2kb larger. (The digital signature is attached.)

You can read more about why you should sign your Extension here.

Verifying the signature of a Configuration Package

You can also use the Matrix42 CLI to verify if an Extension (ZIP) is digitally signed and also if the signature is still valid:

> m42 verify path/to/extension.zip

This command will either throw an error "No valid signature found." or will succeed with the message "Signature verified.".

 

  • Was this article helpful?