This is a step-by-step guide on how to digitally sign your Digital Workspace Platform Extension to ensure the latest security standards for all consumers of your Extension.
Signing your Extension
To sign your Extension all you need is the Matrix42 Command-Line Interface (CLI), the ZIP file containing your Extension data and the PFX file which resembles your Developer Identity:
> m42 sign path/to/extension.zip --identity path/to/identity.pfx
You will be prompted to enter the password of your Developer Identity.
After the signing is done the specified ZIP file will be approximately 2kb larger. (The digital signature is attached.)
You can read more about why you should sign your Extension here.
Verifying the signature of an Extension
You can also use the Matrix42 CLI to verify if an Extension (ZIP) is digitally signed and also if the signature is still valid:
> m42 verify path/to/extension.zip
This command will either throw an error "No valid signature found." or will succeed with the message "Signature verified.".
Here are some interesting things about...