Extension Digital Signature

We are working hard to help protect your extensions. This new Extension Signature portal is one more step in that direction. With SketchUp 2016 we have created three different Extension Loading Policies. Please see our Help Center article for more information on these policies

Note: For your security and privacy, the digital signature page is using a secure connection to the Extension Warehouse. You may be required to Sign In again when you access this page..

Instructions

  1. Click the "Add Files" button or drag an .rbz file into the upload box . Then click "Start Upload" to upload the rbz to be digitally signed.
  2. Optionally, select if you want your ruby files to be encrypted.
  3. Click on the "Sign the Extension" button to begin the process.

Please log in. If you are a developer, you will be able to encrypt and secure your extensions. Not a developer? Sign up here!

Additional Notes:

  • See the instructions below for more detailed explanations of how to handle various signing scenarios such as signing a single .rb file, or signing extension files that aren’t installed as an .rbz but are installed directly via an installer that you have written.
  • After clicking the “Sign the Extension” button, we will quickly process your extension and display a banner with a link to download your digitally signed and optionally encrypted extension.
  • Verify that all files were encrypted the way you expected before distributing your extension publicly.
  • The "Sign the Extension" button will only be enabled when you have selected a single .RBZ file. All other file types are not allowed.
  • If you will be distributing your extension on the Extension Warehouse, this same signing and encrypting functionality has also been added to the Upload/Update and extension form.
  • The page may turn white and/or timeout if you are signing a large file. We have noticed that around 50mb or larger is where this timeout tends to start happening. The signing process will still continue in the background. If you hit refresh, or navigate to another page eventually the banner with the download link will appear. [We are working to get this problem fixed.]

Ruby Extension Digital Signature

All SketchUp extensions for 2016 or later will now require a Digital Signature to run in the highest security mode - “Identified Extensions Only”. If the user has chosen “Approve Unidentified Extensions” then all signed extensions will load automatically and any unsigned extension will have to be approved by the user. All extensions signed and unsigned, will load in “Unrestricted” mode.  

SketchUp 2016 SketchUp defaults to “Unrestricted” mode in order to help give developers time to sign their extensions and get them widely distributed.

You can use the SketchUp digital signature tool on this page to create a Digital Signature for your extension. Please note that you will need to re-sign your extension each time you make code changes and want to release it.

Extension Warehouse Bonus: If you distribute your extension on the Extension Warehouse, we will add this digital signature automatically into your rbz when you upload your extension for review.

Digital Signature Instructions and Best Practices

Signing your extension is easy and should be a fast process. Below are some guidelines that will help you learn how to use this new feature.

 

General Requirements

  • .rbz files are simply .zip files renamed to have an .rbz extension.

  • We only accept a single .rb file in the root of the .rbz.

  • If you have additional files, they must all be organized inside of a folder that has the same name as the root .rb file. For example, if your root ruby file is named gocorp_swiveldriver.rb, you must have a folder named gocorp_swiveldriver at the same level. Inside this folder is where we will place the extension digital signature.

 

How to Sign a Typical .rbz Package

A “typical” .rbz consists of an extension that is packaged according to the Extension Warehouse guidelines. See the Publishing Guildelines section on this page for more information. If you follow these guidelines and .rbz content structure, then your extension will be signed correctly.

How to Sign a Single .rb file

Digitally signing an extension requires a minimum of a .rb file, a folder with the same name and we will inject a signature file into that folder. So if you are wanting to sign a single .rb style plugin, you can do that with our Digital Signature portal. You will have to distribute that plugin with the original rb file, a folder and hash file to maintain the digital signature. To sign your file:

  • zip it up so that it is the only file inside the zip file.

  • Rename the .zip file to .rbz

  • Upload the .rbz file to the Digital Signature Portal and follow the instructions

  • The returned .rbz will have your extension file, a folder with the same name and a digital signature has file inside the folder.

  • The returned .rbz file will be ready to distribute.

  • *Encryption will not work on these files since encryption never encrypts the root .rb file.

How to Sign an Extension for an Installer

If you have an extension that you bundle inside your own installer and do not typically ever use the .rbz file format, follow these instructions:

 

  1. Take all the files that your installer puts into the plugins folder and bundle them up into a zip file.

  2. Rename the zip file to .rbz

  3. Then upload the .rbz to the Extension Digital Signature portal.

  4. Download the returned file.

  5. Rename the .rbz back to.zip

  6. Extract the contents.

  7. Take the hash file that was injected and put it into your installer.

  8. It must be installed in the exact same location, inside a folder with the same name that was used when signing it.

Ruby Encryption 2.0

We have completely overhauled our ruby file encryption system for SketchUp 2016. When you submit your extension for digital signature, you also have the option to encrypt the ruby files with our new encryption software.

In this new Digital Signature portal, we have included the ability to encrypt for both the old .rbs file type and the new .rbe file type by selecting the appropriate checkboxes. Please note that if you encrypt only for 2016 and newer versions, we will only include .rbe files and your extension will therefore not be compatible with SketchUp 2015.

General Notes and Requirements

 

  • We do not encrypt the root .rb file in your .rbz package. That will always stay unencrytped. You should not put any important code Intellectual Property in that files as it will not be encrypted.

  • We do not accept any pre-encrypted .rbs or .rbe files in your .rbz package. Please only upload the .rb files. We will find them, encrypt them per your encryption choice, and then delete them from the package we return to you. If you used to use our scrambler.exe to create .rbs files, we will not allow that in this portal. We will scramble to .rbs for you.

  • All .rb files (except the root level .rb file) will be encrypted. This may require a few code changes to make sure that you are using Sketchup.require, which is the only way to require one of our encrypted files so that SketchUp can decrypt it for loading.

  • You may choose either, or both, of the supported encryption types. It has been noted by the developer community that the old .rbs scrambled files are not very secure against hackers. You may choose to use that encryption to maintain backwards compatibility. However you need to be aware of the potential risk. If you are wanting to keep your code out of the hands of most casual SketchUp users, the .rbs filetype is still considered acceptable for this purpose.