Extension Encrypting and Signing
When you upload an extension to Extension Warehouse for publication, or when you upload an extension to our Extension Signing Portal, your extension goes through a digital signing process and an optional encryption process.
Our signing process involves our server analyzing the .rbz extension package you upload, and injecting it with a special signature file. When a user installs your extension, SketchUp reads that signature file and compares it to the contents of your extension to verify that nothing in your extension has been altered since you signed it on our server. If the signature matches, your extension is allowed to load. If there is a mismatch with the signature and the contents of your extension, OR if your extension is not signed at all (maybe because you are distributing it through a different website and you have chosen to not sign it before distributing), then SketchUp might not load your extension at all, depending on the extension Loading Policy the user has chosen.
SketchUp has three different Extension Loading Policies. Please see our Help Center article for more information on these policies.
When you submit your extension to Extension Warehouse for erview, or on our Signing Portal page to get it digitally signed, you also have the option to encrypt the ruby files.
You have the ability to encrypt for both the old .rbs encryption type which and the more modern .rbe encryption type. Please note that if you encrypt only for 2016 and newer versions, your extension will not be compatible with SketchUp 2015 or earlier.
A few important things to know about encryption:
- We do not encrypt the root .rb file in your .rbz package. That will always stay unencrypted. You should not put any important code Intellectual Property in that file as it will not be encrypted.
- We do not accept any pre-encrypted .rbs or .rbe files in your .rbz package. Please only upload the .rb files. We will find them, encrypt them per your encryption choice, and then delete them from the package we return to you. If you used to use our scrambler.exe to create .rbs files, we will not allow that in this portal. We will scramble to .rbs for you.
- All .rb files (except the root level .rb file) will be encrypted. This may require a few code changes to make sure that you are using Sketchup.require, which is the only way to require one of our encrypted files so that SketchUp can decrypt it for loading.
- You may choose either, or both, of the supported encryption types. It has been noted by the developer community that the old .rbs scrambled files are not very secure against hackers. You may choose to use that encryption to maintain backwards compatibility. However you need to be aware of the potential risk. If you are wanting to keep your plain text code out of the hands of most casual SketchUp users, the .rbs filetype is still considered acceptable for this purpose.