Extension Signing and Encryption

Extension Encrypting and Signing

When you upload an extension to Extension Warehouse for publication, or when you upload an extension to our Extension Signing Portal, your extension goes through a digital signing process and an optional encryption process.

Digital Signature

Our signing process involves our server analyzing the .rbz extension package you upload, and injecting it with a special signature file. When a user installs your extension, SketchUp reads that signature file and compares it to the contents of your extension to verify that nothing in your extension has been altered since you signed it on our server. If the signature matches, your extension is allowed to load. If there is a mismatch with the signature and the contents of your extension, OR if your extension is not signed at all (maybe because you are distributing it through a different website and you have chosen to not sign it before distributing), then SketchUp might not load your extension at all, depending on the extension Loading Policy the user has chosen.

SketchUp has three different Extension Loading Policies. Please see our Help Center article for more information on these policies.

Ruby Encryption

When you submit your extension to Extension Warehouse for review, or on our Signing Portal page to get it digitally signed, you also have the option to encrypt the ruby files.

A few important things to know about encryption:

  • We do not encrypt the root .rb file in your .rbz package. That will always stay unencrypted. You should not put any important code Intellectual Property in that file as it will not be encrypted.
  • We do not accept any pre-encrypted your .rbz package. Please only upload the .rb files. We will find them, encrypt them per your encryption choice, and then delete them from the package we return to you.
  • All .rb files (except the root level .rb file) will be encrypted. This may require a few code changes to make sure that you are using Sketchup.require, which is the only way to require one of our encrypted files so that SketchUp can decrypt it for loading.
  • It has been noted by the developer community that the old .rbs scrambled files are not very secure against hackers so we have removed the .rbs option. If you want to keep your code out of the hands of most casual SketchUp users you should use the .rbe encryption. Be aware that no encryption method is fully unhackable.