After you have successfully built your extension, you should package the extension in the ZXP format and sign the extension with a valid certificate in order to distribute your extension properly. This guide will walk you through the process of packaging, distributing, and installing your extension.
By the end of this guide, you will be able to:
- Package your extension in the
ZXPformat with a certificate - Install the packaged extension in your or others' machine
- Distribute the packaged extension
- Prerequisites
- Acquiring a signed certificate
- Creating and verifying a signed package
- Distributing the
ZXPPackaged Extension - Installing the
ZXPPackaged Extension
This guide assumes that you have a finished, working version of an CEP extension. If you have not built an CEP extension yet, make sure to visit Adobe CEP Getting Started Guide.
The signature verifies that the package has not been altered since it was packaged. When installing a package, your extension installer validates the package against the signature, and checks for a valid certificate. In addition, CEP checks for a valid certificate each time a host application tries to run an extension.
Certificates used to cryptographically sign documents or software commonly have expiration options between one and four years. If the certificate has no valid timestamp, and the certificate used to sign the extension has expired, the extension cannot be installed or loaded. There is no warning or notification to the user before the signature expires. To make your extension available to users again, you would have to repackage it with a new certificate. Thus, it is recommended to repackage the extension well before your installer certificate is due to expire to avoid users being unable to install your extension.
A valid timestamp ensures that the certificate used to sign the extension was valid at the time of signing. For this reason, you should always add a timestamp to the signature when you package and sign your extension. A timestamp has the effect of extending the validity of the digital signature.
These are the possible validation results:
| Signature | CEP result |
|---|---|
| No signature | Extension does not run |
| Signature invalid | Extension does not run |
| Certificate used to sign has expired and no timestamp exists | Extension does not run |
| Certificate used to sign has expired, but has a valid timestamp | Extension runs normally |
| Signature valid | Extension runs normally |
Adobe provides a command-line tool, ZXPSignCmd, that you can use to package and sign extensions. Access the CEP Resources page to download the toolkit for your platform.
You can use this tool to create a self-signed certificate, create a signed ZXP package, or verify an existing ZXP package. Note that this tool does not validate the content of your extension.
If you are unfamiliar with the required structure and content of the extension, refer to Adobe CEP Getting Started Guide.
There are two types of code-signing certificate: commercial certificates provided by a trusted certificate authority, and self-signed certificates. Commercial certificates must be purchased from a trusted certificate authority.
-
Using CA (Certificate Authority) - Your certificate signed by CA must satisfy these conditions:
-
The root certificate of the code-signing certificate must be installed in the target operating system by default. This can vary with different variations of an operating system.
-
The issuing certificate authority (CA) of the code-signing certificate must permit you to use that certificate to sign extensions.
-
-
Creating a self-signed certificate - If you do not have an existing certificate signed by CA, you can self-sign your package by using
ZXPSignCmddownloaded in the previous step by running the following command:
ZXPSignCmd -selfSignedCert <countryCode> <stateOrProvince> <organization> <commonName> <password> <outputPath.p12> [options]
| Parameters | Description |
|---|---|
| countryCode | The certificate identifying information for your country. |
| stateOrProvince | The certificate identifying information for your state or providence. |
| organization | The certificate identifying information for your organization. |
| commonName | The certificate identifying information for your common name. |
| password | The password for the new certificate. |
| outputPath.p12 | The path and file name for the new certificate. |
| options(locality) | -locality <code> If supplied, the locale code to associate with this certificate. |
| options(orgUnit) | -orgUnit <name> If supplied, an organizational unit to associate with this certificate. |
| options(email) | -email <addr> If supplied, an email address to associate with this certificate. |
| options(validityDays) | -validityDays <num> If supplied, a number of days from the current date-time that this certificate remains valid. |
Once you run the command, this will output the self-signed certificate at the specified <outputPath.p12>.
Example
./ZXPSignCmd -selfSignedCert US NY MyCompany MyCommonName abc123 MyCert.p12
Once you have a signed, verified certificate from the previous step, you are ready to create a signed pacakge. In order to conform to the Adobe Exchange requirements or distribute using the Admin Console, you must create an Adobe ZXP package. If you aren't distributing on Adobe Exchange or the Admin Console, ZXP may not be required. Check with your distribution channel for details.
If your package only includes one HTML extension, you can construct your folder structure like below and include an XML file named manifest.xml inside the CSXSfolder:
And here is an example manifest.xml based on the folder structure above:
<?xml version="1.0"?>
<ExtensionManifest xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
ExtensionBundleId="com.example.extension"
ExtensionBundleVersion="1.0.0" Version="7.0">
<ExtensionList>
<Extension Id="com.example.extension.panel" Version="1.0.0"/>
</ExtensionList>
<ExecutionEnvironment>
<HostList>
<Host Name="PHXS" Version="14.0" />
<Host Name="PHSP" Version="14.0" /
</HostList>
<LocaleList>
<Locale Code="All"/>
</LocaleList>
<RequiredRuntimeList>
<RequiredRuntime Name="CSXS" Version="7.0"/>
</RequiredRuntimeList>
</ExecutionEnvironment>
<DispatchInfoList>
<Extension Id="com.example.extension.panel">
<DispatchInfo>
<Resources>
<MainPath>./client/index.html</MainPath>
<ScriptPath>./host/index.jsx</ScriptPath>
<CEFCommandLine/>
</Resources>
<Lifecycle>
<AutoVisible>true</AutoVisible>
</Lifecycle>
<UI>
<Type>Panel</Type>
<Menu>Example Extension</Menu>
<Geometry>
<Size>
<Height>500</Height>
<Width>350</Width>
</Size>
</Geometry>
<Icons/>
</UI>
</DispatchInfo>
</Extension>
</DispatchInfoList>
</ExtensionManifest>
SEE: complete version of the manifest spec
If you want to include other files and/or provide additional configurations, you must provide a configuration .mxi file, where you can specify all of the configuration details for the product, such as where to install files, which applications are supported, and so on. See below for the recommended folder structure:
And here is an example id.xml based on the folder structure above:
<?xml version="1.0" encoding="UTF-8"?>
<macromedia-extension
id="id"
icon="icon.png"
name="Example Package"
requires-restart="true"
version="1.0.0">
<author name="AUTHOR NAME"/>
<description>
<![CDATA[YOUR DESCRIPTION]]>
</description>
<ui-access>
<![CDATA[YOUR INSTRUCTION]]>
</ui-access>
<license-agreement>
<![CDATA[YOUR LICENSE AGREEMENT]]>
</license-agreement>
<products>
<product familyname="Photoshop" version="13"/>
</products>
<files>
<file source="Extension/html.zxp"
destination=""
file-type="CSXS"
products="Photoshop,Photoshop32,Photoshop64"
minVersion="14.0" />
<file source="PSD/"
destination="$Downloads"
file-type="ordinary"
products="Photoshop,Photoshop32,Photoshop64"
minVersion="14.0" />
</files>
</macromedia-extension>
SEE: Configuration File Reference
If you want more information and step-by-step guide, read How to Customize Your Adobe Creative Cloud Extension Package.
Once you have the input directory ready, run the following command to finish packaging:
ZXPSignCmd -sign <inputDir> <outputZxp> <p12> <p12Password> [options]
| Parameters | Description |
|---|---|
| inputDir | The path to the folder containing the source files to package. |
| outputZxp | The path and file name for the ZXP package. |
| p12 | The path and file name for the signed certificate. |
| p12Password | The password for the certificate. |
| options(tsa) | -tsa <timestampURL> The timestamp server. Examples:http://time.certum.pl/ http://timestamp.comodoca.com/rfc3161 |
Example
./ZXPSignCmd -sign myExtProject myExtension.zxp MyCert.p12 abc123 -tsa http://time.certum.pl/
Note that ZXPSignCmd does not verify the content of your extension but only verifies the signature of your ZXP package.
Run the following command to verify the signature:
ZXPSignCmd -verify <zxp>|<extensionRootDir> [options]
| Parameters | Description |
|---|---|
| zxp | The path and file name for the ZXP package. |
| extensionRootDir | The path to the folder containing the deployed ZXP |
| options(certinfo) | -certinfo If supplied, prints information about the certificate, including timestamp and revocation information. |
| options(skipOnlineRevocationChecks) | -skipOnlineRevocationChecks If supplied, skips online checks for certificate revocation when -certinfo is set. |
| options(addCerts) | -addCerts <cert1> <cert2> ... If supplied, verifes the certificate chain and assesses whether the supplied DER-encoded certificates are included. |
Example
./ZXPSignCmd -verify myExtension.zxp -certinfo
*********** Certificate Information ***********
CN: MyCommonName
OU:
DN: /C=US/ST=NY/O=MyCompany/CN=MyCommonName
OS Trusted: false
Revoked: false
Timestamp: Valid and within certificate validity dates at time of signing
Signing Certificate: Valid (from 2018-04-02 until 2029-06-19)
***********************************************
Note: You can check the validity of your timestamp like above
There are numerous options for developers to distribute extensions. In this section, we'll note two options preferred by Adobe. If you opt for another method of distributing, check with that distribution channel for details.
You can distribute your package to the public via the Adobe Exchange where Adobe users can download your extension. In order to list your extension, visit the Exchange Producer Portal. If you need further help, check out the Adobe Exchange Producer Portal.
The enterprise console allows you to bundle extensions into the deployment package. This means installation of your Creative Cloud applications and installation of your extensions happens as part of a single deployment process. Please take a look at the following steps:
- Login to the enterprise console
- Navigate to "Packages" tab at the top
- Click "Create a Package"
- Select "Managed Package" and click "Select"
- Configure your package and click "Next" (make sure to check "Create a folder for extensions & include the Extension Manager command line tool")
- Include any other Adobe host applications if necessary and click "Next"
- Enter the package name and click "Build Package"
- Your browser will automatically download the package when ready. If not, click on your package name and click "Download"
- Unzip the donwloaded zip file (Note: if you are using MacOS, make sure to unzip it using the MacOS built-in Archive Utility)
- Open the unzipped folder and navigate to the
Buildfolder - Right click on the
YOUR_PACKAGE_NAME.pkgfile and select "Show Package Content" - Navigate to
Contents > Resources > post > addon > ZXP - Save your
.zxpfile in this folder - Navigate back to
YOUR_PACKAGE_NAME.pkgand double-click the.pkgfile. Installation process will kick-off
Adobe Exchange is a marketplace where you can upload and download extensions, custom tags, scripts, content, and other items that extend the functionality of Adobe applications. In order to download a Adobe Exchange hosted product, simply follow the instructions below:
- Visit https://exchange.adobe.com/creativecloud.html
- Choose the marketplace (Creative Cloud / Experience Cloud / Document Cloud)
- Choose the product that fits your need
- Click on the "Buy" or "Free" button, depending on whether the product is free or not
- The product will be downloaded in the appropriate location (Note that the download location is specified in the ZXP package. Most sellers include the download location in the "Where To Find It" section)
-
Download
ExManCmd- Download the Extension Manager Command Line tool (ExManCmd) from the following locations (You can use the command line to perform various operations you would normally perform in the Extension Manager workspace):- ExManCmd - Mac: https://www.adobe.com/go/ExManCmdMac
- ExManCmd - Windows: https://www.adobe.com/go/ExManCmdWin
-
Unzip the
ExManCmdtoolkit - Unzip the downloaded toolkit and have theExManCmdfile available for use in the next step. -
Install the package - You can easily install/uninstall the package using the available commands in
ExManCmd. Refer to Extension Manager command-line basics for more details.ExManCmd --install <zxpPath>Example
./ExManCmd --install ~/Documents/myExtension.zxpIf you get an error, see the extensions installation error codes and description for more information.
Anastasiy’s extension manager is a third-party developed tool that can help you install extensions packaged in .zxp format.
-
Download and install Anastasiy’s extension manager Visit Anastasiy's extension manager download page and follow the instructions.
After the installation is completed, your extension will be stored at the root level of the extension folder (Note that the root extension folder location is different depending on which OS you use. See CEP Cookbook for more details.)