McCoy

  • Revision slug: McCoy
  • Revision title: McCoy
  • Revision id: 75496
  • Created:
  • Creator: Mossop
  • Is current revision? No
  • Comment Initial overview

Revision Content

McCoy is an application that allows add-on authors to provide secure updates to their users. Periodically applications look for and install updates to their add-ons. It is important that the update information retrieved has not been tampered with since being written by the add-on author. Specifically it focuses on the process of digitally signing update manifests so the applications can verify the integrity of a manifest retrieved over normally insecure channels.

If you want to learn about the technical details of McCoy then visit the project wiki.

Installing McCoy

To use McCoy you need to download and install it. McCoy is provided in the standard package for your operating system, just extract it where you like and run it.

  • (Windows)
  • (Linux)
  • (Mac OSX Universal)

Uninstalling McCoy

To uninstall McCoy simply delete the applications files. The cryptographic keys and other McCoy data are kept in a profile folder separate from the application so you can uninstall and reinstall without losing your precious keys.

Backing Up Data

If you need to backup your data or move it from one machine to another you need to take a copy of the profile folder. This is located in:

  • C:\Documents and Settings\<user name>\Application Data\Mozilla\McCoy (Windows 2000/XP)
  • C:\Users\<user name>\AppData\Roaming\Mozilla\McCoy (Windows Vista)
  • ~/.mozilla/mccoy (Linux)
  • ~/Library/Application Support/McCoy (Mac OSX)

Running McCoy

To run McCoy simply run the mccoy executable (or the McCoy application on OSX). The first time it runs it will ask you to create a master password. It is strongly recommended that you use a password to protect your McCoy data. Once you have a password set you can change it from the Keys menu and you will have to enter it each time you run McCoy.

Signing Update Manifests

Before you Release your Add-on

In order to verify the update manifests applications need to already have information from you for how to verify it. This is in the form of the public part of a cryptographic key included in the original add-on you release.

The first step is to create a cryptographic key. Simply click the Create toolbar button or select Create Key from the Keys menu. You should give the key a name that will remind you what you are using it for. It is up to you how you use your keys, either using one key for all add-ons or one key per add-on would seem sensible choices.

Once you have a key you need to add it's public part to your add-on's install.rdf file. The simplest way to do this is to select the key then click the Install toolbar button. You must then locate your install.rdf for McCoy and the public part of the key will be added directly to the file. The file will be overwritten so take a backup if you need to.

You can then include this install.rdf in your add-on's xpi and release it.

If you wish to manually add the public key to the install.rdf you can right click the key, select Copy Public Key and then add it to the file as an updateKey entry.

Releasing an Update

Once you are ready to release an updated version of your add-on you must create yourself an update.rdf file. You need to use McCoy to sign this file so that the application can verify that it really came from you. Simply select the key you originally added to the add-on's install.rdf, then click the Sign toolbar button, select your update.rdf file and the data in it will be signed. It is important to note that if you change any information in the update file then it must be resigned.

The signing is RDF aware which means that if you reorganised the XML in the file into a more human readable form but the RDF data remained the same then the signature would still be valid.

Revision Source

<p>McCoy is an application that allows add-on authors to provide secure updates to their users. Periodically applications look for and install updates to their add-ons. It is important that the update information retrieved has not been tampered with since being written by the add-on author. Specifically it focuses on the process of digitally signing update manifests so the applications can verify the integrity of a manifest retrieved over normally insecure channels.
</p><p>If you want to learn about the technical details of McCoy then visit the <a class="external" href="http://wiki.mozilla.org/McCoy">project wiki</a>.
</p>
<h2 name="Installing_McCoy">Installing McCoy</h2>
<p>To use McCoy you need to download and install it. McCoy is provided in the standard package for your operating system, just extract it where you like and run it.
</p>
<ul><li> (Windows)
</li><li> (Linux)
</li><li> (Mac OSX Universal)
</li></ul>
<h2 name="Uninstalling_McCoy">Uninstalling McCoy</h2>
<p>To uninstall McCoy simply delete the applications files. The cryptographic keys and other McCoy data are kept in a profile folder separate from the application so you can uninstall and reinstall without losing your precious keys.
</p>
<h2 name="Backing_Up_Data">Backing Up Data</h2>
<p>If you need to backup your data or move it from one machine to another you need to take a copy of the profile folder. This is located in:
</p>
<ul><li> C:\Documents and Settings\&lt;user name&gt;\Application Data\Mozilla\McCoy (Windows 2000/XP)
</li><li> C:\Users\&lt;user name&gt;\AppData\Roaming\Mozilla\McCoy (Windows Vista)
</li><li> ~/.mozilla/mccoy (Linux)
</li><li> ~/Library/Application Support/McCoy (Mac OSX)
</li></ul>
<h2 name="Running_McCoy">Running McCoy</h2>
<p>To run McCoy simply run the mccoy executable (or the McCoy application on OSX). The first time it runs it will ask you to create a master password. It is strongly recommended that you use a password to protect your McCoy data. Once you have a password set you can change it from the <code>Keys</code> menu and you will have to enter it each time you run McCoy.
</p>
<h2 name="Signing_Update_Manifests">Signing Update Manifests</h2>
<h3 name="Before_you_Release_your_Add-on">Before you Release your Add-on</h3>
<p>In order to verify the update manifests applications need to already have information from you for how to verify it. This is in the form of the public part of a cryptographic key included in the original add-on you release.
</p><p>The first step is to create a cryptographic key. Simply click the <code>Create</code> toolbar button or select <code>Create Key</code> from the <code>Keys</code> menu. You should give the key a name that will remind you what you are using it for. It is up to you how you use your keys, either using one key for all add-ons or one key per add-on would seem sensible choices.
</p><p>Once you have a key you need to add it's public part to your add-on's install.rdf file. The simplest way to do this is to select the key then click the <code>Install</code> toolbar button. You must then locate your install.rdf for McCoy and the public part of the key will be added directly to the file. The file will be overwritten so take a backup if you need to.
</p><p>You can then include this install.rdf in your add-on's xpi and release it.
</p>
<div class="note">If you wish to manually add the public key to the install.rdf you can right click the key, select <code>Copy Public Key</code> and then add it to the file as an <a href="en/Install.rdf#updateKey">updateKey</a> entry.</div>
<h3 name="Releasing_an_Update">Releasing an Update</h3>
<p>Once you are ready to release an updated version of your add-on you must create yourself an <a href="en/Extension_Versioning%2c_Update_and_Compatibility#Update_RDF_Format">update.rdf</a> file. You need to use McCoy to sign this file so that the application can verify that it really came from you. Simply select the key you originally added to the add-on's install.rdf, then click the <code>Sign</code> toolbar button, select your update.rdf file and the data in it will be signed. It is important to note that if you change any information in the update file then it must be resigned.
</p>
<div class="note">The signing is RDF aware which means that if you reorganised the XML in the file into a more human readable form but the RDF data remained the same then the signature would still be valid.</div>
Revert to this revision