Extension RBE vs RBS encryption

I understand that rbs encrypted files are very easily cracked, and because of that the RBE encryption was introduced in 2017. I also understand that in order to prevent the RBE encryption from being cracked the encryption is done after the extension is submitted. Obviously there is no tool available that developers can use to encrypt the files themselves, because then someone could create a tool to also decrypt the files.

If I want to build an installer for my extension that includes RBE files, how can I do that? Must I submit my extension first, then download it after it goes live, just so I can get the RBE files needed to create my installer? Or is there a way that I can submit my extension, and request encryption without having it go live in the warehouse? Previously I simply published my installer using rbs files, that I could make myself.

Assuming you are a registered developer, you pack your unencrypted files in a rbz and submit it for signing and encryption at this site. The return is a new rbz including the rbs files.

1 Like

OK that is what I was looking for. Unfortunately I get this very detailed response.


OK I’m not having any luck with that. I stripped my extension down to the bare basics and it still says there are issues.

I also tried signing the basic template downloaded here, with no luck.
MyTestExtension.rbz (767 Bytes)

Any help @ene_su?

At its simplest an RBZ submitted for signing/encryption needs an RB file which ‘sets up’ the extension [or it could even be some basic Ruby code] AND a subfolder of the exact same name.
In your example you’ve put the RB in the subfolder, so it’s doomed to failure…
Move the RB & second nested subfolder into the RBZ and delete the extra subfolder…
In the RB file’s code you reference a ‘Loader’ file in the main subfolder that’s missing - it’s inside the nested subfolder.
Usually this RB is where the bones of the Ruby script go…
That nested file must be submitted as an RB and it will be returned in the RBZ back to you with it as is, or encrypted as an RBE - as you choose when submitting.
Once its successfully signed a special ‘susig’ file is also added into the subfolder, used in checking the extension’s validity as it loads…
Obviously an extension can be more complex that outlined here - e.g. several RB files ‘required’ by the Loader, image-files, html etc etc…

PS: You also need to have a extra layer of module nesting - e.g. your top-level name-space module AND then your tool’s own module within that - this omission will not break the RBZ processing, but is best practice…

:man_facepalming:t2: I even knew better… Whew!


Next question. How can I automate that? With the rbs scrambler there was a windows exe that could be downloaded. That allowed me to automate the encryption as part of the build process, when the installer was created.

Is the api documented anywhere?

@merwan made a script: https://github.com/lindale-dev/automatic-sketchup-extension-signing


Thanks. Now I have to see if I can figure that out

There is no formal API for signing extensions, but it is a known request.

1 Like

OK that works pretty well. Takes about 35 seconds on my machine.