Copy link to clipboard
Copied
I am working on building an HTML5 extension for InDesign CC 2015. I bundle the extension with Extension Builder 3 into a zxp file; which upon installing unpacks to HTML pages and js and css files into the install location on my Mac (/Library/Application Support/Adobe/CEP/extensions/MyExtension). My concern is, this way, my extension can be easily modified or reverse-engineered. How do I encrypt my extension before sending it to the customers so that my code is not wide open in front of them?
Copy link to clipboard
Copied
It depends on what languages you built your extension with. There are three methods:
1. encryption. The file disencrypts on the fly when used, but the contents can't be viewed in a readable way.
2. Calling home. The code must ping your server for authentication. Your server may contain critical code or variables.
2. Write the extension in a language that can be compiled.
Copy link to clipboard
Copied
Hi Rob,
Thanks for the reply. We have an API layer in between which hides my database and performs the authentication on every operation. So, I am using "calling home" approach. But my extension, which is written in HTML5 (most of the business logic is in JavaScript and presentation is in HTML and CSS), still exposes some coding secrets (like admin username and password are in the extension code for performing the authenticate-user operation plus I want to hide how I have coded certain things). Can you please elaborate the other two options you mentioned - file decryption on the fly (how can I do that and which language) and writing extension in a language that can be compiled (I can not use actionscript as CC 2015 applications do not support Flex/Flash extensions anymore so which other languages are my options)?
Copy link to clipboard
Copied
ZendGuard is one of many products that will encrypt PHP code (option 1). Java is a compiled language (option 3) but I don't know what you would need to do to keep it from being reverse-engineered.
Of course if the javascript/html contains the information you wish to hide, you are out of luck. You would have to rethink your whole approach.
I do not use any of the methods I mentioned. My back end PHP code is hosted on my server where no one else has access to it.
Copy link to clipboard
Copied
Okay. I will look into encrypting tools. But again, I want to encrypt HTML / JS / CSS pages, not sure if there are many options out there.
As far as I know, Java is not an option for writing extension for InDesign CC 2015. I have written an extension targeting InDesign CC 2014 and earlier versions in actionscript but InDesign CC 2015 does not support Flash / Flex extensions anymore so HTML5 is the only option. In fact, I am porting the same extension so that it is supported by InDesign CC 2015. Ref.: https://github.com/Adobe-CEP/CEP-Resources
My problem is, I could not find a reliable way to encrypt my extension code.
My API layer is coded in Java and hidden from outside world.
Copy link to clipboard
Copied
I want to encrypt HTML / JS / CSS pages
I guess this wasn't clear before. Do you mean HTML, JS and CSS that is intended to be rendered by a browser? That would of course be impossible. I thought you were talking about the code that creates the HTML, JS and CSS.
Copy link to clipboard
Copied
No, the pages are not intended to be rendered in a browser. I am writing extension for InDesign and it will be rendered within InDesign application. Anyhoo.. I guess I will keep looking. Thanks for the replies.