Google Chrome - Alphanumeric hashes to identify extensions

To be precise, it's the first 128 bits of the SHA256 of an RSA public key encoded in base 16.

Another random bit of trivia is that the encoding uses a-p instead of 0-9a-f. The reason is that leading numeric characters in the host field of an origin can wind up being treated as potential IP addresses by Chrome. We refer to it internally as "mpdecimal" after the guy who came up with it.


Chromium generates the id via public key. If you use the extension gallery, they handle all that for you.

From the source:

bool Extension::GenerateId(const std::string& input, std::string* output) {
  CHECK(output);
  if (input.length() == 0)
    return false;

  const uint8* ubuf = reinterpret_cast<const unsigned char*>(input.data());
  SHA256Context ctx;
  SHA256_Begin(&ctx);
  SHA256_Update(&ctx, ubuf, input.length());
  uint8 hash[Extension::kIdSize];
  SHA256_End(&ctx, hash, NULL, sizeof(hash));
  *output = StringToLowerASCII(HexEncode(hash, sizeof(hash)));
  ConvertHexadecimalToIDAlphabet(output);

  return true;
}

Take a look at extension.cc file it has more detailed information such as generating the .pem file exncoding/decoding, etc.