How to check the authenticity of a Chrome extension?

Question

The Context:

• You have a web server which has to provide an exclusive content only if your client has your specific Chrome extension installed.
• You h

Answer 1

I would suggest to do something similar to what Git utilises(have a look at http://git-scm.com/book/en/Git-Internals-Git-Objects to understand how git implements it), i.e.

Creating SHA1 values of the content of every file in your chrome-extension and then re-create another SHA1 value of the concatenated SHA1 values obtained earlier.

In this way, you can share the SHA1 value with your server and authenticate your extension, as the SHA1 value will change just in case any person, changes any of your file.

Explaining it in more detail with some pseudo code:

function get_authentication_key(){

    var files = get_all_files_in_extension,
        concatenated_sha_values = '',
        authentication_key;

    for(file in files){
        concatenated_sha_values += Digest::SHA1.hexdigest(get_file_content(file));
    }

    $.ajax({
  url: 'http://example.com/getauthkey',
  type: 'post'
  async: false,
  success:function(data){
         authentication_key = data;
  }
    })

    //You may return either SHA value of concatenated values or return the concatenated SHA values
    return authentication_key;  
}

// Server side code
get('/getauthkey') do
    // One can apply several type of encryption algos on the string passed, to make it unbreakable
authentication_key = Digest::.hexdigest($_GET['string']);
return authentication_key;
end

This method allows you to check if any kind of file has been changed maybe an image file or a video file or any other file. Would be glad to know if this thing can be broken as well.