Firefox 3 will introduce a new mechanism to ensure update urls are safe.
Every update url used into extension’s manifest must use httpS certified sites.
Due to the fact not all developers can buy certificate or use httpS site a second mechanism allows to sign extension and server update file.
I host my extensions on Sourceforge but Sourceforge doens’t support https so I decided to sign extensions.
Mozilla guys had created McCoy an useful UI from which you can generate public keys and sign files.
McCoy UI doesn’t fit my automated xpi creation process, I prefer a command line approach 😉
Well, Star Trek’s Dr. McCoy has a good friend, the vulcanian Mr. Spock 🙂
Now you can create public keys from cool McCoy UI and complete process from command line with Spock.
Read more at hyperstruct