I’m developing a Chrome extension that is verifying S/MIME signatures in Gmail in the browser. The extension pulls the full source code for every email the user is opening, parses it into ASN.1 / PKI.js (encryption libraries) data types, and verifies the message content against the signature.
This is fine for a purely cryptographic check of the message content, but we currently have no idea of knowing if the certificate authority that issues the signer’s certificate is a trusted one.
To my question: Is there any way for me to access Chrome’s certificate store for trusted authorities from a background script? I’m only looking to read the certificates so I can pass them into the PKI.js encryption library as the set of trusted root CAs.
I’m also aware of OCSP checks to see if the signer certificate has been revoked or not. This is on the road map.