# Extension architecture
<a name="extension-architecture"></a>

There are two parts to the Amazon DCV Extension SDK: a `manifest` file that describes extension metadata and an `executable` that runs when the extension is activated.

There is no difference in the structure of client and server extensions.

# Extension manifest
<a name="extension-manifest"></a>

Manifest files are JSON files in the format described below. Ensure that all special characters are properly escaped with a reverse backslash. A `.json` extension is required for the manifest file.

```
{
"name": "MyExtension",
"description": "My extension longer description",
"path": "C:\\Program Files\\My Company\\My Product\\bin\\myextension.exe",
"start_on_server": true,
"start_on_client": true,
"virtual_channel_namespace": "com.company.product",
"userdata": "parameters to the extension"
}
```
+ **name** – The name for the extension that will appear in DCV logs.
+ **description** – A textual description of the extension that appears in the user interface (About dialog box).
+ **path** – The complete path to the extension executable, escaping backslashes if necessary. It is important to use the correct path notation depending on the operating system. This would be `c:\\path\\to.exe` in Windows and ` /path/to/executable` in Linux and macOS.
+ **start\$1on\$1server** and **start\$1on\$1client** – Indicates whether an extension defined by the manifest should be run on the server or client or both.
+ **virtual\$1channel\$1namespace** – This attribute specifies the namespace for virtual channels created by this extension. Although different vendors may create virtual channels with the same name, they should be in separate namespaces. Namespace 'dcv' is reserved, so it shouldn't be used.
+ **userdata** – Amazon DCV ignores this attribute, but the extension can access it via `GetManifestRequest`.

# Extension executable
<a name="extension.executable"></a>

Extension manifest files define the `executable` file spawned by Amazon DCV. Amazon DCV will exchange messages with the extension using the `stdin` and `stdout` of the extension process.
+ The Amazon DCV client starts the extension once a Amazon DCV connection is established. The executable runs in the context of the user who launched the client.
+ The Amazon DCV server starts the extension when a user logs in. The executable runs in the context of the logged-in user.

# Digital signature
<a name="digital.signature"></a>

On Windows, Amazon DCV starts only digitally signed extension executables. There is no digital signature verification on Linux and macOS. Digital signatures are verified using the `WinVerifyTrust` function with the `WINTRUST_ACTION_GENERIC_VERIFY_V2` parameter.

**Important**  
During the development, it is possible to disable the verification for testing purposes. It is advisable not to set the following registry key outside of a development environment.

Adding the following registry key will allow DCV to load unsigned extensions executables on the server:

`[HKEY_USERS\S-1-5-18\Software\GSettings\com\nicesoftware\dcv\extensions] load-policy=all `

![\[Registry Editor window showing dcv folder structure and load-policy setting.\]](http://docs.aws.amazon.com/dcv/latest/extsdkguide/images/digital-sign.jpg)


To start unsigned extensions on the client, use the following command line parameter:

`--extensions-load-policy="all"`