Android signature generation and mutual transfer

Source: Internet
Author: User
Tags pkcs12

Original link: http://blog.votzone.com/2018/05/05/android_signature.html Android signatures are available in two ways, one using the Jarsigner tool signature provided by the JDK KeyStore File, and the other is Android itself provides Signapk.jar through. PK8 (key) and. X509.PEM (certificate) two signature files to complete the signature. Before the signature of a package is directly using signapk, because do not need to enter the password can be directly signed, simple and direct, today, upload Baidu encountered problems, download the signature after the document said the need to use Jarsigner to sign, so study the next two signatures between the conversion of the problem. And in order to reduce the cost of finding data after encountering such problems again, write a simple bat script semi-automated operation. Tools:After the OpenSSL installation is complete, add the bin directory to the environment variable to use the tools in the Opensslkeytool jdk/bin directory signapk.jar tools for Android signing (source code under AOSP source code) Jarsigner JDK Tool to sign the jar (or to sign any zip package) signing process of one or two different signature schemes1. Jarsigner is a tool provided by the JDK and can be used after installing the JDK, and the command using Jarsigner signature is as follows:
12345678 111. Zip TestKey

Where-verbose represents the output details-storepass represents the signature library's password-keystore represents the signature file path-signedjar represents the signature after the output file path and the file path that needs to be signed, and KeyStore alias detail parameters can be Jarsigner-help view, the Chinese is still very clear. 2. signapk is a standalone APK signature tool for Android, using the method:
111. Zip signed_out.apk

Jarsigner signature needs to provide a signature file JKs and signature library password, and if the signature library password is different from the key password also need to provide a key password, (hereinafter we call JKS signature or JKS signature library) signapk The signature only needs to provide a pk8 file and a X509.pem file. (These two documents are referred to as PK8 signature below) Ii. Convert the PK8 signature to the JKS signature libraryNext we solve the Baidu channel signature problem, the first step will need to convert our PK8 signature to JKs signature. By searching the web, we learned that the usual suffix of the Java signature Library file is. KeyStore and. JKs, so we can assume that before the Eclipse era. The KeyStore signature is in the same format as the. JKs signature of the Android Studio era. Now that we have a pk8 signature, you can use the OpenSSL and keytool two tools to merge it into the JKS signature library to incorporate the TESTKEY.PK8/TESTKEY.X509.PEM signature file into the Testkey.jks signature library as an example. and set its password 12345678 and alias TestKey a)
OpenSSL pkcs8-inform der-nocrypt-in testkey.pk8-out Testkey.pem

Decrypts the PK8 to a PEM file using open SSL, at which time a Testkey.pem file is generated

b
OpenSSL Pkcs12-export- in Testkey.x509.pem-inkey testkey.pem-out Platform.p12-password pass:12345678
    -name TestKey

Import two PEM files into the Platform.p12 file and set the alias TestKey and Keypass password: 12345678 (alias and password customizable)

will be newly generated PLATFORM.P12 c)
12345678 12345678

Use Keytool to import the previously generated PLATFORM.P12 into the TESTKEY.JKS signature and set the Storepass password (12345678)

Need to provide Keypass password correctly at this point generate the required Testkey.jks signature file D)
Keytool-list-v-keystore Testkey.jks

To view the generated signature information

Note: Storepass and keypass can be different two passwords in the same case use Jarsigner signature when only provide storepass can otherwise need to provide two password keytool-list view only provide storepass can have JKS signature Library , we signed the empty package
12345678 111. Zip TestKey

command to sign input file 111.zip as jks_out.apk by providing-stroepass (password) and alias (TestKey) Next we provide a simple bat script that generates JKS PK8 signature, which requires the configuration of the OpenSSL Keytool path in the script , and manually set the name of the file that needs to be signed. Script see the article at the end of the GitHub code base in the Cvt2jks.bat tool run directory as follows reference: 50739802 Iii. extracting pk8 signatures from the JKS signature libraryOpenSSL is able to merge the signatures of signapk with the Jarsigner signature, which can also be separated by the following steps: a)
12345678 12345678 -noprompt

First convert Testkey.jks to. p12 file, you need to enter the Srcstore password and Deststroe password during execution, which is specified in the command line by-srcstorepass and-deststorepass

b
OpenSSL pkcs12- in Testkey.p12-nodes-out Testkey_all.rsa.pem-password pass:12345678

Use the PKCS12 directive of OpenSSL to export the certificate in the P12 file.

-password pass:12345678 in order to omit after the input password step through the online tutorial, such as the code at the same time to export the key and certificate, you need to manually copy the certificate to generate. X509.PEM signature View the OpenSSL Help documentation, We know we can only export the certificate or the key, so we can only export the certificate through the-nokeys parameter
OpenSSL pkcs12- in Testkey.p12-nodes-nokeys-out Testkey.x509.pem-password pass:12345678

Exporting keys via the-cacerts parameter
OpenSSL pkcs12- in Testkey.p12-nodes-cacerts-out Testkey.rsa.pem-password pass:12345678

c) Generate PK8 according to the key file generated in B), can use TESTKEY_ALL.RSA.PEM or use TESTKEY.RSA.PEM
OpenSSL pkcs8-topk8-outform DER- in Testkey.rsa.pem-inform pem-out testkey.pk8-nocrypt

As above Testkey.pk8 and TESTKEY.X509.PEM are required to sign a simple bat script see the article at the end of the GitHub code base jks2pk8.bat File Reference 73699352 Iv. Exploring the generation of JKS signaturesWe know we can use Android Studio to build JKs, is there a command line tool Keytool can implement this operation Core command keytool-genkey-v-keystore app.jks-alias app-keyalg RS A-validity 999999 As above, specify the name of the signature file to be generated, alias and expiration Date (days) run process need to enter two password one is password password (keypass), one is the KeyStore password (storepass) can be-keypass and- Storepass specifying a simple bat script see the article at the end of the GitHub code base genkey.bat File Reference 42773745 Five, Signature case analysisCreate a JKS signature App.jks, split the JKS signature into signapk required PK8 signature, and then merge the PK8 signature back into JKS using the three signatures to sign the consent file, compare the following: The certificate is the same! PS: With command line Operation signed with Signapk.jar and Jarsigner tool Signapk.jar Signature Example Java-jar Signapk.jar testkey.x509.pem testkey.pk8 111.zip Jifei _out.apk Jarsigner Tool Signature Example Jarsigner-verbose-storepass 12345678-keystore testkey.jks-signedjar jks_out.apk 111.zip test The last TestKey of key is the alias script: Https://github.com/votzone/DroidCode/tree/master/Signature

Android signature generation and mutual transfer

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.