Android app Signature

To sign?

So many people develop Android, it is entirely possible that everyone will put the class name and package name into the same name. How can we distinguish this time? Signatures are differentiated at this time.

Because the developer may use the same package name to confuse and replace the installed program, the signature can ensure that the same name is used, but the packages with different signatures are not replaced.

If an APK uses a key signature, the file with the other key signature cannot be installed or overwrite the old version at the time of release, which can prevent your installed application from being overwritten or replaced by malicious third parties.

In this way, the signature is actually the developer's identity. When a transaction is rejected, the signature can prevent it from happening.

 

Signature considerations

• All Android applications must have digital signatures, and there are no applications without digital signatures, including those running on simulators. Android does not install applications without digital certificates.
• The signed digital certificate does not need to be authenticated by an authority. It is a digital certificate generated by the developer, that is, a self-signed certificate.
• In the simulator development environment, programs uploaded through the ADB interface during development will be automatically signed with the debug permission before being passed to the simulator. As shown in, the eclipse menu window-> preferences-> Android-> build shows our default signature Digital Certificate for debugging.

• When officially releasing an Android Application, you must use a digital certificate generated by the appropriate private key to sign the program. You cannot use the debugging certificate generated by the ADT plug-in or ant tool to publish the application.
• Digital Certificates are valid. Android only checks the validity period of the certificate when the application is installed. If the program has been installed in the system, the normal functions of the program will not be affected even if the certificate expires.
• Use the zipalign optimization program after signing.
• Android uses a digital certificate to identify the author of an application and establish a trust relationship between the application, rather than deciding which applications the end user can install.

Signature MethodMethod 1: Use the eclipse Tool

This method is applicable to android1.5 and later versions.

Step 1: Open eclipse-> select the project you want to sign-> right-click-> Android tools-> export signed Application Package

Step 2: In the displayed window, confirm whether the project is to be signed, and then select next:

Step 3: In the export Android Application step, if we already have a keystore, select an existing one. Otherwise, create a new one.

As follows, select the directory where you want to save the Certificate file and a password for the Certificate file.

Step 4. After clicking Next, we need to fill in the basic information of the keystore, such as, alias, password, validity period, name, organization, organization name, city, province, and country, click Next

Step 5. Select the Save location of the signed APK. Click Finish. Note: select the final file to be generated.

Then we can see the signed APK file in the selected directory.

Method 2: Use the command line method to sign the signature.

This method is much more complicated than the previous one, but it is helpful for us to understand the APK file. Here we use keytool and jarsigner to sign the program.

Keytool is a key and certificate management tool. The jarsigner tool uses the information in the key warehouse to generate or verify the Java archive (jar) file digital signature (jar files package class files, images, sounds, and/or other digital data in one file ).

Both of these tools come with JDK, so you need to ensure that JDK is correctly installed. The environment variables are set correctly so that they can be processed using the command line.

 

Step 1: Use keytool to generate a certificate file

The following is a generated Certificate file:

E: \ projects \ cybercare.cn \ trunk \ Android \ ks2> keytool-genkey-keystore ks2.keystor
Emr-keyalg RSA-validity 10000-alias ks2.keystore
Enter the keystore password:
What is your first name and last name?
[UNKNOWN]: www.cybercare.cn
What is the name of your organization?
[UNKNOWN]: cybercare
What is your organization name?
[UNKNOWN]: Jin Chi Zhixin
What is the name of your city or region?
[UNKNOWN]: Beijing
What is the name of your state or province?
[UNKNOWN]: Beijing
What is the two-letter country code for this unit?
[UNKNOWN]: CN
CN = www.cybercare.cn, ou = cybercare, O = Jin Chi fast mail, L = Beijing, St = Beijing, c = cn correct?
[No]: Y

Enter the primary password of <ks2.keystore>
(If the password is the same as the keystore password, press Enter ):
Enter the new password again:

E: \ projects \ cybercare.cn \ trunk \ Android \ ks2>

Command parameter description:

-Genkey: generate a certificate file
-In the. keystore file of the keystore specified by keystore

-Keyalg: Algorithm for specifying the key

-Validity indicates the number of days in which the certificate is valid. Here we write 10000 days.
-Alias generation

No echo is displayed when you enter the password. You only need to enter the password. Generally, 20 digits are recommended. Do not remember to use them later,

Note:

1. CN (Common name-name and last name): in fact, this "name and last name" should be a domain name, such as localhost or blog.devep.net. Enter the name, and the domain name does not match the real operation, it will cause problems. When the browser accesses the site, a dialog box is displayed, prompting "the name on the security certificate is invalid or does not match the site name". You can choose to continue or browse the Web page. However, when you use an HTTP client to write a program for access, an exception similar to "javax. servlet. servletexception: https hostname wrong: shocould be" will be thrown.

2. When using keytool to generate a digital certificate, ensure that the names of-keystore androidapp. keystore-alias androidapp. keystore must be the same. Otherwise, the following error occurs: jarsigner: The certificate chain of androidapp. keystore cannot be found. Androidapp. keystore must reference a valid keystore key entry that contains a private key and the corresponding public key certificate chain.

 

 

For more parameter descriptions of keytool, refer to this article:

Http://www.cnblogs.com/kungfupanda/archive/2010/09/01/1815047.html

 

Step 2: export the unsigned APK File

 

Method 1: Use eclipse

Choose eclipse> Export Project> right-click Android tools> export unsigned application package

Enter the address you want to save in the select Save file directory and file name dialog box. After confirmation, the prompt message is as follows:

Method 2:

Use eclipse, select the androidmanifest. xml file in package explorer, find the overview item, and click Export the unsigned APK,

Note:

Http://www.android123.com.cn/kaifafaq/175.html provides two methods:

Directly go to the bin directory of the project folder. For example, if we use c: \ Documents and Settings \ Administrator \ workspace \ android123 \ bin \ android123.apk, the unsigned APK file is copied directly.

This method is not desirable. The APK file with the debug signature is obtained, rather than the unsigned APK file.

 

 

Step 3: Use the generated Certificate file Signature

The following is the execution result of a demo program I wrote earlier:

E: \ projects \ cybercare.cn \ trunk \ Android \ ks2> jarsigner-verbose-keystore ks2.keystore-signedjar gasbuddy_signed_00.apk gasbuddy002.apk ks2.keystore
Enter the password phrase of the keystore:
Enter the ks2.keystore key password:
Adding: META-INF/manifest. MF
Adding: META-INF/ks2_keys.sf
Adding META-INF/ks2_keys.rsa
Signing: Res/layout/active. xml
Signing: Res/layout/businessmeninfo_activitylayout.xml
Signing: Res/layout/businessmeninfo_commentinfo_layout.xml
Signing: Res/layout/businessmeninfo_commentlist_layout.xml
Signing: Res/layout/businessmeninfo_information_layout.xml
Signing: Res/layout/businessmeninfo_pointcardinfo_layout.xml
Signing: Res/layout/businessmeninfo_pointcardlist_layout.xml
Signing: Res/layout/commen_publish.xml
Signing: Res/layout/discount_gasstation_foot_layout.xml
Signing: Res/layout/discount_gasstation_head_layout.xml
Signing: Res/layout/discount_gasstation_layout.xml
Signing: Res/layout/discount_gasstation_list_activitylayout.xml
Signing: Res/layout/discount_gasstation_title_layout.xml
Signing: Res/layout/login. xml
Signing: Res/layout/Main. xml
Signing: Res/layout/menu_activitylayout.xml
Signing: Res/layout/my_point_gasstation.xml
Signing: Res/layout/my_point_gasstation_view.xml
Signing: Res/layout/nearby_gasstation.xml
Signing: Res/layout/overlay_pop.xml
Signing: Res/layout/register. xml
Signing: Res/layout/splash_layout.xml
Signing: androidmanifest. xml
Signing: resources. ARSC
Signing: Res/drawable-hdpi/bubble_background.9.png
Signing: Res/drawable-hdpi/icon.png
Signing: Res/drawable-hdpi/marker.png
Signing: Res/drawable-hdpi/u25.png
Signing: Res/drawable-hdpi/u30.png
Signing: Res/drawable-ldpi/icon.png
Signing: Res/drawable-mdpi/icon.png
Signing: classes. Dex

E: \ projects \ cybercare.cn \ trunk \ Android \ ks2>

 

For more information about jarsigner parameters, see
Http://www.android123.com.cn/androidkaifa/173.html

 

Solve problems encountered during the signing process of the android APK Project
Http://zhangkun716717-126-com.iteye.com/blog/774382

References

Android signature uses keytool and jarsigner to create an APK File
Http://www.android123.com.cn/androidkaifa/173.html

How to export an unsigned APK file?
Http://www.android123.com.cn/kaifafaq/175.html

Unable to sign jar, Android jarsigner Problem
Http://www.android123.com.cn/kaifafaq/183.html

Android signature Summary
Http://www.android123.com.cn/androidkaifa/272.html

Android Signature Details
Http://yangguangfu.iteye.com/blog/723182

Android signature APK batch file
Http://phenix.blogbus.com/logs/60336413.html

Android signature and release
Http://my.chinaunix.net/space.php? Uid = 20665441 & Do = Blog & id = 377220

Reprinted: http://www.cnblogs.com/ghj1976/archive/2011/07/18/2109381.html