Android Application Signature

Source: Internet
Author: User

Android Application Signature

 

The Android system requires that all programs be installed with digital signatures. If no digital signature is available, the system will not install and run this program, whether it is a simulator or a real mobile phone. Therefore, before running the debugging program on a device or simulator, you must set a digital signature for the application. The Android system only tests the validity period of the signature certificate during installation. If the application signature expires after installation, the application can still be enabled normally.

Android uses a digital signature to identify the author of an application and establish a trust relationship between the application. It is not used to determine whether users can install the application. The android signature is completed by the application author and does not need to be authenticated by an authoritative Digital Certificate Signing Authority. It is only used to authenticate the application package.

Default debug Key signature

When you use Eclipse for packaging and testing, ADT automatically uses the debug key to sign the application. The debug key is a file named debug. keystore, which is located on the computer:

/UserName/. Android/debug. keystore, where userName is the user name of the computer.

The apk package under the bin directory of the project uses the debug key as the signature package, so theoretically this package cannot be used for online release.

Generate a key signature

The entire process involves several tools:

  • Use keytool to generate and modify digital certificates.
  • Jarsigner uses a digital certificate to sign the apk file. jdk Tool
  • Zipalign optimizes the signed apk to improve interaction efficiency with the Android system.

    The simplest method is to directly use the Eclipse function to complete this series of operations:

    Right-click the project and choose Android Tools> Export signed Application package. Select the existing keystore signature and create a new keystore signature. There are several key information to remember:

    • Storepass: keystore password (multiple keys can exist under a keystore, which is the first-level password of the keystore)
    • Alias: each key corresponds to an alias name.
    • Keypass: master password of a single key

      Enter the correct keystore information to output a packaged apk package.

      What should I do if I mistakenly use the application released by debug. keystore?

      That's right... I am talking about myself.

      Problems

      During the first release, copy the apk package from the bin directory and release the package. In this way, the debug. keystore signature is used and the application is launched. I think this happens because I do not know much about the details of the Android Application signature.

      After discovery, you want to use a self-generated "regular" keystore to update the application. Because the keystore is changed, the signature of the installation package changes. When you update an application, an error is reported during installation. During the installation process, the system detects that the program signature is inconsistent and considers the installation package to be risky (possibly tampered with). If the installation fails, uninstall the original application and reinstall it. This is a serious problem !!!

      Solution

      One word, change it !!!

      Find the debug. keystore file. In fact, you only need to save the. keystore file. In the future, it will be okay to use the default key for application signature and update. There is no problem at all. The default password is a bit insecure.

      The default debug. keystore information is:

      Alias: androiddebugkey

      Storepass & keypass: andriod

      You only need to use keytool to change alias, storepass, and keypass of debug. keystore to the value we want.

      Modify alias:

      keytool -changealias -alias your-very-very-long-alias -destalias new-alias -keypass keypass -keystore /path/to/keystore -storepass storepass

      Modify storepass:

      keytool -storepasswd -keystore /path/to/keystoreEnter keystore password:  changeitNew keystore password:  new-passwordRe-enter new keystore password:  new-password

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.