Android digital signature parsing (III)

Source: Internet
Author: User
Tags begin rsa private key pk12 pkcs12

When learning about android digital signature, the keystore, x509, key pair, and debug. keystore headers appear in the document.
Turn, after a period of understanding, finally understand some.

I. Generate a key pair using the make_key script
The tool make_key (under the development/tools/directory) in the android source code can be used to generate an RSA key pair.

./Make_key test '/C = CN/ST = SH/L = SH/O = TEST/OU = TEST/CN = Test'

Run the preceding commands to generate the key pairs test. pk8 and test. x509.pem. In this command,/C indicates "Country Code",/ST indicates "State orProvince", And/L indicates "City or
Locality,/O indicates "Organization",/OU indicates "Organizational Unit", And/CN indicates "Name ".

The key code in the make_key script is as follows:

 
( openssl genrsa -f4 2048 | tee ${one} > ${two} ) &openssl req -new -x509 -sha1 -key ${two} -out $1.x509.pem \  -days 10000 -subj "$2" &if [ "${password}" == "" ]; then  echo "creating ${1}.pk8 with no password"  openssl pkcs8 -in ${one} -topk8 -outform DER -out $1.pk8 -nocryptelse  echo "creating ${1}.pk8 with password [${password}]"  echo $password | openssl pkcs8 -in ${one} -topk8 -outform DER -out $1.pk8 \    -passout stdin

In fact, the main use of openssl to achieve, openssl is a powerful command, to understand openssl, can refer to Baidu encyclopedia http://baike.baidu.com/view/300712.htm? Fr = aladdin

Ii. keytool generation key
Android digital signature parsing (1) describes how to use keytool to generate a key,

Keytool-genkey-alias test. keystore-keyalg RSA-validity 10000-keystore test. keystore

Keytool is a built-in JDK tool. some third-party application developers use keytool to Generate Keys because they do not have the Android source code environment.


3. Convert the key pair generated by make_key into the key in the keystore

1. Convert the private key in pkcs8 format to pkcs12 format:
Openssl pkcs8-in test. pk8-inform DER-outform PEM-out test. priv. pem-nocrypt

2. Generate a key file in pkcs12 format:
Openssl pkcs12-export-in test. x509.pem-inkey test. priv. pem-out test. pk12-name testkey

3. Generate a keystore:
Keytool-importkeystore-deststorepass android-destkeypass android-destkeystore test. keystore-srckeystore shared. pk12
Srcstoretype PKCS12-srcstorepass android-alias testkey

In this way, a keystore file named test. keystore is generated, and you can use this file to sign the apk.

4. Convert the key in the keystore to the key pair
1. Convert the keystore file to pkcs12 format
Keytool-importkeystore-srckeystore test. keystore-destkeystore test. p12-srcstoretype JKS-deststoretype PKCS12

2. dump pkcs12 File
Openssl pkcs12-in test. p12-nodes-out test. rsa. pem

3. Open test. rsa. pem in text format, and copy the content between "begin certificate" and "end certificate" to a file.
Test. x509.pem, that is, the Public Key
4. Copy the content between "begin rsa private key" and "end rsa private key" to a file test. rsa. pem, and then run the following command:
Openssl pkcs8-topk8-outform DER-in test. rsa. pem-inform PEM-out test. pk8-nocrypt

In this way, test. x509.pem and test. pk8 are generated.





Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.