When learning about android digital signature, the keystore, x509, key pair, and debug. keystore headers appear in the document.
Turn, after a period of understanding, finally understand some.
I. Generate a key pair using the make_key script
The tool make_key (under the development/tools/directory) in the android source code can be used to generate an RSA key pair.
./Make_key test '/C = CN/ST = SH/L = SH/O = TEST/OU = TEST/CN = Test'
Run the preceding commands to generate the key pairs test. pk8 and test. x509.pem. In this command,/C indicates "Country Code",/ST indicates "State orProvince", And/L indicates "City or
Locality,/O indicates "Organization",/OU indicates "Organizational Unit", And/CN indicates "Name ".
The key code in the make_key script is as follows:
( openssl genrsa -f4 2048 | tee ${one} > ${two} ) &openssl req -new -x509 -sha1 -key ${two} -out $1.x509.pem \ -days 10000 -subj "$2" &if [ "${password}" == "" ]; then echo "creating ${1}.pk8 with no password" openssl pkcs8 -in ${one} -topk8 -outform DER -out $1.pk8 -nocryptelse echo "creating ${1}.pk8 with password [${password}]" echo $password | openssl pkcs8 -in ${one} -topk8 -outform DER -out $1.pk8 \ -passout stdin
In fact, the main use of openssl to achieve, openssl is a powerful command, to understand openssl, can refer to Baidu encyclopedia http://baike.baidu.com/view/300712.htm? Fr = aladdin
Ii. keytool generation key
Android digital signature parsing (1) describes how to use keytool to generate a key,
Keytool-genkey-alias test. keystore-keyalg RSA-validity 10000-keystore test. keystore
Keytool is a built-in JDK tool. some third-party application developers use keytool to Generate Keys because they do not have the Android source code environment.
3. Convert the key pair generated by make_key into the key in the keystore
1. Convert the private key in pkcs8 format to pkcs12 format:
Openssl pkcs8-in test. pk8-inform DER-outform PEM-out test. priv. pem-nocrypt
2. Generate a key file in pkcs12 format:
Openssl pkcs12-export-in test. x509.pem-inkey test. priv. pem-out test. pk12-name testkey
3. Generate a keystore:
Keytool-importkeystore-deststorepass android-destkeypass android-destkeystore test. keystore-srckeystore shared. pk12
Srcstoretype PKCS12-srcstorepass android-alias testkey
In this way, a keystore file named test. keystore is generated, and you can use this file to sign the apk.
4. Convert the key in the keystore to the key pair
1. Convert the keystore file to pkcs12 format
Keytool-importkeystore-srckeystore test. keystore-destkeystore test. p12-srcstoretype JKS-deststoretype PKCS12
2. dump pkcs12 File
Openssl pkcs12-in test. p12-nodes-out test. rsa. pem
3. Open test. rsa. pem in text format, and copy the content between "begin certificate" and "end certificate" to a file.
Test. x509.pem, that is, the Public Key
4. Copy the content between "begin rsa private key" and "end rsa private key" to a file test. rsa. pem, and then run the following command:
Openssl pkcs8-topk8-outform DER-in test. rsa. pem-inform PEM-out test. pk8-nocrypt
In this way, test. x509.pem and test. pk8 are generated.