Android Signature Summary

Ext.: http://www.cnblogs.com/wanqieddy/p/3556060.html

Signapk.jar and Eclipse Export plugin default gives the program a debug permission signature

Signapk.jar contains system permissions (Systems API, permission), and the Eclipse export plugin defaults to the signature of the program with a debug permission.

D:\work_feixun\galleryback>java-jar Signapk.jar Platform.x509.pem platform.pk8 D:\work_feixun\Gallery2\bin\ gallery.apk gallery_signed.apk

Note:

Signapk.jar is located in Out/host/linux-86/framework/signapk.jar

Platform.x509.pem Platform.pk8 is located in Build/target/product/security/platform.x509.pem, PLATFORM.PK8

gallery.apk generation, first Project->clean in Eclipse, then run->android application. GALLERY.APK is generated in the bin directory.

At last
D:\work_feixun\galleryback>java-jar Signapk.jar Platform.x509.pem platform.pk8 D:\work_feixun\Gallery2\bin\ gallery.apk gallery_signed.apk

This includes a signature with system permissions APK is complete.

I appear when I add Android.permission.WRITE_MEDIA_STORAGE in Androidmanifast

Permission is only granted to system apps.

from:http://blog.csdn.net/tangmin0719/article/details/8916417

First, why to sign

With so many people developing Android, it's entirely possible that we all put the class name, the package name, in the same name, how do you differentiate it? Signature is a distinguishing function.

Since the developer may be confused by using the same package name to replace the installed program, the signature can guarantee a considerable name, but the signature of different packages is not replaced.

APK If you use a key signature, a file signed by another key when it is published will not install or overwrite the old version, preventing your installed app from being overwritten or replaced by a malicious third party.

This signature is actually a developer's identity. When something happens in a transaction, a signature can prevent it from happening.

Ii. Notes on Signature

The Android system requires all programs to be digitally signed to install, and if no digital signatures are available, the system will not be allowed to run the program. Whether it's a simulator or a real phone. Therefore, you must set up a digital signature for the application before running the debugger on the device or on the emulator.

Android signed digital certificates do not require authority to authenticate, is the developer's own production of digital certificates, known as self-signed. Digital certificates are used to identify the author of an application and to establish a trust relationship between applications, rather than to determine which applications the end user can install.

The system will only test the validity period of the signing certificate when it is installed, and if the application's signature expires after installation, the application can still be enabled normally.

You can use the standard tools-keytool and jarsigner-to generate a key to sign the application's. apk file.

Use the Zipalign optimizer after signing.

Simulator development environment, the development of the program through the ADB interface upload will be automatically signed with the debug permission before passing to the emulator. The Eclipse menu is displayed under Windows---Preferences-android–>, our default signing digital certificate for debugging.

When you publish an Android app, you must use a digital certificate generated by a suitable private key to sign the program and not be published using the ADT plugin or the debug certificate generated by the Ant tool.

Third, signature method:

1. Sign with the Keytool and Jarsigner tools (in the Jdk/bin directory)

1. Generate Signature KeyStore:

Make sure the JDK is installed on your computer, as we will use the JDK's own tool, Keytool, to create and manage digital certificates. Enter the following command at the command line:

Keytool-genkey-v-keystore app.keystore-alias alias_name-keyalg rsa-validity 20000

-alias followed by an alias, and this is alias_name.
-keyalg is the encryption method here is RSA
-validity is valid here is 20000
-keystore is the name of the KeyStore to be generated here is App.keystore
and press ENTER.
Press ENTER to first prompt you to enter the password: This is used in the signature, to remember
Then we'll confirm your password.
You will then be asked to enter your name, organizational unit, organization name, city area, province name, Country code (CN), and so on.

For detailed parameters of Keytool, please refer to:

Http://www.android123.com.cn/androidkaifa/173.html

2. Signature:

Jarsigner-verbose-keystore App.keystore-signedjar app_signed.apk app.apk alias_name
Name of the-keystore:keystore
-signedjar app_signed.apk: Specifies the name of the APK generated after the signature
APP.APK: Target apk
Then press ENTER: Will ask for the password that you just set, enter and press ENTER to start signing.

3. View Signature:

Jarsigner-verify app_signed.apk

Check whether the signature will print "jar verified" if it is already signed.

Jarsigner-verify-verbose-certs app_signed.apk

View signature details.

4. Optimize with Zipalign tool APK (Android comes with the tool,./build/tools/zipalign)

Zipalign-v 4 app_signed.apk androidres.apk apk optimizer

Zipalign-c-V 4 androidres.apk see if APK is optimized

2. signing with the Eclipse ADT tool
In the Package Explorer window, right-click on the Android Tools--->export signed application package and follow the prompts to generate the signed apk in step-by-step. You can also export an unsigned apk file via eclipse.

Note: You need to enter the password two times, the first time is the private key password, the second time the password of the private key alias.

3.eclipse automatic signature in debug mode (no manual configuration required):

Using Eclipse's ADT to sign Android in debug mode, the system will automatically sign and optimize the APK as long as the application is developed under Eclipse.

In eclipse Windows > Preferences > Android > Build you can see the location of your keysotre;

Iv. generating the Android system signature

The above-mentioned Android digital signatures are mostly related to Android apk, and when doing CTS authentication, you need to use the Android system signature. Why do I need to sign an Android system for CTS certification? It turns out that the system.img we compiled with MAKE-J4 is using Test key, which is only for the development phase, and the secret key is public and can be used by anyone. When you publish an Android product, you need to sign the entire system separately to prevent it from being stolen by others. This system is the release version of the Android system.

1. Generate the encrypted key file

To sign an Android system, you need to generate four types of key files.

A) Releasekey (TestKey)

b) Media

c) gkfx

D) Platform

1) Enter the/android_src/development/tools directory.

2) Use the Make_key tool to generate the signature file. You need to generate releasekey,media,shared,platform separately.

./make_key Releasekey '/c=cn/st=jiangsu/l=nanjing/o=company/ou=department/cn=your Name/emailAddress= Youre-mailaddress ' (the system will be prompted to enter a password for various keys, follow the prompts to enter it)

The RELEASEKEY.PK8 and Releasekey.x509.pem files are generated, where *.PK8 is the generated private key, and *.X509.PEM is the public key, which is generated when both are paired.

Note: If Openssl:relocation Error:openssl:symbol appears ... Try to execute the command with sudo, the problem is solved!

2. Go back to the root directory android_src.

Command execution is best done at the root of the project, otherwise the script will not be used to find some files.

3. Compiling the System

Make-j4 Product-generic-user Dist

Where generic indicates that the generated target_product type is generic,

User represents target_build_variant as the user version.

After the compilation is completed, a zip file that starts with Product_generic-user_files is generated in the android_src/dist/directory. This is the filesystem we need to sign.

4. Start signing

./build/tools/releasetools/sign_target_files_apks-d Key_directory/out/dist/product_modul-target_files.zip out/ Dist/signed_target_files.zip

Complete the signing of your Android system with SIGN_TARGET_FILES_APKS scripts.

key_directory/represents the directory where key is located.

Out/dist/product_modul-target_files.zip the source file.

Out/dist/signed_target_files.zip generates a signed target file.

May appear:

Error:no key specified for:
calendarwidget.apk
contacts_yellowpage.apk
snsappmain.apk

This indicates that the signature did not succeed because some APK programs have already been signed or the corresponding key cannot be found. This requires that we filter the APK settings and not sign the app above. The method is as follows:

These applications are filtered by the parameter "-e <apkname>=".

./build/tools/releasetools/sign_target_files_apks-d key_directory/-E calendarwidget.apk=-E Contacts_ Yellowpage.apk=-E snsappmain.apk=-e out/dist/product_modul-target_files.zip out/dist/signed_target_files.zip

When you enter this command, you are prompted for the key's password, and four password entry prompts appear. The password for each of the four types of keys.

5. Generate an image file

./build/tools/releasetools/img_from_target_files Out/dist/signed-target-files.zip Signed-img.zip

The generated Igned-target-files.zip file is packaged with the Img_from_target_files command, Signed-img.zip contains the boot.img,userdate.img,system.img file, and so on.

6. Download the Signed-img.zip file via FastBoot

FastBoot Update Signed-img.zip

The signed system files can be burned to the phone via fastboot.

Five, several questions:

What is the difference between 1.make_key and keytool two ways to generate keys:

Keytool is located in the%java_home%/bin directory for managing keys, certificates, and certificate chains. The Keytool in JavaSE6 has changed and can also be used to manage keys in symmetric cryptographic algorithms. The Mykey.keystore it generates includes the public key, private key, and certificate.

Make_key is located in the Source_src/development/tools directory, generating the public and private keys by calling OpenSSH, so *.x509.pem and *.pk8 key pairs are generated.

2. Manually sign the APK using the Make_key generated key pair:

Using the Signapk.jar tool to sign the APK, usage: signapk [-W] publickey.x509[.pem] privatekey.pk8 Input.jar Output.jar

Java-jar Out/host/linux-x86/framework/signapk.jar Releasekey.x509.pem releasekey.pk8 source.zip source-signed.zip

Signapk.jar can compile themselves, the source code in the build/tools/signapk directory.

3.android source code compile make, for all application signing rules:

When compiling, the system reads the BUILD/CORE/PACKAGE.MK file and selects the corresponding signature under the build/target/product/security/directory according to the value of local_certificate. The Local_certificate value is read from each app's Android.mk file, and the default is TestKey if the attribute is not in the Android.mk file.

Vi. Common Exceptions:

1. If you encounter a zipexception invalid entry compressed size error method

The main reason is that the ADT plugin used by Eclipse has already given the digital signature of the debug permission, which we can resolve by exporting an unsigned apk file.

2. Sign with the Jarsigner tool, the jar cannot be signed: Java.util.zip.ZipException:invalid entry compressed size (expected XXX but got xxx byte s) such a hint.

These problems are mainly due to resource files, for Android development should check the Res folder files, one by one. This problem can be resolved by upgrading the JDK and JRE versions of the system.

3. Install apk during the process: Install_parse_failed_inconsistent_certificates.

Such problems are mainly caused by the signature conflict, such as you use the ADB Debug permission signature, but later using the standard sign signature and then install the same file will appear the error prompt, the solution is only to honestly uninstall the original version from the phone and then install, and adb install- The R parameter also does not solve this problem. ADB Uninstall Uninstall the original application.

Android Signature Summary