Android Signature Details

Android Signature Details

In Android, all applications installed on the system must have a digital certificate used to identify the author of the application and establish a trust relationship between the application, if the protectionLevel of a permission is signature, only applications with the same digital certificate as the program where the permission is located can obtain this permission. Android uses the digital certificate-Related Mechanism of Java to add a digital certificate to apk. To understand the digital certificate of android, you must first understand the concept of the digital certificate and the digital certificate mechanism of java. The Android system requires that every application installed in the system be signed by a digital certificate, and the private key of the digital certificate is stored in the hands of the program developer. Android uses a digital certificate to identify the author of an application and establish a trusted relationship between the application, instead of deciding which applications the end user can install. This digital certificate does not need to be authenticated by an authoritative Digital Certificate Signing Authority. It is only used to authenticate the application package.

I. Multiple programs of the same developer should use the same digital certificate as much as possible, which can bring the following benefits.

(1) It is conducive to program upgrade. When the digital certificates of the New and Old programs are the same, the Android system considers the two programs as different versions of the same program. If the digital certificates of the New and Old programs are different, the Android system considers them different programs and conflicts with each other, and requires the new program to change the package name.

(2) facilitates modular design and development of programs. The Android system allows a program with the same digital signature to run in a process. The Android program regards them as the same program. Therefore, developers can develop their programs into modules, and users only need to download the appropriate modules as needed.

(3) data and code can be shared among multiple programs through permission. Android provides a digital certificate-based permission granting mechanism. Applications can share functions or data with other programs to those programs that have the same digital certificate as themselves. If the protectionLevel of a permission (permission) is signature, this permission can only be granted to programs with the same digital certificate as the package where the permission is located.

When signing a certificate, you must consider the validity period of the digital certificate:

(1) The validity period of the digital certificate must include the expected life cycle of the program. Once the digital certificate expires, the program holding the certificate cannot be upgraded normally.

(2) If multiple programs use the same digital certificate, the validity period of the digital certificate should include the estimated life cycle of all programs.

(3) Android Market requires that the digital certificates of all applications be valid until January 1, October 22, 2033.

II. The Android digital certificate contains the following key points:

(1) All applications must have digital certificates. Android does not install an application without digital certificates.

(2) the digital certificate used by the Android package can be self-Signed and does not require signature authentication by an authoritative Digital Certificate Authority.

(3) To officially release an Android app, you must use a digital certificate generated by a suitable private key to sign the app, rather than using the debugging certificate generated by the adt plug-in or ant tool for release.

(4) digital certificates are valid. Android only checks the validity period of the certificate when the application is installed. If the program has been installed in the system, the normal functions of the program will not be affected even if the certificate expires.

(5) Android uses the standard java tool Keytool and Jarsigner to generate a digital certificate and sign the application package.

6) use the zipalign optimization program.

The Android system does not install and run any unsigned apk program, whether on a simulator or on a physical device. Android development tools (ADT plug-ins and Ant) can help developers sign the apk program in two modes: debug mode) and release mode ).

In the debugging mode, the android development tool uses the digital certificate used for debugging to sign the program at each compilation. Developers do not need to worry about it.

To publish a program, developers need to use their own digital certificates to sign the apk package. There are two methods.

(1) Use JDK and Keytool (used to generate digital certificates) and Jarsigner (used to sign digital certificates) in the command line to sign the apk package.

(2) Use ADT Export Wizard for signature (if there is no digital certificate, you may need to generate a digital certificate ).
3. Two signature methods

First, use Keytool and Jarsigner to sign the program for versions earlier than 1.5)

Command: keytool-genkey-v-keystore android. keystore-alias android-keyalg RSA-validity 20000

In this command,-keystore ophone. keystore indicates the generated certificate, and the path can be added under the user's main directory by default);-alias ophone indicates that the certificate alias is ophone;-keyalg RSA indicates that the RSA algorithm is used; -validity 20000 indicates that the certificate is valid for 20000 days.

At this point, we will see ophone. keystore in the mutual use home directory, that is, the certificate we just created.

Method 2: Introduce the apk signature method for android 1.5 and later versions.

1. Open Eclipse-> select the project you want to sign-> right-click-> android tools-> Export signed Application package...

2. Exit the window.

 

3. If the project checks check item name is correct, click Next.
Then, jump out of the keystore selection. If there is an existing keystore file, select and enter the keystore password next to sign it.
If not, select create new keystore and then select the location where the keystore is saved, set the keystore password, and click Next.

4. Fill in the basic information of the keystore, such as, alias, password, validity period, name, organization, organization name, city, province, and country. Click Next

5. Select the Save location of the signed APK. Click finish.

6. You can find the corresponding signed APK file in your saved location.