Android Signature Knowledge Summary _android

Source: Internet
Author: User
Tags md5 sha1

Why should I sign it?

There are so many people who are developing android that it is entirely possible that the name of the class and the name of the package will be the same. A signature is a distinguishing act at this time.

Because the developer may confuse the replacement of the installed program by using the same package name, the signature can guarantee a considerable name, but the package with different signatures is not replaced.

APK If you use a key signature, a file that is signed by another key at the time of publication will not be able to install or overwrite the old version, which prevents your installed application from being overwritten or replaced by a malicious third party.

So the signature is actually the identity of the developer. A signature can prevent repudiation when something happens in a transaction.

Ii. Notice of Signature

The Android system requires all programs to be digitally signed to install, and if no digital signature is available, the system will not be installed to run the program. Whether it's a simulator or a real phone. Therefore, you must set up a digital signature for your application before you run the debugger on the device or on the emulator.

Android signed digital certificate does not need authority to authenticate, is the developer's own digital certificate, that is, the so-called self-signed. Digital certificates are used to identify the author of an application and establish a trust relationship between applications, rather than deciding which applications the end user can install.

The system only tests the validity period of the signing certificate when it is installed, and if the application's signature expires after installation, the application can still be enabled properly.

You can use standard tools-keytool and jarsigner-to generate a key to sign an application's. apk file.

You need to use the Zipalign optimizer after signing.

Simulator development environment, the program uploaded through the ADB interface is automatically signed with debug permission before it is passed to the simulator. The Eclipse Menu's window-> Preferences-> android–> build shows the signed digital certificate for our default debugging.

When you formally publish an Android application, you must sign the program with a digital certificate generated by a suitable private key that cannot be published using the ADT plug-in or the debug certificate generated by the Ant tool.

More than one useful to the Android signature related knowledge, every time almost from scratch on Google search, do not want to continue this, and found a good time to tidy up some of the pieces of the knowledge of their own, so put here, one is a memo, the second is to help others.

Obtaining signature information from the APK file

How to use

Keytool-list-printcert-jarfile Your_apk_file

Output information

Signature Owner,issuer and other information
Fingerprints of signatures, such as MD5 and SHA1 equivalents
Signature validity and other information

Example effect

16:29 $ keytool-list-printcert-jarfile akoi_1.2.apk
Signer #1:

Signature:

Owner:cn=andrew Wallace, Ou=droidyue.com, o=droidyue.com, l=beijing, st=beijing, c=86
issuer:cn=andrew Wallace, OU =droidyue.com, o=droidyue.com, l=beijing, st=beijing, c=86 serial number:11a8a4a3 Valid from:tue Feb
10 18:07:4 3 CST 2015 Until:sun June 18:07:43 CST 3013
certificate fingerprints:
md5:46:c5:be:ef:b5:c9:00:e1:fa:42:50:50 : 57:54:ca:15
sha1:c1:14:5d:0a:c2:bf:f6:06:43:20:ae:2c:07:12:97:58:c2:1b:39:d1
sha256:0e:88:7d:c2:4c:d 6:84:a7:58:d4:24:1e:9d:38:f9:05:98:1e:b2:a2:d7:cb:0f:81:74:60:5b:38:89:ff:21:1c
Signature algorithm name: Sha256withrsa
Version:3

Obtaining signature information from a signature file

How to use

Keytool-list-v-keystore Your_kestore_file
Note that when the above command is executed, it prompts for a password, but the input error is not related to the result.

Output information

Signature Owner,issuer and other information
Fingerprints of signatures, such as MD5 and SHA1 equivalents
Signature validity and other information

Example effect

Keystore type:jks
Keystore provider:sun
Your Keystore contains 1 entry
Alias name:droidyue.com
Creation Date:feb, 2015 Entry type:privatekeyentry certificate chain length:1 certificate[1
]:
Owner:cn=andrew Wallace, Ou=droidyue.com, o=droidyue.com, l=beijing, st=beijing, c=86 issuer:cn=andrew
Wallace, Ou=droidyue.com, o=droidyue.com, l=beijing, st=beijing, c=86 serial number:11a8a4a3 Valid from:tue
Feb 10 18: 07:43 CST 2015 Until:sun June 18:07:43 CST 3013 certificate fingerprints
:
md5:46:c5:be:ef:b5:c9:00:e1:fa:42 : 50:50:57:54:ca:15
sha1:c1:14:5d:0a:c2:bf:f6:06:43:20:ae:2c:07:12:97:58:c2:1b:39:d1
sha256:0e:88:7d: c2:4c:d6:84:a7:58:d4:24:1e:9d:38:f9:05:98:1e:b2:a2:d7:cb:0f:81:74:60:5b:38:89:ff:21:1c
Signature algorithm Name:sha256withrsa
Version:3

Re-sign APK

In the absence of source code, we can change the APK signature.

Script

signapk.sh
Alternate address

How to use

Bash signapk.sh your_apk_file your_keystore_file keystore_pass Keystore_alias

Example effect

16:57 $ bash signapk.sh weixin6313android740.apk ~/documents/baidu_disk/Baidu Cloud Sync disk/droidapp/mykiki 123456
param1 weixin6313android740.apk
param2/users/androidyue/documents/droidapp/mykiki
param3 123456
param4 droidyue.com
deleting:meta-inf/manifest. MF
Deleting:meta-inf/droidyue. SF
Deleting:meta-inf/droidyue. RSA
adding:meta-inf/manifest. MF
Adding:meta-inf/droidyue. SF
Adding:meta-inf/droidyue. RSA
...
Verification succesful

The generated file is placed in the current directory, and its filename is incremented with the signed_ prefix, such as the output file for weixin6313android740.apk, which is signed_weixin6313android740.apk

Gradle build generates Signature APK

To generate the APK for the specified signature when executing the Gradle build, you need to modify the following in Build.gradle

Android {
Signingconfigs {release
{
storefile file ("Myrelease.keystore")
Storepassword "********"
Keyalias "Hu Jintao"
Keypassword "Hu Jintao"
}
buildtypes {release
{
signingconfig Signingconfigs.release}}}

The above is a small set to introduce the Android signature knowledge Summary, I hope to help you!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.