Android's signature package from zero single row

Reprint Please specify source: http://blog.csdn.net/crazy1235/article/details/46289803 Signature Introduction What is a signature?

In real life, the signature is equivalent to the signature and seal of the contract. Only after the signature, it has a certain effect. Without a signature, the "contract" would have no object and would have no legal effect.

Why would you sign it?

Android requires that every application must be digitally signed to be installed on the system, that is, without a signed app, there is no way to install it on your Android machine.
Android uses digital signatures to mark the connection between an application and a developer, a way to self-certify an application.
Plainly, it is to mark an app's affiliation, to differentiate the app.

Benefits of Signing:

• Program upgrade is convenient.
  Only programs with the same signature and the same package name can overwrite the installation.
• Application modularity.
  The Android system allows programs with the same digital signature to run in a process, and the Android program treats them as the same program, so the program can be developed in modules, and the user simply downloads the appropriate modules when needed.
• Data sharing
  Android provides a digital certificate-based permission-granting mechanism that allows applications to share some data with other programs that have the same signature.

(The last two points of benefit, the author temporarily did not contact.) ）

how to sign package

There are two ways to sign the APK, which is 1. Package with the graphical interface signature provided by ADT ,2. Sign the package with a DOS command .

The first thing you need to explain is this: we generally debug the program, using the debug signature (Debug.keystore).

In general, when we develop the application, are multi-person collaboration , each person's machine debug signature is not the same, so often encounter you write the program submitted, colleagues updated after the normal operation. For example, Baidu map of the relevant code logic, and signatures have a lot of contact. Using a debug signature can cause some code to run on your own machine, which is too low.

So it is common to share a release signature .
When the APK version is released, it is the release version of the signature, which is the official version of the signature.

Below, the author on both of these ways to explain themselves:

package with graphical interface signature

Right-click on the item and you'll see: Android Tools

Export signed Application package
Represents the export of an APK file with a signature.
Export Unsigned Application Package
means to export an apk file without a signature

We select the first item, then Next,

At this point you can choose to use the existing keystore, or you can create a keystore yourself.
We chose to create one:

After Next,

In this interface, you need to fill in some signed information, such as: aliases, signature passwords, terms of use, organization of information and so on.

The next step is to generate the APK file with the signature.

After a series of steps above, a signed APK file is packaged.

The next time you release the version, you can use the generated signature to package it.

After next, if your signature file password is correct, it will automatically list your settings:

Then enter the password for your signature, next, next.

signed and packaged by means of a command

Before we use the command to generate a signature package, let's take a look at what information Debug.kestore includes.
You can view the information for the signature by using the following command:

-list-v-keystore debug.keystore

The password for the debug signature is: android

You can see the information contained in the Debug.keystore, which corresponds to the information we created with the graphical interface to fill in the signature.

We need to use two tools to sign and package the project:keytool,jarsigner.

• keytool: Used to generate a digital signature.
  Keytool can be used not only to view signature information, but also to generate a signature, which is located in the bin directory of the JDK.

The command to generate the signature is as follows:

-genkey-v-keystore xxx.-alias-keyalg-validity xxx

1. -getkey to generate a digital signature-V to display the signed information in a DOS window
2. -keystore XXX Indicates the name of the signature to be generated
3. -alias XXX Indicates the alias of the signature
4. -keyalg RSA represents the RSA algorithm used to generate the key
5. -validity XXX Indicates the validity period of the signature

After executing this command, you will be prompted to enter some information:

• Jarsigner: Use the signature to sign the APK file. The appliance is also located in the bin directory of the JDK.
  Using the command to compile an apk file is cumbersome and not worth the candle. We use a graphical interface to package a non-signed apk.

Use the following command to sign this apk

jarsigner -verbose -keystore xxx.keystore -signedjar xxx.apk xxx.apk xxx

1. -verbose indicates that the information in the signature process is displayed on a DOS.
2. -keystore XXX Indicates the address of the signature used
3. -signedjar xxx1 xxx2 indicates that the XXX2 signature to xxx1,xxx1 is the name of the signed APK file. (Note order)
4. The last XXX represents the alias of the signature. (no command appears to be performed)

After you execute this command, wait a little while, and you will be prompted to package successfully.

In the process of studying signature packaging, I see a step on the Internet, which is to use the zipalign command to optimize the APK.

4 xxx.apk xxx_aligned.apk

The order means to optimize the xxx.apk into xxx_aligned.apk. When it comes to large projects, the use of this command is significantly larger than the smaller project optimization effect.

This command is interpreted as follows ( network ):

zipalign能够是apk文件未压缩的数据在4个字节边界上对齐，这样android系统就可以使用mmap()函数读取文件，可以在读取资源文件上获取较高的性能。

Summarize

• Signatures different from the same package structure of the APK cannot overwrite the installation, when installed on the phone, will prompt you to sign the conflict. When running on development tools such as Eclipse, you will be prompted with the following:

-unsigned apk cannot be installed on the phone. After the Export Unsigned application Package step, Eclipse will give you a hint: you need to process the program signature before you publish the program .

This blog to the end ~ ~
Thank you for your support! If there is an error, please indicate ~ ~
Thank you ~

Android's signature package from zero single row