Android digital signature Multiple programs of the same developer use the same digital certificate as much as possible , which provides the following benefits. (1) in favor of the program upgrade, when the new version of the program and the old program digital certificate is the same, the Android system will feel that the two programs are different version number of the same program. Assuming that the new program and the old version of the digital certificate is not the same, then the Android system think they are different programs, and create a conflict, will ask to change the package name.
(2) facilitates the modular design and development of the program. Android system agrees to have the same digitally signed program executed in one process, the Android program will treat them as the same program. So developers can develop their own programs into modules, and users simply need to download the appropriate modules when they need them.
(3) The ability to share data and code among multiple programs through permissions (permission). Android provides a mechanism for assigning permissions based on digital certificates. Applications can share overviews or data with other programs to those that have the same digital credentials as themselves. Assuming that the protectionlevel of a permission (permission) is signature, this permission can only be granted to programs that have the same digital certificate as the package in which the permission resides.
when signing, you need to consider the validity period of the digital certificate :(1) The validity period of the digital certificate shall include the estimated life cycle of the program. Once the digital certificate expires, the program that holds the digital certificate will not upgrade properly.
(2) Assuming that multiple programs use the same digital certificate, the validity period of the digital certificate should include the estimated life cycle of all programs. (3) Android market enforces that all application digital certificates remain valid until October 22, 2033.
Android digital certificates include the following points: (1) All applications must have a digital certificate , the Android system will not install an application without a digital certificate(2) The digital certificate used by the Android package can be self-signed and does not require an authoritative digital certificate Authority signature Authentication(3) if you want to formally publish an Android, you must sign the program with a digital certificate that is generated by a suitable private key . You cannot use the ADT plugin or the debug certificate generated by the Ant tool to advertise. (4) Digital certificates are valid , and Android only checks the validity of the certificate when the application is installed. Assuming that the program is installed on the system, the program's normal functionality is not affected even if the certificate expires. (5) Android uses standard Java tools Keytool and Jarsigner to generate digital certificates and to sign application packages. (6) Use the zipalign optimization program.
Android does not install an APK program that performs no matter what is not digitally signed, whether it is on the emulator or on the actual physical device.
Android's development tools (ADT plugin and ANT) can help developers sign the APK program in two modes: Debug mode and Release mode.
in debug mode, the development tools of Android will sign the program with a digital certificate for debugging at each compile time, and developers need not care. When you want to advertise the program. Developers need to use their own digital certificates to sign the APK package in two ways. (1) Use the Keytool in the JDK (for generating digital certificates) and Jarsigner (for signing with digital certificates) on the command line to sign the APK package. (2) Use ADT Export Wizard to sign (assuming no digital certificate may be required to generate a digital certificate).
using Keytool and Jarsigner to sign programscommand: keytool-genkey-v-keystore xsm_mobile_client.keystore-alias xsm_mobile_client-keyalg rsa-validity 20000the command function interprets:-keystore Ophone.keystore represents the generated certificate. The ability to add a path (by default in the user's home folder, which will be explained later in detail about the home folder). -alias OPhone indicates that the alias of the certificate is the RSA algorithm that ophone;-keyalg RSA represents. -validity 20000 indicates that the certificate is valid for 20,000 days for an example of a 20,000-day valid digital signature certificate, run the cmd command:
Note: The KeyStore password needs to be created by itself and at least 6 characters. Need to enter 2 times before and after, and consistent, storage after the android.keystore stored in the main folder below, may be very many friends do not know and do not understand what the home folder is. Then I'll talk about the home folder .
my PC's home folder is: C:\Users\Administrator, see, I am running the build command under C:\Users\Administrator, so the corresponding signature package will also be generated in C:\Users\Administrator folder, and so on, to say exactly
Next is the signature application, which is the Android Apk program, the CMD Demo sample:command line: Jarsigner-verbose-keystore Android.keystore-signedjar engineer-jsp_20141028.apk Engineer-Jsp_20140424.apk Android Command function explanation: jarsigner is the tool that comes with the JDK. ENGINEER-JSP_20140424.APK is an APK program that does not generate a signature. It needs to be placed under the Unified folder, which is the home folder, with the digital certificate (the Android.keystore generated by the first cmd chart above). signedjar engineer-jsp_20141028.apk is the name of the APK program after digital certificate verification KeyStore Password phrase: Matches the key created by the first image
home folder before and after the digital signature comparison chart:
Eclipse ADT Build
pop up a dialog box and click Next to continue down, such as the following dialog box appears:
because I saved the address. A signature named Android.keystore already exists. So the error. Change Android.keystore to another name, then click Next, for example the following
after all, click Finish to OK, and then go to the previous settings to save the address to see it OK ~!!
Android Application Digital signatures-android digitally signed