Android digital signature Multiple programs of the same developer use the same digital certificate as much as possible , which provides the following benefits. (1) in favor of the program upgrade, when the new version of the program and the old program's digital certificate, the Android system will think that the two programs are different versions of the same program. If the new program and the old version of the digital certificate is not the same, then the Android system think they are different programs, and create a conflict, will require the newly-created program to change the package name.
(2) facilitates the modular design and development of the program. Android allows programs with the same digital signature to run in one process, and the Android program treats them as the same program. So developers can develop their own programs into modules, and users only need to download the appropriate modules when needed.
(3) data and code can be shared across multiple programs through permissions (permission). Android provides a digital certificate-based permission-granting mechanism that allows applications to share overviews or data with other programs to those that have the same digital credentials as themselves. If the ProtectionLevel of a permission (permission) is signature, this permission can only be granted to programs that have the same digital certificate as the package in which the permission resides.
when signing, you need to consider the validity period of the digital certificate :(1) The validity period of the digital certificate should include the program's expected life cycle, once the digital certificate expires, the program that holds the digital certificate will not be upgraded properly. (2) If multiple programs use the same digital certificate, the validity period of the digital certificate will include the expected lifetime of all programs. (3) Android market enforces that all application digital certificates remain valid until October 22, 2033.
Android digital certificates include the following points: (1) All applications must have a digital certificate , the Android system will not install an application without a digital certificate(2) The digital certificate used by the Android package can be self-signed and does not require an authoritative digital certificate Authority signature Authentication(3) if you want to formally publish an Android, you must sign the program with a digital certificate generated by a suitable private key , instead of using the ADT plugin or the debug certificate generated by the Ant tool to publish. (4) Digital certificates are valid , and Android only checks the validity of the certificate when the application is installed. If the program is already installed on the system, it does not affect the normal functionality of the program, even if the certificate expires. (5) Android uses standard Java tools Keytool and Jarsigner to generate digital certificates and to sign application packages. (6) Use the zipalign optimization program.
Android does not install an APK program that runs without a digital signature, either on the emulator or on the actual physical device. Android's development tools (ADT plugin and ANT) can help developers sign the APK program in two modes: Debug mode and Release mode.
in debug mode, Android's development tools use a debug digital certificate to sign the program each time they compile, and developers don't need to worry about it. when you want to publish a program, developers need to use their own digital certificate to sign the APK package, there are two ways to do it. (1) Use the Keytool in the JDK (for generating digital certificates) and Jarsigner (for signing with digital certificates) on the command line to sign the APK package. (2) Signing with ADT Export Wizard (if no digital certificate may be required to generate a digital certificate).
using Keytool and Jarsigner to sign programscommand: keytool-genkey-v-keystore xsm_mobile_client.keystore-alias xsm_mobile_client-keyalg rsa-validity 20000Command function Explanation:-keystore Ophone.keystore represents the generated certificate, can be added to the path (by default in the user home directory, later in detail about the home directory);-alias ophone means the alias of the certificate is OPhone ;-keyalg RSA represents the RSA algorithm used;-validity 20000 means the certificate is valid for 20,000 days for an example of a 20,000-day valid digital signature certificate, execute the cmd command:
Note: The KeyStore password needs to be created by itself, and the minimum is 6 characters, need to enter 2 times before and after, and consistent, storage after the android.keystore stored in the main directory, may be many friends do not know and do not understand the main directory is what, then I say about the home directory
my PC's home directory is: C:\Users\Administrator, see, I am the build command executed under C:\Users\Administrator, so the corresponding signature package will also be generated in C:\Users\Administrator In the catalogue, and so on, in detail .
Next is the signature application, the Android Apk program, the cmd example:command line: Jarsigner-verbose-keystore Android.keystore-signedjar engineer-jsp_20141028.apk Engineer-Jsp_20140424.apk AndroidCommand function Explanation:Jarsigner is the JDK comes with the tool,engineer-jsp_20140424.apk is not generated signature APK program, need with digital certificate ( Above the first CMD graph generated android.keystore) placed in the unified directory, that is, the home directory,Signedjar engineer-jsp_20141028.apk is the digital certificate after the authentication of the APK program name KeyStore passphrase: Matches the key created by the first image
The master directory adds the contrast chart before and after the digital signature:
Eclipse ADT Build
a dialog box pops up, click Next to continue, and the following dialog box appears:
because I saved the address, there is already a signature named Android.keystore, so the error, change android.keystore for other names on it, and then click Next, as follows
after all, click Finish to OK, and then go to the previous settings to save the address to see it OK ~!!
Android Application Digital Signatures-android digitally signed
