Android Application Signature

The Android system requires that all programs be installed with digital signatures. If no digital signature is available, the system will not install and run this program, whether it is a simulator or a real mobile phone. Therefore, before running the debugging program on a device or simulator, you must set a digital signature for the application. The Android system only tests the validity period of the signature certificate during installation. If the application signature expires after installation, the application can still be enabled normally.

Android uses a digital signature to identify the author of an application and establish a trust relationship between the application. It is not used to determine whether users can install the application. The android signature is completed by the application author and does not need to be authenticated by an authoritative Digital Certificate Signing Authority. It is only used to authenticate the application package. The Android system automatically signs the application by default. The ADT automatically uses the debug key to sign the application. The debug key is a file named debug. keystore located on the computer:

/Documents and Settings/Liuhua/. Android/debug. keystore. The Liuhua is the user name of the computer.

Manual signature is introduced below:

1. the APK signature can be completed in two ways:
1) Complete the APK signature through the graphic interface provided by ADT;
2) Complete the APK signature using the DOS command.
Three tools (three commands) are used to sign an APK: keytool, jarsigner, and zipalign.

1) keytool: generate a digital certificate, that is, the key, that is, the file with the extension. keystore mentioned above;
2) jarsigner: Use a digital certificate to sign the APK file;
3) zipalign: optimizes the signed APK to improve interaction efficiency with the Android system (Android sdk1.6 starts to include this tool)
Generally, all applications you develop use the same signature, that is, the same digital certificate. If this is the first time you sign an Android Application, all the above three tools will be used. However, if you already have a digital certificate, when you sign another APK later, only jarsigner and zipalign can be used. In addition, the keytool and jarsigner tools come with JDK, which means that generating digital certificates and file signatures is not the android patent; in addition, it can be guessed from the literal understanding of jarsigner that this tool is mainly used to sign the JAR file.
Default path of the three tools:
1) keytool: the tool is located in the bin directory of the JDK installation path;
2) jarsigner: the tool is located in the bin directory of the JDK installation path;
3) zipalign: the tool is located in the Android-SDK-Windows/tools/directory.

2. generate an unsigned APK File
Open eclipse, right-click the android project name, select "android Tools"-"Export unsigned application package...", and select a storage location to save it. In this way, an unsigned APK file is obtained.

3. Use keytool to generate a digital certificate
Keytool-genkey-v-keystore Liufeng. Key store-alias Liufeng. keystore-keyalg RSA-validity 20000
Note:
1) keytool is the tool name.-genkey indicates that the digital certificate generation operation is performed.-V indicates that the certificate generation details are printed and displayed in the DOS window;
2)-keystore Liufeng. keystore indicates that the name of the generated digital certificate is "Liufeng. keystore ";
3)-alias Liufeng. keystore indicates that the certificate alias is "Liufeng. keystore". Of course, it can be different from the above file name;
4)-keyalg RSA indicates that the algorithm used to generate the key file is RSA;
5)-validity 20000 indicates that the digital certificate is valid for 20000 days, meaning that the certificate will expire after 20000 days

4. Use the jarsigner tool to sign Android applications
Jarsigner-verbose-keystore Liufeng. keystore-signedjar notepad_signed.apk notepad.apk Liufeng. keystore
Note:
1) jarsigner is the tool name.-verbose indicates that the detailed information in the signature process is printed and displayed in the DOS window;
2)-keystore Liufeng. keystore indicates the location of the digital certificate used for the signature. There is no write path here, indicating that it is in the current directory;
3)-signedjar notepad_signed.apk notepad.apk: Click it to sign the notepad.apk file. The file name behind the signature is notepad_signed.apk;
4) The last Liufeng. keystore indicates the certificate alias, which corresponds to the name following the-alias parameter when a digital certificate is generated.
5. Use zipalign to optimize the signed APK (not required but recommended)
Zipalign-V 4 notepad_signed.apk notepad_signed_aligned.apk
Note:
1) zipalign is the tool name.-V indicates that the detailed optimization information is printed in the DOS window;
2)notepad_signed.apk notepad_signed_aligned.apk optimized the signed file notepad_signed.apk. The optimized file name is notepad_signed_aligned.apk.

If your previous program uses the default signature method (debug signature), once you change the new signature, the application cannot overwrite the installation. You must uninstall the original program before installing it.

Because the program overwrites the installation and mainly checks two points:
1) whether the portal activity of the two programs is the same. If the package names of the two programs are different, even if all other codes are identical, they will not be considered as different versions of the same program;
2) whether the signatures used by the two programs are the same. If the two programs use different signatures, even if the package name is the same, it will not be regarded as different versions of the same program and cannot overwrite the installation.
In addition, some may think that the debug signature application can also be installed and used, and there is no need to sign the application by yourself. Never think like this. The debug Signature Application has two restrictions or risks:
1) the debug signature application cannot be sold on the Android Market. It forces you to use your own signature;
2) debug. keystore may generate different values on different machines, which means that if you change the machine to an APK version upgrade, the above program cannot overwrite the installation. Don't underestimate this issue. If the program you develop is only used by yourself, of course it doesn't matter. Uninstall and install it. But if your software has a lot of customers, this is a big problem, it is equivalent to the software does not have the upgrade function!

You can write the complete step above as a bat file, so that you only need to run the BAT file when signing the file. The following is a complete example of the BAT file:

@ REM Android signature program // annotation command

@ Rem echo is the display Command Format: Echo [{on | off}] [Message]

@ Echo ************************************** ********************

@ Rem file command format: If exist path + file name command

@ If exist D: sign/myfirstapp. keystore goto sign

@ Echo create the signature file myfirstapp. keystore

@ REM keytool Command Format:-genkey generates the signature-alias-keyalg encryption algorithm-validity valid days-keystore production signature file name

Keytool-genkey-alias myfirstapp. keystore-keyalg RSA-validity 40000-keystore myfirstapp. keystore

@ ECHO:

@ REM jarsigner Command Format:-verbose output details-keystore location-file keystore file to be signed for the file to be generated by signedjar

Jarsigner-verbose-keystore myfirstapp. keystore-signedjar myfirstapp_signed.apk myfirstapp.apk myfirstapp. keystore

@ Goto over

: Sign

@ ECHO:

Jarsigner-verbose-keystore myfirstapp. keystore-signedjar myfirstapp_signed.apk myfirstapp.apk myfirstapp. keystore

: Over

@ Echo ******************** myfirstapp.apk signature completed *************** *********

Pause

After the signature is complete, it is best to compress the file and use zipalign in the tools folder in the android SDK installation path to compress it. Take this file as an example and you can also write it as a bat file, example:

C: \ soft \ Android-SDK-Windows \ tools \ zipalign-F-V 4 myfirstapp_signed.apk myfirstapp_zip.apk

C: \ soft \ Android-SDK-Windows \ tools \ zipalign-C-V 4 myfirstapp_zip.apk

Pause