Introduction to the Android signature mechanism: Generating KeyStore, signing, viewing signature information and other methods _android

Android's unique security mechanism, in addition to the authority mechanism, the other is the signature mechanism. The signature mechanism is mainly used in the following two main occasions to play its role: Upgrade app and Permissions check.

Upgrade App

When a user upgrades an already installed app, if the program changes from the same source, it allows the installation to be upgraded, or prompts for a signature inconsistency that cannot be installed.

Permission check

I have mentioned in the specific use of the Android permission privilege mechanism that the protection level for the application permission is signature or Signatureorsystem, Checks whether the certificate of the permission requester and the permission-declaring person is consistent.

As for the principle of the signature mechanism and other functions, this is not detailed, this article mainly introduces the signature file key generation, with key to sign APK file and view the signature method.

Generate KeyStore

To create a keystore, you need to use Keytool.exe (located in the Jdk_xx\jre\bin directory), as follows:

Copy Code code as follows:

Keytool-genkey-alias mykey-keyalg rsa-validity 40000-keystore demo.keystore
#说明:
#-genkey Generate key
#-alias MyKey alias MyKey
#-KEYALG RSA uses RSA algorithm to encrypt signature
#-validity 40000 effective period 4,000 days
#-keystore Demo.keystore

To sign a apk

Using the resulting keystore for apk signature, the Jarsigner.exe is used, the tool is located in the Jdk_xx\bin directory, and the command is as follows:

Copy Code code as follows:

Jarsigner-verbose-keystore Demo.keystore-signedjar test_signed.apk test.apk MyKey
# test_signed.apk is the file after the signature
# test.apk is a file that needs to be signed

Also note that if you have a JDK version of 1.7 or more, you need to add this parameter when you sign the APK:

Copy Code code as follows:

-digestalg Sha1-sigalg Md5withrsa

Otherwise, the error of failure [Install_parse_failed_no_certificates] is also present.

Viewing signature information

1, view the KeyStore information

Copy Code code as follows:

Keytool-list-keystore Demo.keystore-alias Mykey-v

2, view the KeyStore public key certificate information

Copy Code code as follows:

Keytool-list-keystore Demo.keystore-alias MYKEY-RFC

(Note: Obtain a public key certificate in Base64 format, RFC 1421)

3, view the APK signature information

Copy Code code as follows:

Jarsigner-verify-verbose-certs <your_apk_path.apk>