[Publish AAR To Maven] use GPG To encrypt the file signature,

Source: Internet
Author: User
Tags gnupg gpg asymmetric encryption

[Publish AAR To Maven] use GPG To encrypt the file signature,

This article is affiliated with "use Gradle to publish AAR to Maven repository". This file is still being drafted because it involves many things...

========================================================== ======================
Author: qiujuer
Blog: blog.csdn.net/qiujuer
Website: www.qiujuer.net
Open-source Library: github.com/qiujuer/Genius-Android
Reprinted please indicate the source: http://blog.csdn.net/qiujuer/article/details/44173611
-- Learning Open Source for open source; a beginner's mentality is shared with you!

========================================================== ======================

In a system, we need to encrypt the signature of our own applications or files. Among them, mail is the most typical example. There are many signature encryption tools. In this article, we use GPG for operations.

What is GPG? To say this, we have to start with PGP, and PGP uses RSA encryption algorithms. So there are not many articles to elaborate on, So Baidu PGP is the best choice. Or you only need to know that this is an encrypted signature tool.

Download Software

It should be noted that the GPG software for Windows is different from that for Mac. In addition, if Cygwin is installed on your computer, the encrypted signature software is automatically used, but it is just a command line operation. Because Android-Studio has been used, NDK compilation fails to use Cygwin, so it will be deleted. Here we will demonstrate the operations on the interface. If you have the opportunity to add the command line operations; sorry ~~

  • Mac: https://gpgtools.org/
  • Windows: http://www.gpg4win.org/

Here I will demonstrate the software GPG4win.

Install

After the download is completed, the installation is completed. If there is nothing to say about the installation, go to the next step and click OK.

Run

Here, we run the Kleopatra in the installation program. I will clean it and say good GPG?

Here it is the running GPG manager. The core of Gpg4win is GPG, but it includes five related tools, namely, Kleopatra, GPA, GpgOL, GpgEX, and Claws Mail. Among them, Kleopatra and GPA are the key manager of GPG, it is used to generate, import, and export GPG keys (including public and private keys). In general, we use these two keys. GpgOL is the GPG support plug-in for Outlook 2003 and 2007, GpgEX is the GPG support plug-in for Resource Manager (Windows 64-bit is not supported), and Claws Mail is a Mail client with built-in GPG support; of course, mail management will ask you if you want to install it in your installation steps.

What we need here is to upload the public key to the server. Why? Before releasing AAR to a remote warehouse, we need to use the private key for signature encryption and then upload it to the warehouse. The Warehouse Management Server will perform verification and other operations according to your configuration, in this case, you need to use the public key you uploaded. If the public key is not uploaded, the AAR publishing will fail.

Backup and Restoration

After a key (Public Key + key) is created, the storage and import problems naturally exist.

Return

This can be basically done, because if it is used to encrypt the signature AAR, it is basically OK, and the signature encryption work can be completely handed over to Gradle, you only need to set the corresponding private key + private key phrase + Private Key location

  • How do I know the private key ID?
  • Key Phrase. what was previously set.
  • You can use the previous export operation to export the private key (*. gpg). You can also find the default directory of GPG, which is very simple:
C:\Users\(YourName)\AppData\Roaming\gnupg
  • In this example, you can find a file named "secring. the gpg file stores all your private keys in the file, and uses the key ID and key phrase for operations.

This is basically done. You can go back to the AAR article. If you do not use Gradle for encryption and use GPG for encryption, please refer to the next section.

Encryption and decryption

There are three ways to start the encryption wizard. One is to select Sign/Encrypt Files (Signature/Encryption File) from the File menu on the main interface of Kleopatra ), one is to drag the file or folder to be encrypted to the main interface of Kleopatra, and then select Sign/Encrypt (Signature/encryption) from the shortcut menu ), one is to right-click the file or folder you want to encrypt and select Sign and encrypt (Signature and encryption ).

Note that after you enter a decryption phrase, the key phrase is not prompted for subsequent operations.

Summary

Compared with other encryption tools, GnuPG's asymmetric encryption feature makes it more suitable for the transmission of confidential information. In addition to encryption and decryption, GPG can also sign and verify the file, which is very powerful.

In AAR release, the signature is obtained instead of using GPG for encryption, and then published to the server. The server verifies the source file and signature file, to determine whether the file is damaged during network transmission.

It takes 5.5 hours to download the software again to edit and adjust the software ....

========================================================== ======================
Author: qiujuer
Blog: blog.csdn.net/qiujuer
Website: www.qiujuer.net
Open-source Library: github.com/qiujuer/Genius-Android
Reprinted please indicate the source: http://blog.csdn.net/qiujuer/article/details/44173611
-- Learning Open Source for open source; a beginner's mentality is shared with you!

========================================================== ======================

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.