"Use of the Keytool jarsigner tool" Android uses JDK1.7 tools for the signature of the APK file, as well as the use of the KeyStore file

Source: Internet
Author: User
Tags sha1

You see this article from HTTP://WWW.CNBLOGS.COM/AYANMW

For an Android apk compile process please refer to:

Http://www.2cto.com/kf/201312/261475.html

 for your activities), compiled into R.java. It allows you to reference your resources from Java code. Aidl: Convert. Aidl interface becomes Java interface Java compiler tool (JAVAC): All Java code (including: Java source, R.java,. Aidl converted interface file) is compiled by the Java Compilation tool (JAVAC) into intermediate code (. class  byte  codeapk build Tool: Packages all resources that do not need to be compiled, compiled resources, and Dalvik code (. Dex) into an. apk file signature (jarsigner). After the APK is built, It must be signed to be installed on the device or the device will refuse to install. Because the compilation tool contains the private key of the debug signature, it is signed directly at compile time. But when you want to release the version, you have to sign the APK package yourself. Alignment Tool (Zipalign): Finally, you need to align the package with the Zipalign tool. 

Install the JDK and make sure you can use Keytool jarsigner two tools, because the APK format is actually Jar,jar and the format of adding some extension content based on the zip format.

1. Making a signature tool
C:\>where Keytool
C:\Program Files\java\jdk1.7.0_45\bin\keytool.exe
2. Make a signature tool
C:\>where Jarsigner
C:\Program Files\java\jdk1.7.0_45\bin\jarsigner.exe

The signature is divided into two parts:

Generate private key

Keytool

Keytool Options Description
-genkey Produces a key-value pair (public and private)
-v Allow action output
-alias<alias_name> The alias of the key. Only the first eight characters are valid.
-keyalg The encryption algorithm that generates the key. Supports DSA and RSA.
-keysize Produces the length of the key. If not supported, Keytool uses the default value of bits. Usually we use 2048 bits or longer keys.
-dname

A distinguished name that describes who created the key. This value is used as the issuer and subject field of the self-signed certificate. Note You can not specify at the command line. If not specified Keytool will prompt you (CN, OU, and so on).

-keypass

The password for the key.

Mainly for security reasons, if not provided, Keytool will prompt you to enter.

-validity

Key expiration date, Unit: Day

Note: A value of 10000 or greater is recommended.

-keystore.keystore The file used to store the private key.
-storepass

The password for the private key store file.

Mainly for security reasons, if not provided, Keytool will prompt you to enter. This password is not stored in your shell history.

Keytool-genkey-v-keyalg dsa-keysize 1024-sigalg sha1withdsa-validity 20000-keystore mydevel.keystore-alias devel -keypass Mydevel-storepass Mydevel

Signing with the private key

Jarsigner:

Jarsigner Options Description
-keystore.keystore The storage file that contains your private key
-verbose Displays the output action.
-sigalg Signature algorithm, with SHA1withRSA .
-digestalg Message digest algorithm, with SHA1 .
-storepass

The password to store the file.

Mainly for security reasons, if not provided, Jarsigner will prompt you to enter. This password is not stored in your shell history.

-keypass

The password for the private key.

Mainly for security reasons, if not provided, Jarsigner will prompt you to enter. This password is not stored in your shell history.

Jarsigner-verbose-sigalg sha1withdsa-digestalg sha1-keystore mydevel.keystore-storepass myDevel test.apk devel

To sign with the Eclipse tool:

Right-click on the project->android Tools->export singedappplication Package

To store a file signature with an existing KeyStore key:

You can also create a new KeyStore file:

Here validity year's validity is 1-1000 oh. The other is wrong, change to 500 try.

The same is Mydevel.keystore, one is Jarsigner signature, one is eclipse signature.

Alignment Tool (Zipalign):

Once you have signed the APK with your private key, run Zipalign on the file. This tool ensures that all uncompressed data starts at a specific byte alignment, relative to the beginning of the file. When installed on a device, ensure that alignment on a 4-byte boundary provides performance optimizations. When aligned, the Android system is able to read files using mmap (), even if they contain binary data with alignment restrictions, rather than copying all the data from the package. The benefit is that the amount consumed by running the application in RAM is reduced.

Zipalign-v 4 helloworld.apk helloworld_release.apk

=========================================

When you use the Jarsigner signature, you encounter an error that cannot be installed and prompts for no signature:

The normal installation should be:

c:\>adb Install test.apkkb/s (19576 bytes in 0. 053s)        pkg:/data/local/tmp/test.apksuccess

If already installed, ADB seems unable to overwrite the installation directly

c:\>adb Install test.apk367 kb/s (19576 bytes in 0. 052s)        [install_failed_ Already_exists]

For a "No signature or signature error" installation is

c:\>adb Install test_unsigned.apk315 kb/s (18113 bytes in 0. 056s)        [Install_ Parse_failed_no_certificates]

Others have encountered this problem: as the brother said,

JDK1.7 Signature APK Exception http://blog.csdn.net/sgz_china/article/details/8060315

The wrong signature is:

C:\>jarsigner  -verbose  -keystore mydevel.keystore-storepass mydevel test.apk devel   is adding: meta-inf/ DEVEL. SF   is adding: meta-inf/devel. DSA  is signing: Res/layout/main.xml  is signing: Androidmanifest.xml  is signing: RESOURCES.ARSC  is signing: res/ Drawable-hdpi/icon.png  is signing: Res/drawable-ldpi/icon.png  is signing: Res/drawable-mdpi/icon.png  is signing: Classes.dex
c:\>adb Install test.apk349 kb/s (19697 bytes in 0. 055s)        [install_parse_failed_ No_certificates]c:\>

The main is to remove the Jarsigner two parameters:-sigalg sha1withdsa-digestalg SHA1

In fact, on the Android official website has the description:

Http://developer.android.com/tools/publishing/app-signing.html#setup

Caution: as of JDK 7, the default signing Algorithim have changed, requiring you to specify the signature and digest Algorithim S ( and) when your sign an -sigalg   -digestalg APK.
Jarsigner  -.....--digestalg SHA1 ...

JDK1.7 because the default signature algorithm changes, you need to specify the signature algorithm and the key algorithm. It's supposed to correspond to Keytool.

-sigalg <sigalg> Signature Algorithm name

-keyalg <keyalg> Key algorithm name

Two parameters.

===============

Also about the SF RSA file name in the signed Meta-info

However, the default APK's meta-info name is CERT after the signature. SF and CERT. Rsa. I use Jarsigner signature is that <alias>. SF <alias>. RSA.; This is the name that was signed with Eclipse.

This cert should not be Keytool designated alias, right? Can you change that name in any other way? Do not know, directly modify the APK, then the apk zip header information will be modified to the signature information, resulting in a failure to install.

======================

TODO: About the APK signature, there is an Android source code in the Signapk.jar [compiled after packaging, there are signapk.java source files]

How to use:

usage:signapk publickey.x509[. PEM] privatekey.pk8 Input.jar Output.jar

which

TESTKEY.PK8 is binary,

0?? 0* Somebody 嗺????? 謸 Lian $ table 莃 pout?>> 蚻?? Miss Dipper ㄍk ordained n???? Y?w〤 tarnished=KD pickaxe v Pi G-kan 0 祒? C 綥 R Poor sunscreens 8 rear competent smokers swab?? Shen Engaged tart 驪 "P2 鄝? 頹 3Y si rusa 旍, look 劆 葄 tad; 1:g7./d fruitful mb 馲 drouth 佁 told 趌? Xh?do Cry 樕 (Wh Grandparents GJT cookbook? Light GU3 膋 汍 o handle I uncomplicated ⑿ glutinous rice dumplings &? 檙}<? Gently eletronic 8 cry? [j] 籜 攧 M-shuttle win? rhenium) 3 濖 sa] boron} yuck g 釶 I pinched d? F # harcourt; ~ 鷓 sin? Garland 袠 ┝ uranium 廗 霦? v?ブ Qiong ~ Nettle e? NY 鮷 4[?z?5?< Orange NAO dung o resistance 1 ophiodon 羄 5Z polio @u? Beard Uy??? V sales X6≮ud?┛??) Mangan Safety J 襸 櫑 Portfolio W 襡 l 氇 |u; 溭 ldg for 鼼 k~ rates ~ 昗 Peng do wenxiang? 玣 J 蓸?? +r six impeaches D Yong? I?? X? H. 蹽 V Homestay 柦 l{Vitoria Yun frequents '? 繛 prohibition 匴 tired 灖? Looser 撪 Squeak H Magic "á Yoon-jin hgk3 dig 樆 m bum prayer? F?, 蛅 v Hillhouse kimoto w 掔 Pauline * Refilling Fuigo Wu Bai #v Bean J 駖 m condensate @? official o_, sex 啛!y 玌 pzu{a? Vitoria 4ǒ7 欑, 珬 u 漗 柇 fi? 嶢? wei/b$4m+ kiyotaki ┨ 濏. Go0 躈 americium hospital bat embroidery?? D (郩 [Portuguese n?ac~ | endof able He K2 ' ma62r?)? E"乫 7~" 洀? Yao diligent? Vitoria errno fhg *i? X?? RB deceived P0?? Tofuyo l 憣 lures? Le??? 襰 L/MR principally 鳲 g!g new? 鵘 rest Lymphe? o \u ki l huzhou r Reed ㄕ i 甖 j?\ right y piloting 8 stagger seized ' rotten Vitoria? Of#zf?re?9? Luen Zheng zeroing move sz? Amx3r[Meticulous ih 贘 = Another honing delaminated? x|y{cycles [email protected] noose logically education @ brick UW nasty ~ 鎋 art D 藹 3€ Weng lνqe mujina H neodymium ┽ old man f?_ owl a.? 3 Think borrow c* endive b 贂 B[Tong f!, ys hip? reeds x??Disease 塽? j{雗 ua, ' ¥i shi wx+5 zone u dog l ' cellulose hee/then 麣 h Pat I scales;Cha mutual benefit) 4v 広 z???? {Ponds 邚 鬄?

Use Winhex to copy 16 binary as:

308204bd020100300d06092a864886f70d0101010500048204a7308204a30201000282010100d6931904dec60b24b1edc762e0d9d8253e3ecd6ceb1de 2ff068ca8e8bca8cd6bd3786ea70aa76ce60ebb0f993559ffd93e77a943e7e83d4b64b8e4fea2d3e656f1e267a81bbfb230b578c20443be4c7218b846 f5211586f038a14e89c2be387f8ebecf8fcac3da1ee330c9ea93d0a7c3dc4af350220d50080732e0809717ee6a053359e6a694ec2cb3f284a0a466c87 A94d83b31093a67372e2f6412c06e6d42f15818dffe0381cc0cd444da6cddc3b82458194801b32564134fbfde98c9287748dbf5676a540d8154c8bbca 07b9e247553311c46b9af76fdeeccc8e69e7c8a2d08e782620943f99727d3c04fe72991d99df9bae38a0b2177fa31d5b6afee91f02010302820101008 F0cbb589484076dcbf3da41eb3be56e297f339df213ecaa045dc5f07dc5de47e25049c4b1c4f34409d20a662391553b7efa70d7eff028dcedd098a9c1 E2998f4bec451abd2a76cb23a5d6ad827edda165d02f4e160e59f57b16345bd7297affb47f350a872d3c149775dbf1b7e06fd7e831f78ac15e355aaf7 74055ba0ff44575a286798e35c533b40276e44e5836a1da7564adfaf538a493a9bf10f213a657ac12291c1be56997fc6ad27b99a7fc8977d2654cebaa 7c753b9cda4c64671a8ee8fd476b7ee2c37e95579d70441e6fab93a413ab664ac998fa25943f2b52c1f9c5ea64ef4a1bca0149e717a214017896080c48a407dc4776cbde96bd4ca1847b02818 100eac099171c9b95278c07bf9e974518855791769ea7b52bf6ba93e0d6a848c4a70d18a6e8a8a2da5368676b33bef298bb144d9af8b5bbad2246f42c 2ccd7476eab21be14a771f92e7adf600b5932af747f7b9775587110ab0d8032318768b586af17c6dc4fd40a8181e85876f5f0a2cbdbb03869f2179ab5 570a7597a757b619b02818100e9fef71934a8af3799e712ab979d5e027596ad8d69156649961ce4a2ad082f186224344d2b888914a9cc9ded476f302e dc4ee65bea77bd91f2f04c3f34ba09b6394428fbb4e0555bc6cf4eec0e61437e00037cedcb19be598fb14b1732604d41363272fa3429e87f651d11228 166377ed2c9a8190b5c9b8fdd2de1c5029140cd028181009c80660f6867b8c508052a69ba2e1058e50ba469c52372a47c6295e47030831a08bb19f070 6c918cf044f2227f4c65d20d8911fb23d2736c2f4d72c888f84f472167eb86fa150c9a73f955ce621ca4daa5264f8e5a0b5c75e5576cbaf9b23af1f65 2f3d8a8d5c56569ae5a4a3f5c1dd3d20259bf6ba67238f5c4e651a3a79667028181009bff4f66231b1f7a669a0c7265139401a3b9c908f0b8eedbb968 986c735aca10416d7833725b060dc6886948da4a201f3d89eee7f1a5290bf74add7f787c06797b82c5fd234038e7d9df89f2b440d7a95557a89e87667ee65fcb8764cc403380cecc4ca6cd714 5aa4368b61700eecfa9e1dbc5660793125fe8c9412e01b62b33028180632aadd91adda462d995a672625b05cda94621f4e95973ee8f9a2deb71a1c1ac 1bd31a0dd6a28975871b6a7beb6e5561b4a12c60a3a469ef7a77582b35c7f855b9b76ccacfc0774845fea9452fb1e3a98c05fb9aa7526819c5c4498e0 Dc1db1ba58a3bd4fb8183291e34768eda7ab4058726fd1c8d147b8965df8f15f39ebc37

TESTKEY.X509.PEM content is:

-----BEGIN CERTIFICATE-----MIIEQDCCA5CGAWIBAGIJAJNURL4H8GHFMA0GCSQGSIB3DQEBBQUAMIGUMQSWCQYDVQQGEWJVUZETMBEGA1UECBMKQ2FSAWZVCM5PYTEWM Bqga1uebxmntw91bnrhaw4gvmlldzeqma4ga1uechmhqw5kcm9pzdeqma4ga1uecxmhqw5kcm9pzdeqma4ga1ueaxmhqw5kcm9pzdeimcagcsqgsib3dqejar Ytyw5kcm9pzebhbmryb2lklmnvbtaefw0wodaymjkwmtmzndzafw0znta3mtcwmtmzndzamigumqswcqydvqqgewjvuzetmbega1uecbmkq2fsawzvcm5pyte Wmbqga1uebxmntw91bnrhaw4gvmlldzeqma4ga1uechmhqw5kcm9pzdeqma4ga1uecxmhqw5kcm9pzdeqma4ga1ueaxmhqw5kcm9pzdeimcagcsqgsib3dqej arytyw5kcm9pzebhbmryb2lklmnvbtccasawdqyjkozihvcnaqebbqadggenadccaqgcggebanatgqtexgskse3hyudz2cu+ps1s6x3i/ wamqoi8qm1r03hupwqnboyouw+znvn/2t53qupn6d1lzljk/qlt5lbx4meog7+ymlv4wgrdvkxyglhg9sevhva4ou6jwr44f46+z4/ kw9oe4zdj6ppqp8pcsvnqig1qcacy4icxf+5qbtnz5qau7cyz8osgpgbieptyozejomc3li9kesbubulxwbjf/ gobzazurnps3co4jfgzsagzjwqtt7/emmkod0jb9wdqva2bvmi7yge54kdvmxhea5r3b97szi5p58ii0i54jicup5lyftwe/ nkzhznfm644olixf6mdw2r+ 6r8caqojgfwwgfkwhqydvr0obbyefehzafy9jyxgrhggbar0gawjyowrmihjbgnvhsmegcewgb6afehzafy9jyxgrhggbar0gawjyowroygapigxmigumqswcqydvqqgewjvuzetmbega1uecbmkq2fsawzvcm5pytewmbqga1uebxmntw91bnrhaw4gvmlldzeqma4ga1uechmhqw5kcm 9pzdeqma4ga1uecxmhqw5kcm9pzdeqma4ga1ueaxmhqw5kcm9pzdeimcagcsqgsib3dqejarytyw5kcm9pzebhbmryb2lklmnvbyijajnurl4h8ghfmawga1u dewqfmambaf8wdqyjkozihvcnaqefbqadggebahqvlozrumrbbvey0nqrrwfbinzaj6cvosk0tyiuff/azgmjwr+ Klfchchjsignlw27drgqavilflahlwn62ox6snb4ylcbosvmr9fxyjlzw2+tcikcrlxwg/oivhqgo/rwuwkjgu134ndefjcjgjdbilcpe+ Ztwhdcwautj9pubo8evhrku3cyfgmlalfgn9gp+pwa7lfqnvxwbnda6sppcccex31i828xzgxpj4o+mdl1/dbd+ Ek8zpup0igdyzm5mtyphvvqgchzzty3siejfymwrsbbmg2oaunlemo6nwmocsdn2clirfxqczjolsde4qys9bah6ehy6ufcoae0=-----END CERTIFICATE-----

The Pem file is generated by OpenSSL. But with KeyStore how to convert, do not know ah ...

Reprint please indicate the source: HTTP://WWW.CNBLOGS.COM/AYANMW I will be very happy!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.