现在的位置: 首页 > 综合 > 正文

Android APK系列3——-使用platform密钥来给apk文件签名

2013年10月06日 ⁄ 综合 ⁄ 共 2079字 ⁄ 字号 评论关闭

1.使用platform密钥对apk进行签名
1.1.进入<Android_Source_Path>\build\target\product\security,找到【platform.pk8】和【platform.x509.pem】系统密钥。
1.2.进入<Android_Source_Path>\build\tools\signapk找到SignApk.java,运行 javac编译成SignApk.class
1.3.执行命令java com.android.signapk.SignApk platform.x509.pem platform.pk8 input.apk output.apk

<Android_Source_Path>\build\target\product\security下有多对密钥,详细如下:
The following commands were used to generate the test key pairs:
  development/tools/make_key testkey  '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
  development/tools/make_key platform '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
  development/tools/make_key shared   '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
  development/tools/make_key media    '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'

The following standard test keys are currently included:

testkey -- a generic key for packages that do not otherwise specify a key.
platform -- a test key for packages that are part of the core platform.
shared -- a test key for things that are shared in the home/contacts process.
media -- a test key for packages that are part of the media/download system.
These test keys are used strictly in development, and should never be assumed
to convey any sort of validity.  When $BUILD_SECURE=true, the code should not
honor these keys in any context.

signing using the openssl commandline (for boot/system images)
--------------------------------------------------------------

1. convert pk8 format key to pem format
   % openssl pkcs8 -inform DER -nocrypt -in testkey.pk8 -out testkey.pem

2. create a signature using the pem format key
   % openssl dgst -binary -sha1 -sign testkey.pem FILE > FILE.sig

extracting public keys for embedding
------------------------------------
it's a Java tool
but it generates C code
take a look at commands/recovery/Android.mk
you'll see it running $(HOST_OUT_JAVA_LIBRARIES)/dumpkey.jar

将第二步编译生成的out/host/linux-x86/framework/SignApk.jar放入当前目录下。

命令java -jar SignApk.jar  platform.x509.pem platform.pk8 input.apk output.apk

不单可以对apk文件进行重签名,也可以对所有的zip文件进行重签名,包括ROM文件

返回
【上篇】
【下篇】

作者:

抱歉!评论已关闭.

返回首页

Copyright © 2013-2018 学步园  保留所有权利.
软文销售 QQ客服:2265327166 点击这里给我发消息(其他合作也可洽谈)
必威体育
必威电竞