Android APK signature information viewing and system signature processing
preface
In the daily development process of Android applications, we are often involved in the application signature related issues. For example, third-party SDKS such as map and voice recognition will conduct some verification operations on APK signatures. In the system application development, there is no system signature system related authority can not call the relevant API, so we need to know how to view APK signature information, how to sign for APK, how to obtain the system signature. This article mainly contains the following contents:
- View signature file information
- View APK signature information
- APK signature/re-signature and obtaining system signature
- System signature information is added during compilation
View signature key information
-
Keystore/JKS keystore. Keytool is a command-line tool in the JDK. In normal cases, you can call keytool directly after installing the JDK and configuring environment variables
Keytool -list -v -storepass keystore password -keystore keystore file pathCopy the codeFor example, check the default debug.keystore signature information. Generally, the APK package of debug type adopts the signature information of this file by default. In Windows, the location is C:\Users\ username \.android\debug.keystore, * Unix system location ~/.android/debug.keystore
Enter Powershell using Win + R to enter the command line operation interface
PS C:\Users\jacknic>cd.\.android\ PS C:\Users\jacknic\. Android > keytool -list -v -storepass android -keystore.\debug.keystore Keystore type: Your keystore contains 1 entry Alias: AndroidDebugKey Creation Date: 2020-6-28 Entry Type: PrivateKeyEntry Certificate Chain Length: 1 Certificate [1]: Owner: [email protected]... Posted by: [email protected]... Serial number: B3998086D056CFFA Valid from Wed Apr 16 06:40:50CST 2008 to Sun Sep 02 06:40:50CST 2035 Certificate Fingerprint: MD5: 8D:DB:34:2F:2D:A5:40:84:02:D7:... SHA1: 27:19:6E:38:6B:87:5E:76:AD:F7... SHA256: C8:A2:E9:BC:CF:59:7C:2F:B6:DC:66:BE:E2:93:FC:13:... .Copy the code -
View APK file signature information
Use the keytool tool
keytool -list -printcert -jarfile D:\path\app.apk Copy the codeOnly v1 signature APK may need to extract meta-INF/cert. RSA and view the signature information
keytool -printcert -file CERT.RSA Copy the codeUse the Jadx tool
Jadx is a very powerful Java & Android decompiler that also makes it easy to view all kinds of information in APK files. After opening the APK file with Jadx, check the APK Signature, Certificate/ Certificate options in the sidebar to view the APK signature information.
-
View the configuration information about the compilation signature
Common application development is built using Gradle and can be viewed by executing tasks from the command line. Open a command line window and switch to the directory where your Android project is located. Run the following command:
Windows executes.\gradlew. Bat signingReport
PS D:\dev\android\personal\android-actions-demo> .\gradlew.bat signingReport > Task :app:signingReport Variant: releaseUnitTest Config: release Store: D:\dev\android\personal\android-actions-demo\keystore.jks Alias: key ---------- Variant: release Config: release Store: D:\dev\android\personal\android-actions-demo\keystore.jks Alias: key ---------- Variant: debugUnitTest Config: debug Store: C:\Users\jacknic\.android\debug.keystore Alias: AndroidDebugKey MD5: 8D:DB:34:2F:2D:A5:40:84... SHA1: 27:19:6E:38:6B:87:5E:76:AD:... SHA-256: C8:A2:E9:BC:CF:59:7C:2F:B6:DC... Valid until: Sunday, September 2, 2035...Copy the code/gradlew signingReport
/d/dev/android/personal/android-actions-demo (master) $ ./gradlew signingReport > Task :app:signingReport Variant: debugUnitTest Config: debug ... Copy the code -
View application signature information in Android Studio
In the open project, click Gradle -> Tasks -> Android -> signingReport in the upper right of the window. In the Run TAB at the bottom of the window, you can see the output signature information.
APK signature operation
-
Sign/re-sign the APK
We can use the ApkSigner tool to sign/re-sign the APK. Apksigner tools in the build of the Android SDK folder – the tools/X.X.X apksigner. Bat. In Studio, you can press CTRL + Alt + Shift + S to open the Project Structure window and select SDK Location to check the Location of the Android SDK.
Keystore signature You can specify the password of the keystore by using parameters
apksigner sign --ks release.jks app.apk Copy the codeSuch as:
PS C:\Users\jacknic> D:\soft\Android\ SDK \build-tools\29.0.3\apksigner.bat sign --ks D:\dev\android\personal\android-actions-demo\keystore.jks C:\Users\jacknic\Desktop\app.apk Keystore passwordfor signer #1: Enter the keystore password Copy the codeCertificate and private key signature
apksigner sign --key key.pk8 --cert cert.x509.pem app-name.apk Copy the codeSuch as:
PS C:\Users\jacknic\Desktop\apksigner> java -jar .\apksigner.jar sign --key .\platform.pk8 --cert .\platform.x509.pem --out signed-app.apk C:\Users\jacknic\Desktop\aaaa.apk Copy the codeCommon Parameters
Parameter names instructions –ks Java keystore file –ks-pass The password for the keystore containing the signer’s private key and certificate, not specified manually by default –key The name of the file containing the signer’s private key –cert The name of the file containing the signer’s certificate chain. This file must be in X.509 PEM or DER format. –ks-key-alias This option must be specified if the keystore associated with the signer contains more than one key –out The location where you will save the signed APK. View the official documents of apksigner
Signing the system
-
Obtaining the System Signature
When compiling the system, the certificates and private keys related to the system already exist. In daily development, the compilation of the system should be managed by the relevant system engineers. Refer to the files in the AOSP/LineageOS project build/ Target/Security for details. As you can see in the connection below, AOSP’s signature is the system signature of the Android Studio simulator (not the Google APIs image).
Github.com/LineageOS/a…
Pk8 and certificate platform.x509. Pem. We can sign the corresponding APK according to the signature mode of certificate and private key, so that App has the system signature.
-
In another way, when compiling Android system source code, the compilation process will automatically re-sign some specified APK, so that it has the system signature.
Keystore/JKS keystore is generated
With certificates and private keys, we can generate key stores for security and development purposes. Use the keytool-importkeypair tool to generate the keystore. This tool can only be executed in a shell if you open a command line terminal on a * Unix system, or use its built-in bash if you have Git installed on Windows. Git bash Here -> git bash Here > git bash Here
./keytool-importkeypair.sh -k ./debug_app.keystore -p android -pk8 platform.pk8 -cert platform.x509.pem -alias androiddebugkey
Copy the codeAfter this command is executed, a keystore named debug_app.keystore is generated in the directory. Related files can be downloaded from apksigner.zip
Gradle builds with system signatures
-
Specify release signature information
android{ ... SigningConfigs {release {// Debug_app. keystore file is located in the project root directory, which is the same as the app directory storeFile Rootproject.file ('debug_app.keystore') keyAlias 'androiddebugkey' keyPassword 'android' storePassword 'android' } } buildTypes { release { minifyEnabled true shrinkResources true signingConfig signingConfigs.release proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'}... }Copy the code -
Specifies debug signature information
Android \debug.keystore is the default signature for an APK of debug type. The APK we run and install directly with Android Studio also comes with this signature. By modifying the Debug signature configuration, apps that we run directly in Studio can also have system signatures
android { defaultConfig { ... SigningConfig SigningConfigs. debug} signingConfigs {debug {keyAlias"androiddebugkey" keyPassword "android" storePassword "android" storeFile rootProject.file('debug_app.keystore') } } buildTypes { ... debug { signingConfig signingConfigs.debug } } } Copy the code
conclusion
In daily application development, understanding Gradle and APK construction processes and configuring related sub-processes can simplify some development processes and improve efficiency.
Development of thinking
- APK key rotation, this allows applications to change its signature key in the process of update APK developer. The android, Google. Cn/studio/comm…
- Various Java encryption algorithms – brave-sailor – blog park www.cnblogs.com/Free-Thinke…
- Information security, data encryption and decryption
The resources
-
Apksigner | Android Developers developer. The Android. Google. Cn/studio/comm…
-
Signature for the application | Android Developers developer. The Android, Google. Cn/studio/publ…
-
Application signature | Android Open Source Project Source. Android, Google. Cn/security/ap…
-
Signingconfig-android Plugin 3.4.0-dev DSL Reference google.github. IO /android-gra… signingconfig-Android Plugin 3.4.0-dev DSL Reference google.github.
-
keytool-importkeypair: A shell script to import key/certificate pairs into an existing Java keystore github.com/getfatday/k…
-
View the keystore file signature information www.devacg.com/index.php?p…
-
Jadx project address github.com/skylot/jadx
-
The keytool command official documentation docs.oracle.com/javase/9/to…
-
Download the apksigner.zip resource (including the AOSP certificate and private key, keytool-importkeypair.sh) gitee.com/jacknic/ass…