foreword
Recently, the 360 Reinforcement Assistant has suddenly charged for the signature. After the reinforcement is completed, you have to sign by yourself. Here is a record of your own signing steps using the command line.
Afterwards, the Reinforcement Assistant was updated, and the prompt for clicking the automatic signature is as follows:
I didn't prompt the toolkit to sign manually before, and I usually reinforce the application, and I didn't pay much attention to the toolkit, so I recorded the command line signing steps myself.
Of course, you can also choose 360 toolkit manual signature , or love encryption tool manual signature .
text
First, find the SDK installation directory when Android Studio is installed . There is a downloaded SDK version in the build-tools directory. Open any version and find apksigner.bat. We use this tool to sign.
Align package commands before signing
If you do not execute the alignment command and execute the signature command directly to install on the Android 11 device, an installation package parsing error will be reported, so the signature v3 must be aligned before signing . v1, v2 are aligned after signing.
zipalign.exe -p -v 4 (未对齐的安装包地址) (对齐后的安装包地址)signature command
Open the command prompt Shift + right mouse button in this directory, or open the command window on the desktop to execute the command when the environment variable is configured
apksigner sign --ks (签名地址) --ks-key-alias (别名) --out (签名后的apk地址) (待签名apk地址)Signature address: the path to the jsk generated by signing with Android Studio
Alias: Key alias filled in when signing with Android Studio
Signed apk address: the signed apk storage path
Apk address to be signed: the path of the apk file you want to sign
Note: there can be no spaces in the path
After successful execution, you can see the signed (v1, v2, v3) installation package in the directory you specified.
Query the signature type of the apk package
apksigner verify -v (待验证的apk地址)The output is:
The difference between v1, v2, v3, and v4 signatures
Older versions of Android Studio can select v1 or v2 signatures, or both. The package of the new version cannot be specified, and both v1 and v2 are selected by default.
After the command line is signed, v1, v2, and v3 are all enabled by default.
v1 scheme: Based on JAR signing. (Disadvantage: slow signature verification speed, insufficient integrity guarantee)
v2 scheme: APK signature scheme v2, introduced in Android 7.0.
v3 方案:APK 签名方案v3,在 Android 9.0 引入。
v4 方案:APK 签名方案v4,在 Android 11.0 引入。(用来支持 ADB 增量 APK 安装。目前的使用场景不多,有需要的请自行解决。)
其中,v1 到 v2 是颠覆性的,主要是为了解决 JAR 签名方案的安全性问题,而到了 v3 方案,其实结构上并没有太大的调整,可以理解为 v2 签名方案的升级版。区别仅在于v3版本解决了v2版本不能更换签名秘钥的问题。
爱加密工具签名
爱加密签名工具支持对齐与签名,选择对应输入和路径地址一键签名就行,很方便。
但是最新版的Android Studio(电鳗)打的安装包用360加固后再用爱加密进行签名不显示key Alisa(别名)。
可以用360工具包进行手动签名。
爱加密签名工具下载地址:
https://www.ijiami.cn/apply/Sign
总结
360手动签名工具包目前是免费的,不知道以后收不收费,暂时推荐使用。
爱加密对新版本安装包签名有限制,不推荐使用。
所以还是命令行签名比较安全,只要开发工具还在,SDK还开源就能对应用进行签名,就是麻烦了一点,但是稳定,360工具包不能签名后推荐使用。