foreword
Android applications must be
数字签名developed before they can be released, which is what we usually call using a certificate to package and then upload to the market, where the private key of the digital certificate is held by the application developer.
There are many ways to generate a signature. Today we will talk about how to create a signature process through AS.
1. Create a keystore signature file
1. In the menu bar, clickBuild - Generate Signed Bundle/Apk...(生成签名)
2. Select the APK option, click the button Next to go to the next step
3. Create a new key store key file, click the button Next to go to the next step
4. Fill in the information according to the following prompts, and click the button Next to go to the next step
5. After the signature is generated, check to remember the password, which is convenient for packaging next time
6. Check the signature verification method, select the environment to be packaged, and click the button Next to start packaging
7. See the following prompt, indicating that the packaging is successful
2. Obtain the configuration information of the signature file
The terminal executes the following command:
keytool -list -v -keystore 你的keystore文件的绝对路径
After entering the keystore password, you can see the configuration information of the keystore signature file on the terminal, as shown in the figure below
3. Configure signature information in the project
1. In the menu bar, clickFile - Project Structure
2. Click in turn Module - app - Signing Configs - +, and then add the official signature just generated
3. Click Apply, and then click ok to complete adding configuration
4. After clicking the ok button, Android Studio will automatically add signature information to the build.gradle of the app module, as shown in the figure below
5. After the signature configuration is successful, associate the signature file with the environment, refer to the 1 process, and set it in Build Types
4. Verify the signature is successful
方法一(keytool,只支持V1签名校验)
进入JDK/bin, 输入命令
keytool -printcert -jarfile xxx.apk (显示签名证书信息)
参数:
-printcert 打印证书内容
-jarfile <filename> 已签名的jar文件 或apk文件
方法二(apksigner,支持V1和V2签名校验)
进入Android SDK/build-tools/SDK版本, 输入命令
apksigner verify -v --print-certs xxx.apk
参数:
-v, --verbose 显示详情(显示是否使用V1和V2签名)
--print-certs 显示签名证书信息
In the first step, after generating the signature, we generated a release version of the apk package in the specified folder. Now we use the second method to verify the certificate chain of the APK, and enter the following command in the terminal: After entering the above command, you
apksigner verify -v --print-certs 安装包路径.apk
can See the configuration information of the keystore signature file, as shown in the figure below
Original article, welcome to correct me if there is anything wrong, let's make progress together!