You might be wondering what problems you can solve and what you can learn from this article:
1. If we have an application, how to check the signature information of the application?
2. If we have the original signature file, how to check the signature information in the signature file?
This article describes how to view signing information in your app and signing files.
1. There are two ways to view the signature information of Android apk
1. Directly view the signature information of the apk (recommended)
keytool -list -printcert -jarfile [APK file path]
1) Enter the command to view (wechat.apk)
Jackchen$ keytool -list -printcert -jarfile wechat.apk
签名者 #1:
签名:
所有者: CN=Tencent, OU=Tencent Guangzhou Research and Development Center, O=Tencent Technology(Shenzhen) Company Limited, L=Shenzhen, ST=Guangdong, C=86
发布者: CN=Tencent, OU=Tencent Guangzhou Research and Development Center, O=Tencent Technology(Shenzhen) Company Limited, L=Shenzhen, ST=Guangdong, C=86
序列号: 4d36f7a4
生效时间: Wed Jan 19 22:39:32 CST 2011, 失效时间: Fri Jan 11 22:39:32 CST 2041
证书指纹:
SHA1: CC:80:D7:6A:A9:FE:94:EC:20:5E:F0:C3:36:BF:C4:24:59:6D:A2:90
SHA256: 0F:E4:FF:85:C2:15:91:83:96:DA:DC:7C:D8:CE:69:63:33:9A:F3:3D:37:75:1A:56:E5:4C:72:06:B6:3A:3C:7C
签名算法名称: SHA1withRSA (弱)
主体公共密钥算法: 1024 位 RSA 密钥 (弱)
版本: 3
Warning:
证书 使用的 SHA1withRSA 签名算法被视为存在安全风险。此算法将在未来的更新中被禁用。
证书 使用的 1024 位 RSA 密钥 被视为存在安全风险。此密钥大小将在未来的更新中被禁用。2. View the signature information through the RSA file in the apk
keytool -printcert -file [RSA file path]
1) First change the apk suffix to .zip, then decompress it, then enter the META-INF directory, and find the RSA file
2) Enter the command to view
Jackchen$ keytool -printcert -file COM_TENC.RSA
所有者: CN=Tencent, OU=Tencent Guangzhou Research and Development Center, O=Tencent Technology(Shenzhen) Company Limited, L=Shenzhen, ST=Guangdong, C=86
发布者: CN=Tencent, OU=Tencent Guangzhou Research and Development Center, O=Tencent Technology(Shenzhen) Company Limited, L=Shenzhen, ST=Guangdong, C=86
序列号: 4d36f7a4
生效时间: Wed Jan 19 22:39:32 CST 2011, 失效时间: Fri Jan 11 22:39:32 CST 2041
证书指纹:
SHA1: CC:80:D7:6A:A9:FE:94:EC:20:5E:F0:C3:36:BF:C4:24:59:6D:A2:90
SHA256: 0F:E4:FF:85:C2:15:91:83:96:DA:DC:7C:D8:CE:69:63:33:9A:F3:3D:37:75:1A:56:E5:4C:72:06:B6:3A:3C:7C
签名算法名称: SHA1withRSA (弱)
主体公共密钥算法: 1024 位 RSA 密钥 (弱)
版本: 3
Warning:
证书 使用的 SHA1withRSA 签名算法被视为存在安全风险。此算法将在未来的更新中被禁用。
证书 使用的 1024 位 RSA 密钥 被视为存在安全风险。此密钥大小将在未来的更新中被禁用。The result is consistent with "directly view signature information of apk".
2. View the signature information in the signature file
1. View the signature information of the x509.pem signature file (used when compiling source code)
keytool -printcert -file [x509.pem file path]
For example: keytool -printcert -file platform.x509.pem
Jackchen$ keytool -printcert -file platform.x509.pem
所有者: [email protected], CN=Android, OU=Android, O=Android, L=Mountain View, ST=California, C=US
发布者: [email protected], CN=Android, OU=Android, O=Android, L=Mountain View, ST=California, C=US
序列号: b3998086d056cffa
生效时间: Wed Apr 16 06:40:50 CST 2008, 失效时间: Sun Sep 02 06:40:50 CST 2035
证书指纹:
SHA1: 27:19:6E:38:6B:87:5E:76:AD:F7:00:E7:EA:84:E4:C6:EE:E3:3D:FA
SHA256: C8:A2:E9:BC:CF:59:7C:2F:B6:DC:66:BE:E2:93:FC:13:F2:FC:47:EC:77:BC:6B:2B:0D:52:C1:1F:51:19:2A:B8
签名算法名称: MD5withRSA(禁用)
主体公共密钥算法: 2048 位 RSA 密钥
版本: 3
扩展:
#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 4F E4 A0 B3 DD 9C BA 29 F7 1D 72 87 C4 E7 C3 8F O......)..r.....
0010: 20 86 C2 99 ...
]
[[email protected], CN=Android, OU=Android, O=Android, L=Mountain View, ST=California, C=US]
SerialNumber: [ b3998086 d056cffa]
]
#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4F E4 A0 B3 DD 9C BA 29 F7 1D 72 87 C4 E7 C3 8F O......)..r.....
0010: 20 86 C2 99 ...
]
]
Warning:
证书 使用的 MD5withRSA 签名算法被视为存在安全风险而且被禁用。2. View the signature information of the keystore signature file (used when Eclipse compiles)
keytool -list -v -keystore [keystore file path]
For example: keytool -list -v -keystore system_signature.keystore
Jackchen$ keytool -list -v -keystore system_signature.keystore
输入密钥库口令:
密钥库类型: jks
密钥库提供方: SUN
您的密钥库包含 1 个条目
别名: system_signature
创建日期: 2021-8-14
条目类型: PrivateKeyEntry
证书链长度: 1
证书[1]:
所有者: [email protected], CN=Android, OU=Android, O=Android, L=Mountain View, ST=California, C=US
发布者: [email protected], CN=Android, OU=Android, O=Android, L=Mountain View, ST=California, C=US
序列号: b3998086d056cffa
生效时间: Wed Apr 16 06:40:50 CST 2008, 失效时间: Sun Sep 02 06:40:50 CST 2035
证书指纹:
SHA1: 27:19:6E:38:6B:87:5E:76:AD:F7:00:E7:EA:84:E4:C6:EE:E3:3D:FA
SHA256: C8:A2:E9:BC:CF:59:7C:2F:B6:DC:66:BE:E2:93:FC:13:F2:FC:47:EC:77:BC:6B:2B:0D:52:C1:1F:51:19:2A:B8
签名算法名称: MD5withRSA(禁用)
主体公共密钥算法: 2048 位 RSA 密钥
版本: 3
扩展:
#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 4F E4 A0 B3 DD 9C BA 29 F7 1D 72 87 C4 E7 C3 8F O......)..r.....
0010: 20 86 C2 99 ...
]
[[email protected], CN=Android, OU=Android, O=Android, L=Mountain View, ST=California, C=US]
SerialNumber: [ b3998086 d056cffa]
]
#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4F E4 A0 B3 DD 9C BA 29 F7 1D 72 87 C4 E7 C3 8F O......)..r.....
0010: 20 86 C2 99 ...
]
]
*******************************************
*******************************************
Warning:
<system_signature> 使用的 MD5withRSA 签名算法被视为存在安全风险而且被禁用。
JKS 密钥库使用专用格式。建议使用 "keytool -importkeystore -srckeystore system_signature.keystore -destkeystore system_signature.keystore -deststoretype pkcs12" 迁移到行业标准格式 PKCS12。3. View the signature information of the jks signature file (used when compiling in AndroidStudio)
keytool -list -v -keystore [jks file path]
For example: keytool -list -v -keystore system_signature.jks
The result is the same as above