Table of contents
Create a folder in any directory
2. Five files that need to be prepared in this directory
Create a folder in any directory
2. Five files that need to be prepared in this directory
The above five documents,
The first four can be copied from the compiled Android source code project directory,
The fifth is the apk file that you need to sign
- ①platform.pk8
路径:DCU_CODE/buildsystem/android10/build/target/product/security/platform.pk8
The file name
platform.pk8is usually a signature key file in the Android system. On the Android platform, apps must be signed with a digital certificate so the system can verify their identity and ensure they haven't been tampered with.
platform.pk8Is the key file used to sign the core components of the Android platform, such as system services and framework applications. These components are usually signed by the device manufacturer or the Android platform development team. This file can only be accessed and used by those with specific permissions.
- ② platform.x509.pem
路径:DCU_CODE/buildsystem/android10/build/target/product/security/platform.x509.pem
platform.x509.pemThe file is usually a certificate file used to verify the identity of the application in the Android system. On the Android platform, apps must be signed with a digital certificate so the system can verify their identity and ensure they haven't been tampered with.
platform.x509.pemThe file contains one or more digital certificates, which are used to verify the identity of the application. These certificates are signed by the device manufacturer or the Android platform development team andplatform.pk8paired with the private key in the application.When a user installs an app, the Android system checks that the app is signed with a valid certificate and that the certificate matches a known certificate on the device. If the certificate is invalid or does not match, the system will prevent the application from installing or running.
- ③libconscrypt_openjdk_jni.so
Path: DCU_CODE/buildsystem/android10/out/host/linux-x86/lib64/ libconscrypt_openjdk_jni.so
libconscrypt_openjdk_jni.so is a library file for encryption and secure communication. Specifically, it is a JNI binding for the Google Conscrypt library that allows Java applications to use OpenSSL 's encryption algorithms for encryption and decryption operations.
The Java runtime environment uses its own encryption implementation by default, but in some cases, such as communicating with other platforms (such as OpenSSL ) or performing specific encryption tasks, it may be better to use the OpenSSL implementation. At this point, libconscrypt_openjdk_jni.so can be used as an alternative.
Overall, libconscrypt_openjdk_jni.so can provide higher levels of encryption and security while providing cross-platform compatibility.
- ④sign.apk.jar
路径:DCU_CODE/buildsystem/android10/out/host/linux-x86/framework/sign.apk.jar
Signing ( signing ) is an important step in the Android application development process. Applications must be signed to verify their origin and guarantee that the application has not been tampered with. APK ( Android Package ) file is the installation package format of Android application, which includes all components and resource files of the application. Before deploying the APK file to the device, you need to use the keytool tool to generate a digital certificate, and then use the jarsigner tool to sign the APK .
In Android development, sign.apk.jar is a tool for signing APK files, which can be called by command line or script. This tool can associate specific digital certificate information with APK files, thus ensuring that the applications downloaded and installed by users come from trusted sources and have not been tampered with
- ⑤ The apk file to be signed
Three execution order
- openssl pkcs8 -inform DER -nocrypt -in platform.pk8 -out platform.pem
Here is a command to convert a key in PKCS #8 format to PEM format using OpenSSL tools . in:
- openssl is the command-line program for the OpenSSL tools.
- pkcs8 indicates that the key format to be converted is PKCS #8.
- -inform DER Indicates that the format of the input file is DER encoded.
- -nocrypt indicates that the output PEM file does not need to be encrypted.
- -in platform.pk8 indicates that the input file name is platform.pk8, which is the key file in PKCS #8 format to be converted.
- -out platform.pem indicates that the output file name is platform.pem, which is the converted key file in PEM format.
②openssl pkcs12 -export -in platform.x509.pem -out platform.p12 -inkey platform.pem -password pass:123456 -name "alias_name"
This is a command to package an X.509 certificate and private key into a PKCS #12 file using OpenSSL tools . in:
- openssl is the command-line program for the OpenSSL tools.
- pkcs12 means to perform PKCS #12 related operations.
- -export indicates that an export (package) operation is to be performed.
- -in platform.x509.pem indicates that the input file name is platform.x509.pem, which is the X.509 certificate file to be packaged.
- -out platform.p12 indicates that the output file name is platform.p12, which is the packaged PKCS #12 file.
- -inkey platform.pem indicates that the private key file to be used is platform.pem.
- -password pass:123456 means to set the PKCS #12 file password to 123456.
- -name "alias_name" indicates that the alias that identifies this certificate in the PKCS #12 file is alias_name.
When executing the command, you will be prompted to enter the PKCS #12 passphrase twice for confirmation.
③keytool -importkeystore -deststorepass 123456 -destkeystore platform.jks -srckeystore platform.p12 -srcstoretype PKCS12 -srcstorepass 123456
Here is a command to import a certificate and private key contained in a PKCS #12 file into a JKS ( Java KeyStore ) file using the keytool tool , where:
- keytool is a tool provided by Java for managing keys and certificates.
- -importkeystore Indicates that an import operation is to be performed.
- -deststorepass 123456 means to set the password of the target JKS file to 123456.
- -destkeystore platform.jks indicates that the name of the specified target JKS file is platform.jks.
- -srckeystore platform.p12 indicates that the name of the specified source PKCS #12 file is platform.p12.
- -srcstoretype PKCS12 indicates that the type of the specified source PKCS #12 file is PKCS #12.
- -srcstorepass 123456 specifies that the source PKCS #12 file has a password of 123456.
When executing this command, you will be prompted to enter the password of the source PKCS #12 file and confirm whether to trust the certificate. After successful import, the certificate and private key contained in the PKCS #12 file can be accessed in the platform.jks file.
④java -Djava.library.path=. -jar signapk.jar platform.x509.pem platform.pk8 app-NeedSign.apk app-SignFinish.apk
Here is a command to sign an APK using a Java program that runs a JAR file called signapk.jar , where:
- java means to start the Java runtime environment.
- -Djava.library.path=. Indicates that the current directory is used as the loading path of the local library file.
- -jar signapk.jar indicates that the JAR file to be executed is signapk.jar.
- platform.x509.pem and platform.pk8 are files containing the signing certificate and private key, respectively, used to sign the APK.
- app-NeedSign.apk is the APK file name to be signed.
- app-SignFinish.apk is the new APK file name generated after signing.
When this command is executed, the certificate and private key in the platform.x509.pem and platform.pk8 files will be read through the signapk.jar program, the app-debug.apk file will be signed, and the signed result will be saved to app- debug_sign.apk file. After signing, you can install app-debug_sign.apk to the device or distribute it to users.
The effect of the command is as follows:
Four generated results
The generated app-SignFinish.apk is the signed file
