Android program to run must be signed prior to release an Android app, requires the use of two tools keytool and jarsigner under / jdk / bin directory to complete the signature task. Wherein, keytool to generate certificates (keystore), jarsigner used for signing.
APK signature principle
1, points:
. A All applications must have a digital certificate, Android system will not install an application without a digital certificate;
. b digital certificate using the Android package can be self-signed digital certificate authority does not require a signature authentication mechanism;
c. Digital certificates are valid for the existence, Android will only check the validity of the certificate at the time of installed applications. If the program is already installed in the system, even if the certificate expired and will not affect the normal functions of the program.
D. the Android java using standard tools Keytool, Jarsigner to generate a digital certificate, and the signature to the application package.
2, the role of
b, application modular: Android system allows multiple applications with a certificate signed into a running process, the system actually use them as a single application, then you can put our application to the module 's deploy mode, and wherein the user can be updated independently of one module.
A, the Android system ROM signature and the signature main application APK signed two forms. ROM signature is a signature for the Android system ROM package has been generated. APK application signature is a signature for application developers to develop APK.
b, A PK is actually a jar or a zip file, stored under the META-INF directory information is a signature archive of all files, used to ensure the integrity and security systems apk package.
c, re-signing: actually delete the META-INF directory (to remove the existing signature), using their own data once again re-signing certificate.
APK-signature example
1, a digital certificate generate native keystore
keytool -genkey -v -keystore debug.keystore -alias androiddebugkey -keyalg RSA -validity 10000
Command Description:
Debug.keystore certificate will be generated, a file in the root directory of C.
2, delete the original signature of the APK file, as follows:
a. The app-debug.apk rename app-debug.zip, and extract
b. folder and the rename app-debug app-debug_temp
c. enter the app-debug_temp, find and delete the META-INF
d. Place the entire folder app-debug_temp repackaged into .zip archive, and then change the extension .apk
3, APK re-signing
jarsigner -verbose -keystore debug.keystore -storepass Android -keypass Android -signedjar app-debug_signed.apk app-debug_temp.apk androiddebugkey
Command Description:
##
jarsigner tool is Java's signature
-verbose parameter indicates: show signature details
-keystore indication debug.keystore signed certificate files in the current directory.
-storepass key password
-signedjar ThinkDrive_signed.apk represents the name of APK generated after the signature,
ThinkDrive_temp.apk represents unsigned APK,
androiddebugkey represents the alias debug.keystore
##
At this time, C root directory will generate a new .apk file through app-debug_signed.apk after re-signing.
After re-installation of the installation package signature, prompt on the phone "problem parsing the package" failed to install the apk file using the signature protection mechanism to prevent the program running, thus ensuring the re-released after the application not been maliciously modified.
In general, the signature for test apk file, if there is such an expected result, namely: after replacing the signature, the application triggers defense mechanisms, "a problem parsing the package" applications can not start or prompt, you can illustrate the application with signature protection mechanisms .