Signature using the

V1, v2 Select a signature mode

V1 and v2 signatures can be manually selected under Build/Generate Signed APK (JKS file has been generated), or v1SigningEnabled and v2SigningEnabled can be configured in build.gradle, as shown in the following example

signingConfigs { release { keyAlias 'test' keyPassword 'test' storeFile file('./keystore/test.jks') storePassword 'test'  v1SigningEnabled true v2SigningEnabled true } debug { keyAlias 'test' keyPassword 'test' storeFile file('./keystore/test.jks') storePassword 'test' v1SigningEnabled true v2SigningEnabled true } }Copy the code

Use Jarsigner for V1 signature

Signature command: jarsigner -verbose -keystore xxx.jks -signedjar xxx.apk (apK name after signing) xxx.apk (APK to be signed) XXX (keystore alias) Signature example: jarsigner -verbose -keystore test.jks -signedjar test-signed.apk test.apk dbank

Use apkSigner for V2 signature

According to the introduction of apksigner on the official website, it is necessary to use the zipalign alignment tool to package it before signing, citing the official website warning

Warning: If you make further changes to APK after signing the APK with apkSigner, the APK’s signature will be invalidated. Therefore, you must use a tool such as Zipalign before signing an APK.

Zipalign -v 4 infile.apk outfile.apk align infile.apk and save it as outfile.apk align validate: zipalign -c -v 4 existing. Apk Check the alignment of existing. Apk Signature command: apksigner sign –ks keystore name –ks-key-alias Key alias –out ApK to be signed Apksigner sign –ks test.jks –ks-key-alias test –out sign.apk zipalign. Apk

Apk zipalign -c -v 4 zipalign. Apk apksigner sign --ks test.jks --ks-key-alias test --out sign.apk zipalign. Apk // sign apksigner verify -v signCopy the code

Signature verification

Use apkSigner to verify that the Apk signature is successful

The build-Tools SDK version is displayed
useapksigner verify -v --print-certs xxx.apkThe parameters for viewing required information are described as follows:

-v, –verbose Displays details (displays whether V1 and V2 signatures are used) –print-certs Displays signature certificate information 3. Example below (successful vs. unsigned)

➜ ~ CD Library/Android/SDK/build tools / 27.0.3 ➜ 27.0.3 apksigner verify - v/Users/eminem/Desktop/demo apk Verifies Verified using v1 scheme (JAR signing): true Verified using v2 scheme (APK Signature Scheme v2): true Number of signers: 1Copy the code

➜ JavaProtectorClient2 apksigner verify - v/Users/eminem/Desktop/JavaProtectorClient2 / workspace/output/unsigned apk DOES  NOT VERIFY ERROR: JAR signer CERT.RSA: JAR signature META-INF/CERT.SF indicates the APK is signed using APK Signature Scheme v2 but no such signature was found. Signature stripped?Copy the code

‘Apksigner: Commond not

Found ‘, the tool environment variable needs to be configured

Signature principle

reference

Apksigner Android

A look at Android V1 & V2 signature mechanism

Android-APK signature tools – Jarsigner and Apksigner

mo4tech.com (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.

Android signature mode V1, V2 (Mac)

Signature using the

V1, v2 Select a signature mode

Use Jarsigner for V1 signature

Use apkSigner for V2 signature

Signature verification

Use apkSigner to verify that the Apk signature is successful

Signature principle

reference

Android signature mode V1, V2 (Mac)

Signature using the

V1, v2 Select a signature mode

Use Jarsigner for V1 signature

Use apkSigner for V2 signature

Signature verification

Use apkSigner to verify that the Apk signature is successful

Signature principle

reference

Related Posts

How can you use Distroless to make your containers more secure

Visual analysis of car configuration and drinking habits with correlation network graph in R language

Python (String)