Signature method
1) Sign with eclipse plug-in
a) Debug signature
The eclipse plug-in gives the program a DEBUG permission by default Signature. Programs with this signature cannot be released to the market. This signature is valid for one year. If it expires, you will not be able to generate an apk file. At this time, you only need to delete the debugkeystore, and the system will generate a one-year apk file for you. New signature
b) Developer generates key and signs
Right-click on the project name, select Android Tools in the menu, and then select Export Signed Application Package... to automatically use eclipse Define the certificate and sign it
c) Developers export unsigned packages
Right-click the project name, select Android Tools in the menu, and then select Export Signed Application ?Package…. Export the unsigned package and then sign it through the command line
2) Sign using the command line
Use the standard java tools keytool and jarsigner to generate certificates and sign the program< /p>
a) Generate signature
$ keytool -genkey -keystore keyfile -keyalg RSA -validity 10000 -alias yan
Note: validity is the number of days, keyfile is the generated key Stored files, yan is the private key, RSA is the specified encryption algorithm (RSA or DSA can be used)
b) Sign the apk file
$ jarsigner -verbose -keystore keyfile -signedjar signed.apk base.apk yan
Note: keyfile is the file where the generated key is stored, signed.apk is the signed apk, base.apk is the unsigned apk, and yan is the private key
c) Check whether an apk has been signed
$ jarsigner -verify my_application.apk
d) Optimization (alignment optimization is required after signing)
$ zipalign -v 4 your_project_name-unaligned.apk your_project_name.apk
3) Signature compiled in the source code
a) Use the default signature in the source code
The default signature is generally used when compiling in source code. You can see the signature command by running
$ mm showcommands in a certain source code directory
Android provides a signed program signapk .jar, the usage is as follows:
$ signapk publickey.x509[.pem] privatekey.pk8 input.jar output.jar
*.x509.pem is the x509 format public key, pk8 For the private key
There are four sets of default signatures available in the build/target/product/security directory: testkey platform shared media (see README.txt for details). There is a LOCAL_CERTIFICATE field in Android.mk in the application. , which specifies which key to use for signature, and testkey is used by default if it is not specified.
b) Self-sign in the source code
Android provides a script mkkey.sh (build/target/ product/security/mkkey.sh), used to generate keys. After generation, specify which signature to use through the LOCAL_CERTIFICATE field in Android.mk in the application
c) Introduction to mkkey.sh
i. Generate public key
openssl genrsa -3 -out testkey.pem 2048
Where -3 is the parameter of the algorithm, 2048 is the key length, and testkey.pem is Output file
ii. Convert to x509 format (including author validity period, etc.)
openssl req -new -x509 -key testkey.pem -out testkey.x509.pem -days 10000 -subj '/C=US/ST=California/L=MountainView/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
iii. Generate private key
p>openssl pkcs8 -in testkey.pem -topk8 -outform DER -out testkey.pk8 -nocrypt
Convert the format to PKCS #8. -nocryp is specified here, which means no encryption. So you don’t need to enter a password when signing