The signature encryption method contained in apk, the release form of Android application, is not only RSA, but also DSA, so we can't just extract the common META-INF/CERT. RSA of apk. The first step should be to check what the specific signature file in apk is.

FILE="yourapp.apk "

cert_XSA=`jar tf $FILE | grep SA '

The cert_XSA obtained at this time may be META-INF/*. RSA or META-INF/*.DSA.

Next, extract a specific signature file from apk.

jar xf $FILE $cert_XSA

At this point, you will get the cert_XSA file in the current directory.

Then the MD5 value of the signature in the obtained signature file is extracted.

keytool-print cert-file $ cert _ XSA | grep MD5 & gt； " $FILE.certMD5 "

At this time, the signature MD5 value in yourapp.apkk is saved in the file yourapp.certMD5

Finally, use diff to compare the signatures of the two apps.

file 1 = " your app 1 . apk "

FILE2="yourapp2.apk "

# ...

# ... after the above steps, $FILE 1.certMD5 and $FILE2.certMD5 are obtained.

# ...

certmd 5 _ diff = ` diff $ file 1 . certmd 5 $ file 2 . certmd 5 '

if[" $ certMD5 _ diff " = " "]； then

echo " $ file 1 . certmd 5 = = $ file 2 . certmd 5 "

The ship does not bear the loading fee.

If yourapp1.apk.certmd5 = = yourapp2.apk.certmd5 is output, then the signatures of the two applications are consistent.