02-Android_APK签名
本文介绍如何对APK进行系统签名。
获取APK签名密钥
A133 Android SDK 源码密钥路径
(SDK)$ ls android/build/target/product/security/
platform.pk8 platform.x509.pemH618/RK3576 Android SDK 源码密钥路径
(SDK)$ ls build/target/product/security/
platform.pk8 platform.x509.pemRK3562/RK3568/RK3588 Android SDK 源码密钥路径
(SDK)$ ls device/rockchip/common/security/
platform.pk8 platform.x509.pem 网盘密钥路径
3-SoftwareData/Android_APK_Signature获取 keytool-importkeypair 工具
网盘路径
3-SoftwareData/Android_APK_Signature制作平台密钥库JKS
第一步,存放系统签名文件和 keytool-importkeypair 到同一级目录下。
(SDK)$ mkdir sign_key/
(SDK)$ cp device/rockchip/common/security/platform.pk8 sign_key/
(SDK)$ cp device/rockchip/common/security/platform.x509.pem sign_key/
(SDK)$ cd sign_key/第二步,使用 keytool 生成 jks 文件。
keytool-importkeypair 用法
keytool-importkeypair: Missing option, exiting...
usage: keytool-importkeypair [-k keystore] [-p storepass]
-pk8 pk8 -cert cert -alias key_alias
This script is used to import a key/certificate pair
into a Java keystore.
If a keystore is not specified then the key pair is imported into
~/.keystore in the user's home directory.
The passphrase can also be read from stdin.示例:
$./keytool-importkeypair -k ./platform.jks -p android -pk8 platform.pk8 -cert platform.x509.pem -alias android
-k ./platform.jks指定生成 jks 文件名为 platform.jks
-p android指定密码为 android
-pk8 platform.pk8指定 pk8 文件路径
-cert platform.x509.pem指定 pem 文件路径
-alias android指定别名为 android
对APK进行系统签名
Android Studio 方式
第一步,Build -> Generate Signed App 选择生成带签名的APK;
第二步,选择生成APK;(App Bundle 生成的是 aab 文件)
第三步,选择系统 jks,输入对应的别名和密码。
apksigner 方式
apksigner 用法
USAGE: apksigner <command> [options]
apksigner --version
apksigner --help
EXAMPLE:
apksigner sign --ks release.jks app.apk
apksigner verify --verbose app.apk
apksigner is a tool for signing Android APK files and for checking whether
signatures of APK files will verify on Android devices.
COMMANDS
rotate Add a new signing certificate to the SigningCertificateLineage
sign Sign the provided APK
verify Check whether the provided APK is expected to verify on
Android
lineage Modify the capabilities of one or more signers in an existing
SigningCertificateLineage
version Show this tool's version number and exit
help Show this usage page and exit示例:
$ apksigner sign --ks platform.jks --ks-key-alias android --out app-signed.apk app-debug.apk
--ks platform.jks指定 jks 文件路径
--ks-key-alias android与 jks 中的别名一致
--out app-signed.apk指定签名后apk的命名
app-debug.apk指定需要签名的apk路径
java 方式
源码中进行重签
$ cd rk-android13.0/
$ java -Xmx2048m -Djava.library.path="out/host/linux-x86/lib64" \
-jar out/host/linux-x86/framework/signapk.jar --disable-v2 \
-w device/rockchip/common/security/platform.x509.pem \
device/rockchip/common/security/platform.pk8 \
old.apk new.apk
old.apk指定需要签名的apk路径
new.apk指定签名后的apk
Android.mk 方式
添加 platform 配置
LOCAL_CERTIFICATE := platform示例:
LOCAL_PATH := $(call my-dir)
include $(CLEAR_VARS)
LOCAL_MODULE := Test
LOCAL_MODULE_CLASS := APPS
LOCAL_MODULE_TAGS := optional
LOCAL_BUILT_MODULE_STEM := package.apk
LOCAL_MODULE_SUFFIX := $(COMMON_ANDROID_PACKAGE_SUFFIX)
LOCAL_CERTIFICATE := platform
LOCAL_SRC_FILES := Test.apk
include $(BUILD_PREBUILT)查看APK签名信息
$ apksigner verify -v --print-certs test.apkLast updated