android-包签名
android-包签名
应用能在Android 系统上安装必须是经过有私有key的证书数据签名。Android系统通过证书确定应用的作者,和与应用建立信任关系。证书不会用于控制应用的安装。证书不需要权威机构签名:它是非常完美和标准。
关于签名的一些重要点:
- 所有的应用必须签名(android 有默认签名)。
- 测试和调试应用,构建工具用指定的调试密钥(android sdk 构建工具创建的)签名你的应用。
- 在发布给终端用户之前要用合适的密钥签名应用,不能用调试密钥签名将要发布的应用。
- 可以用自己签名的证书签名自己的应用。
- Android 系统仅仅会在应用安装的时候检查证书的有效期。如果应用在安装之后过期,那么应用还会正常运行。
- 我们可以用标准的工具-Keytool 和 Jarsigner - 生成密钥和签名应用。
- 在完成签名之后,发布之前,需要使用zipalign 工具优化最终的apk 包。
Android 系统不能安装和运行没有正确签名的包。
签名过程
Android 签名应用与构建方式有关,不同构建方式会导致签名过程的不同。这里有两个构建方式:调试模式和发布模式。调试模式在开发和测试的情况下使用,发布模式是在将要发布应用给用户的时候才会使用的(比如发布到Google Play)。
When you build indebug modethe Android SDK build tools use the Keytool utility (included in the JDK) to create a debug key. Because the SDK build tools created the debug key, they know the debug key's alias and password. Each time you compile your application in debug mode, the build tools use the debug key along with the Jarsigner utility (also included in the JDK) to sign your application's.apkfile. Because the alias and password are known to the SDK build tools, the tools don't need to prompt you for the debug key's alias and password each time you compile.
When you build inrelease modeyou use your own private key to sign your application. If you don't have a private key, you can use the Keytool utility to create one for you. When you compile your application in release mode, the build tools use your private key along with the Jarsigner utility to sign your application's.apkfile. Because the certificate and private key you use are your own, you must provide the password for the keystore and key alias.
The debug signing process happens automatically when you run or debug your application using Eclipse with the ADT plugin. Debug signing also happens automatically when you use the Ant build script with thedebugoption. You can automate the release signing process by using the Eclipse Export Wizard or by modifying the Ant build script and building with thereleaseoption.
签名策略
签名应用的方式会影响开发应用的方法。特别是在需要发布多个应用的时候。
一般,对于所有的开发者比较推荐的策略是所有的应用用同一个证书签名(在有效期之内),这样做的原因是:
- 应用更新-当发布更新应用的时候,需要用相同的证书签名应用,这样可以保证用户很好的更新到新版本。当应用安装更新时,系统会把新版本中的证书与旧版本比较。如果证书匹配,包括证书数据和命令,系统才会允许安装更新,如果新版本的证书与旧版本的不匹配,那么必须改变应用的包名-这种情况,安装的是一个全新的应用。
- 应用模块化– Android 系统允许拥有同样证书的应用运行在同一个线程中,如果应用需要,那么系统会认为他们是同一个应用。用这种方式你可以模块化部署应用,用户可以独立的更新它们。
- 代码/数据可以共享-Android 系统基于权限机制提供签名,以便一个应用可以暴露方法给其他的应用。
另外一个决定签名方式的重要因素是如何设置密钥的有效期。
- 如果计划支持单个应用的更新,我们必须保证密钥的有效期超过应用的有效期。有效时间最好是25年或者更长。当密钥的有效期失效,用将不能无缝地更新应用
- 如果用同一个证书签名多个应用,我们必须保证密钥的有效期足够长,设置密钥有效期的时候,要考虑应用依赖的应用的有效期。
- 如果我们计划发布应用到google play。密钥的有效期必须是在2033.10.22之后。google play 强制这些是为了保证用户能够无缝的更新应用到新的版本。
当我们再设计应用的时候, 要考虑这些要点。
签名基本设置
在开始之前,要保证Keytool和Jarsigner 工具都已经就绪,两个工具都在JDK中。通常,通过在PATH 中设置JAVA_HOME的方式以便SDK构建工具能找到。
如果在linux系统上开发,要保证系统用的是JDK的工具, 而不是gcj版本的。
调试模式签名
为了更加方便开发和调试应用,Android 系统构建工具提供调试模式签名. 用调试模式构建应用的时候,SDK工具用Keytool自动创建调试密钥库和 密钥。这个密钥在构建应用的时候自动的签名应用,因此不需要手动的签名应用。
SDK 工具提供预定义的name/password创建keystore/key:
- Keystore name: "debug.keystore"
- Keystore password: "android"
- Key alias: "androiddebugkey"
- Key password: "android"
- CN: "CN=Android Debug,O=Android,C=US"
如果需要改变keystore/key的位置和名字或者用自定义的keystore/key,都是做到的。 任何自定义的调试密钥都需要保证同一个密钥库和密钥。(To do so in Eclipse/ADT, go toWindows>Preferences>Android>Build.)
Caution:应用不能用调试密钥签名去发布.
Eclipse Users
If you are developing in Eclipse/ADT (and have set up Keytool and Jarsigner as described above inBasic Setup for Signing), signing in debug mode is enabled by default. When you run or debug your application, ADT signs the.apkfile with the debug certificate, runszipalignon the package, then installs it on the selected emulator or connected device. No specific action on your part is needed, provided ADT has access to Keytool.
Ant Users
If you are using Ant to build your.apkfile, debug signing mode is enabled by using thedebugoption with theantcommand (assuming that you are using abuild.xmlfile generated by theandroidtool). When you runant debugto compile your app, the build script generates a keystore/key and signs the APK for you. The script then also aligns the APK with thezipaligntool. No other action on your part is needed. ReadBuilding and Running Apps on the Command Linefor more information.
调试证书期满
自签名证书在调试模式的时候签名应用,证书的有效期只有365天。
当证书过期,那么在构建的时候会发生错误。在ant 构建中,错误内容:
debug:[echo]Packaging bin/samples-debug.apk,and signing it with a debug key...[exec]DebugCertificate expired on 8/4/083:43 PM
In Eclipse/ADT, 相似的错误会出现在 Android console.
为了解决这个问题, 简单的方法是删除debug.keystore文件. 文件的地址在~/.android/on OS X and Linux, inC:\Documents and Settings\<user>\.android\on Windows XP, and inC:\Users\<user>\.android\on Windows Vista and Windows 7.
下次构建的时候, 构建工具会自动生成keystore 和 调试密钥。
Note that, if your development machine is using a non-Gregorian locale, the build tools may erroneously generate an already-expired debug certificate, so that you get an error when trying to compile your application. For workaround information, see the troubleshooting topicIcan'tcompile my app because the build tools generated an expired debug certificate.
发布密钥签名应用
发布应用给其他用户的时候,必须:
- 生成一个合适的密钥
- 用发布模式编译应用
- 用私有密钥签名应用
- Align the final APK package(压缩最后的包)
如果是用eclipse ADT开发,可以用导出向导编译,签名,对其应用。这个向导甚至可以帮助我们生成私有的密钥。可以参考Compile and sign with Eclipse ADT.
1. 生成私有密钥
在签名应用之前,保证有一个应用,私有密钥有以下特点:
- 自己拥有
- 能够说明个人,公司,或者机构拥有应用
- 有一个有效周期,这个周期要超过应用的周期。A validity period of more than 25 years is recommended.
If you plan to publish your application(s) on Google Play, note that a validity period ending after 22 October 2033 is a requirement. You can not upload an application if it is signed with a key whose validity expires before that date.
- 必须是android SDK tools 生成的.
The key may be self-signed. If you do not have a suitable key, you must generate one using Keytool. Make sure that you have Keytool available, as described inBasic Setup.
To generate a self-signed key with Keytool, use thekeytoolcommand and pass any of the options listed below (and any others, as needed).
Warning:Keep your private key secure. Before you run Keytool, make sure to readSecuring Your Private Keyfor a discussion of how to keep your key secure and why doing so is critically important to you and to users. In particular, when you are generating your key, you should select strong passwords for both the keystore and key.
Warning:Keep the keystore file you generate with Keytool in a safe, secure place. You must use the same key to sign future versions of your application. If you republish your app with a new key, Google Play will consider it a new app. For more information on settings that must remain constant over the life of your app, see the Android Developer Blog postThings That Cannot Change.
| Keytool Option | Description |
|---|---|
-genkey | Generate a key pair (public and private keys): 生成密钥对(共有的和私有的) |
-v | Enable verbose output.:允许输出 |
-alias <alias_name> | An alias for the key. Only the first 8 characters of the alias are used. :密钥的别名,仅仅前面八个字符会被使用 |
-keyalg <alg> | The encryption algorithm to use when generating the key. Both DSA and RSA are supported. :生成密钥的加密算法。支持:DSA 和 RSA |
-keysize <size> | The size of each generated key (bits). If not supplied, Keytool uses a default key size of 1024 bits. In general, we recommend using a key size of 2048 bits or higher. :生成密钥的大小。如果支持,Keytool 使用默认的大小(1024位)。一般来讲,使用2048位 或者更大 |
-dname <name> | A Distinguished Name that describes who created the key. The value is used as the issuer and subject fields in the self-signed certificate. Note that you do not need to specify this option in the command line. If not supplied, Jarsigner prompts you to enter each of the Distinguished Name fields (CN, OU, and so on). :这个名字说明谁创建了这个密钥。 |
-keypass <password> | The password for the key. As a security precaution, do not include this option in your command line. If not supplied, Keytool prompts you to enter the password. In this way, your password is not stored in your shell history. :密钥的密码 |
-validity <valdays> | The validity period for the key, in days. Note:A value of 10000 or greater is recommended. :密钥的有效期 |
-keystore<keystore-name>.keystore | A name for the keystore containing the private key. :keystore 的名字 |
-storepass <password> | A password for the keystore. As a security precaution, do not include this option in your command line. If not supplied, Keytool prompts you to enter the password. In this way, your password is not stored in your shell history. : keystore的密码 |
Here's an example of a Keytool command that generates a private key:
$ keytool -genkey -v -keystore my-release-key.keystore-alias alias_name -keyalg RSA -keysize 2048-validity 10000
Running the example command above, Keytool prompts you to provide passwords for the keystore and key, and to provide the Distinguished Name fields for your key. It then generates the keystore as a file calledmy-release-key.keystore. The keystore and key are protected by the passwords you entered. The keystore contains a single key, valid for 10000 days. The alias is a name that you — will use later, to refer to this keystore when signing your application.
For more information about Keytool, see the documentation athttp://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
2. Compile the application in release mode
In order to release your application to users, you must compile it in release mode. In release mode, the compiled application is not signed by default and you will need to sign it with your private key.
Caution:You can not release your application unsigned, or signed with the debug key.
With Eclipse
To export anunsignedAPK from Eclipse, right-click the project in the Package Explorer and selectAndroid Tools>Export Unsigned Application Package. Then specify the file location for the unsigned APK. (Alternatively, open yourAndroidManifest.xmlfile in Eclipse, select theManifesttab, and clickExport an unsigned APK.)
Note that you can combine the compiling and signing steps with the Export Wizard. SeeCompiling and signing with Eclipse ADT.
With Ant
If you are using Ant, you can enable release mode by using thereleaseoption with theantcommand. For example, if you are running Ant from the directory containing yourbuild.xmlfile, the command would look like this:
$ ant release By default, the build script compiles the application APK without signing it. The output file in your projectbin/will be<your_project_name>-unsigned.apk. Because the application APK is still unsigned, you must manually sign it with your private key and then align it usingzipalign.
However, the Ant build script can also perform the signing and aligning for you, if you have provided the path to your keystore and the name of your key alias in the project'sant.propertiesfile. With this information provided, the build script will prompt you for your keystore and alias password when you performant release, it will sign the package and then align it. The final output file inbin/will instead be<your_project_name>-release.apk. With these steps automated for you, you're able to skip the manual procedures below (steps 3 and 4). To learn how to specify your keystore and alias in theant.propertiesfile, seeBuilding and Running Apps on the Command Line.
3. Sign your application with your private key
应用签名需要用到Jarsigner工具。确保Jarsigner和密钥都是可用状态。
To sign your application, you run Jarsigner, referencing both the application's APK and the keystore containing the private key with which to sign the APK. The table below shows the options you could use.
| Jarsigner Option | Description |
|---|---|
-keystore<keystore-name>.keystore | The name of the keystore containing your private key. :keystore的名字 |
-verbose | Enable verbose output. :输出详细内容 |
-sigalg | The name of the signature algorithim to use in signing the APK. Use the valueSHA1withRSA.:签名应用的加密算法。值是SHA1withRSA |
-digestalg | The message digest algorithim to use in processing the entries of an APK. Use the valueSHA1. |
-storepass <password> | The password for the keystore. As a security precaution, do not include this option in your command line unless you are working at a secure computer. If not supplied, Jarsigner prompts you to enter the password. In this way, your password is not stored in your shell history.
|
-keypass <password> | The password for the private key. As a security precaution, do not include this option in your command line unless you are working at a secure computer. If not supplied, Jarsigner prompts you to enter the password. In this way, your password is not stored in your shell history. |
Here's how you would use Jarsigner to sign an application package calledmy_application.apk, using the example keystore created above.
$ jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystoremy_application.apk alias_name
Running the example command above, Jarsigner prompts you to provide passwords for the keystore and key. It then modifies the APK in-place, meaning the APK is now signed. Note that you can sign an APK multiple times with different keys.
Caution:As of JDK 7, the default signing algorithim has changed, requiring you to specify the signature and digest algorithims (-sigalgand-digestalg) when you sign an APK.
To verify that your APK is signed, you can use a command like this:
$ jarsigner -verify my_signed.apk
If the APK is signed properly, Jarsigner prints "jar verified". If you want more details, you can try one of these commands:
$ jarsigner -verify -verbose my_application.apk
or
$ jarsigner -verify -verbose -certs my_application.apk
The command above, with the-certsoption added, will show you the "CN=" line that describes who created the key.
Note:If you see "CN=Android Debug", this means the APK was signed with the debug key generated by the Android SDK. If you intend to release your application, you must sign it with your private key instead of the debug key.
For more information about Jarsigner, see the documentation athttp://docs.oracle.com/javase/6/docs/technotes/tools/windows/jarsigner.html
4. Align the final APK package
Once you have signed the APK with your private key, runzipalignon the file. This tool ensures that all uncompressed data starts with a particular byte alignment, relative to the start of the file. Ensuring alignment at 4-byte boundaries provides a performance optimization when installed on a device. When aligned, the Android system is able to read files withmmap(), even if they contain binary data with alignment restrictions, rather than copying all of the data from the package. The benefit is a reduction in the amount of RAM consumed by the running application.
Thezipaligntool is provided with the Android SDK, inside thetools/directory. To align your signed APK, execute:
$ zipalign -v 4your_project_name-unaligned.apk your_project_name.apk
The-vflag turns on verbose output (optional).4is the byte-alignment (don't use anything other than 4). The first file argument is your signed.apkfile (the input) and the second file is the destination.apkfile (the output). If you're overriding an existing APK, add the-fflag.
Caution:Your input APK must be signed with your private keybeforeyou optimize the package withzipalign. If you sign it after usingzipalign, it will undo the alignment.
For more information, read about thezipaligntool.
Compile and sign with Eclipse ADT
If you are using Eclipse with the ADT plugin, you can use the Export Wizard to export asignedAPK (and even create a new keystore, if necessary). The Export Wizard performs all the interaction with the Keytool and Jarsigner for you, which allows you to sign the package using a GUI instead of performing the manual procedures to compile, sign, and align, as discussed above. Once the wizard has compiled and signed your package, it will also perfom package alignment withzipalign. Because the Export Wizard uses both Keytool and Jarsigner, you should ensure that they are accessible on your computer, as described above in theBasic Setup for Signing.
To create a signed and aligned APK in Eclipse:
- Select the project in the Package Explorer and selectFile > Export.
- Open the Android folder, select Export Android Application, and clickNext.
The Export Android Application wizard now starts, which will guide you through the process of signing your application, including steps for selecting the private key with which to sign the APK (or creating a new keystore and private key).
- Complete the Export Wizard and your application will be compiled, signed, aligned, and ready for distribution.
保护私有密钥
维护私有密钥对自己和对用户都是最重要的。如果私有密钥不被好好的保护,那么很有可能会被其他人盗用。
如果第三方在没有经过授权和允许的情况下管理你的密钥,那个人可以很容易的签名并且发布应用,达到替换你的应用和入侵你的应用。应用的数据将不会在安全。
私有的密钥在将来签名包的时候都有用。如果密钥丢失,那么将不能发布更新应用。你不能重新生成和之前一样的密钥。
Your reputation as a developer entity depends on your securing your private key properly, at all times, until the key is expired. Here are some tips for keeping your key secure:
- 选择非常强健的keystore 和 key.
- 用Keytool生成密钥的时候,命令行不需要提供-storepass 和 -keypass 参数。如果提供了,那么密钥将会保存到shell 记录里面,那么其他的用户通过你的计算机可以访问。
- 相似的,当用Jarsigner签名应用的时候,在命令行里面不需要提供 -storepass和-keypass.
- 不要把密钥借给或者给予他人,不要让其他人知道你的keystore和key passwords.
- Keep the keystore file containing your private key that yougenerate with the Keytoolin a safe, secure place.
一般来讲,依照注意事项生成,使用和存储密钥,都可以保证它的安全性。
更多相关文章
- android KEY ---MD5 证书序列号
- Android 签名证书
- Android SSL 过程记录(证书的生成+例子代码)
- 申请Android Map 的API Key(v2)的最新申请方式(SHA1密钥)
- 支持https但不验证证书的HttpClient
- Android数字签名获取证书指纹(SHA1)
- Android Studio 默认debug证书位置在哪里(Mac os)
- Android Studio中获取sha1证书指纹数据的方法
- MAC系统Android Studio默认debug签名证书存储路径