用shell脚本生成.x509.pem 和.pk8 文件并签名
16lz
2021-01-25
用shell脚本生成.x509.pem 和.pk8 文件并signed apk。
文章末有完整脚本
-----生成keystore 的文件
keytool -genkey -v -keystore ${KEY_STORE_PATH} -alias ${ALIASES} -storepass ${PASS} -keypass ${PASS} -keyalg RSA -validity 20000 -dname "CN='Android', OU='xxx-shanghai', O='xxx', L='Mountain View', ST='California', C='US'"
-keystore 生成文件的路径 -alias 文件别名 -storepass -keypass 密码 -keyalg 加密方式 -validity 有效时间 -dname 把需要的国家 地址 公司名等信息 一次写入
使用 java sdk 的keytool 生成keystore 文件。
-----把keystore文件转换为pkcs12格式
keytool -importkeystore -srckeystore ${KEY_STORE_PATH} -destkeystore ${DEST_KEY_STORE_PATH} -srcstoretype JKS -deststoretype PKCS12 -deststorepass ${PASS} -srcstorepass ${PASS} -destkeypass ${PASS}
-srckeystore keystore文件路径 -destkeystore 生成的pkc12文件路径
-----把pkcs12 转成pem,方便可以通过文本方式查看
openssl pkcs12 -in ${DEST_KEY_STORE_PATH} -nodes -out ${DEST_TMP_RSA_PATH} -password pass:${PASS}
-in pkcs12 路径, -out 生成的pem 路径 password pass: 密码
-----截取pem文件生成.X509.pem .rsa.pem文件
# 1.获取 pkcs12.rsa.pem 文件 PRIVATE KEY 起始行数# 因为不同环境生成的私钥头不同(BEGIN RSA PRIVATE KEY,BEGIN PRIVATE KEY ) 所以这里加个判断private_key_begin=`grep "BEGIN RSA PRIVATE KEY" ${DEST_TMP_RSA_PATH} -n`if [ $? -ne 0 ]; then private_key_begin=`grep "BEGIN PRIVATE KEY" ${DEST_TMP_RSA_PATH} -n` private_key_end=`grep "END PRIVATE KEY" ${DEST_TMP_RSA_PATH} -n`else private_key_end=`grep "END RSA PRIVATE KEY" ${DEST_TMP_RSA_PATH} -n`fi# 2.截取pkcs12.rsa.pem 文件 并生成PRIVATE.rsa.pem文件sed -n ${private_key_begin%%:*},${private_key_end%%:*}p ${DEST_TMP_RSA_PATH} >> ${PRIVATE_RSA}# 1.获取 pkcs12.rsa.pem 文件 CERTIFICATE KEY 起始行数cert_509_begin=`grep "BEGIN CERTIFICATE" ${DEST_TMP_RSA_PATH} -n`cert_509_end=`grep "END CERTIFICATE" ${DEST_TMP_RSA_PATH} -n`# 2. 截取pkcs12.rsa.pem 文件 并生成CERT_X509.X509.pem文件sed -n ${cert_509_begin%%:*},${cert_509_end%%:*}p ${DEST_TMP_RSA_PATH} >> ${CERT_X509}
-----私钥转pk8格式
openssl pkcs8 -topk8 -outform DER -in ${PRIVATE_RSA} -inform PEM -out ${PK8_PATH} -nocrypt
-----signed apk
java -jar ${SIGNED_JAR} ${CERT_X509} ${PK8_PATH} ${APK} ${SIGNED_APK}
所需参数 signed.jar x509.pem pk8.rsa.pem apk signed_apk 路径
-----删除不需要的文件
rm $KEY_STORE_PATH $DEST_KEY_STORE_PATH $DEST_TMP_RSA_PATH $PRIVATE_RSA
完整脚本
#!/bin/shKEY_STORE_PATH="$4"/app_"$1".keystoreDEST_KEY_STORE_PATH="$4"/tmp_"$1".p12DEST_TMP_RSA_PATH="$4"/tmp_"$1".rsa.pemPRIVATE_RSA="$4"/private_"$1".rsa.pemCERT_X509="$4"/cert_"$1".x509.pemPK8_PATH="$4"/private_"$1".pk8ALIASES="$1"PASS=xxx"$1"APK="$4"/"$2"SIGNED_APK="$4"/"$3"SIGNED_JAR="$4"/signapk.jarif [ $# != 4 ] ; then echo "$0 Need to be: uuid, apk, sigend_apk , path(signapk.jar to be in the path, The signed files generated will also be in this path)" exit 1;fikeytool -genkey -v -keystore ${KEY_STORE_PATH} -alias ${ALIASES} -storepass ${PASS} -keypass ${PASS} -keyalg RSA -validity 20000 -dname "CN='Android', OU='xxx-shanghai', O='xxx', L='Mountain View', ST='California', C='US'"keytool -importkeystore -srckeystore ${KEY_STORE_PATH} -destkeystore ${DEST_KEY_STORE_PATH} -srcstoretype JKS -deststoretype PKCS12 -deststorepass ${PASS} -srcstorepass ${PASS} -destkeypass ${PASS}openssl pkcs12 -in ${DEST_KEY_STORE_PATH} -nodes -out ${DEST_TMP_RSA_PATH} -password pass:${PASS}private_key_begin=`grep "BEGIN RSA PRIVATE KEY" ${DEST_TMP_RSA_PATH} -n`if [ $? -ne 0 ]; then private_key_begin=`grep "BEGIN PRIVATE KEY" ${DEST_TMP_RSA_PATH} -n` private_key_end=`grep "END PRIVATE KEY" ${DEST_TMP_RSA_PATH} -n`else private_key_end=`grep "END RSA PRIVATE KEY" ${DEST_TMP_RSA_PATH} -n`fised -n ${private_key_begin%%:*},${private_key_end%%:*}p ${DEST_TMP_RSA_PATH} >> ${PRIVATE_RSA}cert_509_begin=`grep "BEGIN CERTIFICATE" ${DEST_TMP_RSA_PATH} -n`cert_509_end=`grep "END CERTIFICATE" ${DEST_TMP_RSA_PATH} -n`sed -n ${cert_509_begin%%:*},${cert_509_end%%:*}p ${DEST_TMP_RSA_PATH} >> ${CERT_X509}openssl pkcs8 -topk8 -outform DER -in ${PRIVATE_RSA} -inform PEM -out ${PK8_PATH} -nocryptjava -jar ${SIGNED_JAR} ${CERT_X509} ${PK8_PATH} ${APK} ${SIGNED_APK}if [ ! -f $SIGNED_APK ]; then echo "Failed to sign apk" exit 1;firm $KEY_STORE_PATH $DEST_KEY_STORE_PATH $DEST_TMP_RSA_PATH $PRIVATE_RSA
更多相关文章
- 一款常用的 Squid 日志分析工具
- GitHub 标星 8K+!一款开源替代 ls 的工具你值得拥有!
- RHEL 6 下 DHCP+TFTP+FTP+PXE+Kickstart 实现无人值守安装
- Linux 环境下实战 Rsync 备份工具及配置 rsync+inotify 实时同步
- android:m/mm/mmm
- SettingActivity学习笔记
- android 生成xml文件
- android 镜像制作方法
- Android(安卓)下载Zip文件,并解压到本地,进行本地调用