Shulou(Shulou.com)05/31 Report--

This article mainly introduces the Android how to use the digital certificate related knowledge, the content is detailed and easy to understand, the operation is simple and fast, has a certain reference value, I believe you will have a harvest after reading this Android article on how to use the digital certificate, let's take a look at it.

Basic concept

Digital Certificate:

Digital verification is a method of using digital means to confirm the identity of a user. The digital certificate contains two parts of data: one is the information of the corresponding subject (unit or individual), and the other is the public key corresponding to the subject. That is, a digital certificate keeps an one-to-one correspondence between the subject and its public key for self-authentication (to prove one's identity to other users).

Java Digital Certificate tool.

Keytool.exe in Java can be used to create digital certificates. All digital certificates are stored in the certificate store in the form of one (distinguished by aliases). A certificate in the certificate store contains the private key, public key and corresponding digital certificate information of the certificate. A certificate in the certificate store can export a digital certificate file, which only includes the principal information and the corresponding public key.

Each certificate store is made up of a file, which has an access password. When it is created, it automatically generates the certificate store and requires a password to access it.

When creating a certificate, you need to fill in some information about the certificate and the private key password corresponding to the certificate. This information includes CN=xx,OU=xx,O=xx,L=xx,ST=xx,C=xx, which means:

CN (Common Name first name and Last name)

OU (Organization Unit organizational unit name)

O (Organization Organization name)

L (Locality city or region name)

ST (State state or province name)

C (Country country name)

You can use interactive tooltips to enter the above information, or you can use parameters

-dname "CN=xx,OU=xx,O=xx,L=xx,ST=xx,C=xx" is created automatically.

For example, this command:

Keytool-genkey-alias testCA-keyalg RSA-keysize 1024-keystore testCALib-validity 3650

A digital certificate alias testCA is created in the digital certificate library testCALib, which is encrypted using the RSA algorithm and is valid for 3650 days.

After the certificate is generated, we can export the digital certificate as a file using naming.

Keytool-export-alias testCA-file testCA.cer-keystore testALib-rfc

For other uses of keytool, you can consult the help documentation for keytool.

After the digital certificate is generated, we need to use the generated digital certificate to sign the package, this is using the jarsigner tool. For example, if we have an android package calendar.apk., we can use the newly generated testCA to sign the modified package.

Jarsigner-keystore testCALib calendar.apk testCA.

Overview of Android digital certificates:

The Android system requires that every application installed into the system is signed by a digital certificate, and the private key of the digital certificate is saved in the hands of the program developer. Android uses digital certificates to identify the author of an application and to establish a trust relationship between applications, not to determine which applications end users can install. This digital certificate does not require authentication by an authoritative digital certificate signing authority, it is only used to allow the application package to authenticate itself.

The Android digital certificate contains the following key points:

(1) all applications must have digital certificates. The Android system will not install an application without digital certificates.

(2) the digital certificate used by the Android package can be self-signed and does not need to be signed by an authoritative digital certificate authority.

(3) if you want to formally release an Android, you must use a digital certificate generated by an appropriate private key to sign the program, not a debug certificate generated by the adt plug-in or ant tool.

(4) all digital certificates are valid, and Android only checks the validity of the certificate when the application is installed. If the program is already installed on the system, even if the certificate expires, it will not affect the normal function of the program.

(ndroid uses the standard java tool Keytool and Jarsigner to generate digital certificates and sign application packages.

The Android system will not install and run any undigitally signed apk program, either on the simulator or on the actual physical device. Android's development tools (ADT plug-ins and Ant) can help developers sign apk programs, and they both have two modes: debug mode (debug mode) and release mode (release mode).

In debug mode, the development tool of android will use the digital certificate used for debugging to sign the program each time it is compiled, so the developer does not need to care.

When releasing a program, developers need to sign the apk package with their own digital certificate, and there are two ways.

(1) use the and Keytool in JDK (for generating digital certificates) and Jarsigner (for signing with digital certificates) to sign the apk package under the command line

(2) use ADT Export Wizard for signature (if there is no digital certificate, you may need to generate a digital certificate)

Signature Policy:

Multiple programs of the same developer use the same digital certificate as much as possible, which can bring the following benefits.

(1) it is beneficial to upgrade the program. When the digital certificate of the new version of the program is the same as that of the old version, the Android system will think that the two programs are different versions of the same program. If the digital certificates of the new program and the old program are not the same, the Android system thinks that they are different programs and conflicts, and will require the new program to change the package name.

(2) it is beneficial to the modular design and development of the program. The Android system allows programs with the same digital signature to run in the same process, and Android programs treat them as the same program. So developers can develop their own programs in modules, and users only need to download the appropriate modules when needed.

(3) data and code can be shared among multiple programs through permission. Android provides an authorization mechanism based on digital certificates, and applications can share general functions or data with other programs to programs that have the same digital certificates as themselves. If the protectionLevel of a permission is signature, this permission can only be granted to programs that have the same digital certificate as the package in which the permission is located.

Another consideration is the validity period of the Android digital certificate:

(1) the validity period of the digital certificate should include the expected life cycle of the program. Once the digital certificate expires, the program holding the changed digital certificate will not be upgraded normally.

(2) if multiple programs use the same digital certificate, the validity period of the digital certificate should include the expected life cycle of all programs.

(3) Android Market enforces all application digital certificates to be valid beyond October 22nd, 2033.

This is the end of the article on "how to use digital certificates in Android". Thank you for reading! I believe you all have a certain understanding of "how to use digital certificates in Android". If you want to learn more, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.