Shulou(Shulou.com)06/02 Report--

This article mainly introduces the example analysis of Android signature, which has a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, let the editor take you to understand it.

In an Android system, all applications installed to the system must have a digital certificate, which is used to identify the author of the application and to establish a trust relationship between the application. If the protectionLevel of a permission is signature, then only those applications that have the same digital certificate as the program in which the permission is located can obtain this permission. Android uses Java's digital certificate related mechanism to cover apk with digital certificate. To understand android's digital certificate, you need to understand the following concept of digital certificate and java's digital certificate mechanism. The Android system requires that every application installed into the system is signed by a digital certificate, and the private key of the digital certificate is kept in the hands of the program developer. Android uses digital certificates to identify the author of the application and to establish a trust relationship between the application, not to determine which applications the end user can install. This digital certificate does not require authentication by an authoritative digital certificate signing authority, it is only used to allow the application package to authenticate itself.

One: multiple programs of the same developer use the same digital certificate as much as possible, which can bring the following benefits.

(1) it is beneficial to upgrade the program. When the digital certificate of the new version of the program is the same as that of the old version, the Android system will think that the two programs are different versions of the same program. If the digital certificates of the new program and the old program are not the same, the Android system thinks that they are different programs and conflicts, and will require the new program to change the package name.

(2) it is beneficial to the modular design and development of the program. The Android system allows programs with the same digital signature to run in the same process, and Android programs treat them as the same program. So developers can develop their own programs in modules, and users only need to download the appropriate modules when needed.

(3) data and code can be shared among multiple programs through permission. Android provides an authorization mechanism based on digital certificates, and applications can share general functions or data with other programs to programs that have the same digital certificates as themselves. If the protectionLevel of a permission is signature, this permission can only be granted to programs that have the same digital certificate as the package in which the permission is located.

When signing, you need to consider the validity of the digital certificate:

(1) the validity period of the digital certificate should include the expected life cycle of the program. Once the digital certificate expires, the program holding the changed digital certificate will not be upgraded normally.

(2) if multiple programs use the same digital certificate, the validity period of the digital certificate should include the expected life cycle of all programs.

(3) Android Market enforces all application digital certificates to be valid beyond October 22nd, 2033.

Second, the Android digital certificate contains the following points:

(1) all applications must have digital certificates. The Android system will not install an application without digital certificates.

(2) the digital certificate used by the Android package can be self-signed and does not need to be signed by an authoritative digital certificate authority.

(3) if you want to formally release an Android, you must use a digital certificate generated by an appropriate private key to sign the program, not a debug certificate generated by the adt plug-in or ant tool.

(4) all digital certificates are valid, and Android only checks the validity of the certificate when the application is installed. If the program is already installed on the system, even if the certificate expires, it will not affect the normal function of the program.

(ndroid uses the standard java tool Keytool and Jarsigner to generate digital certificates and sign application packages.

(6) use zipalign optimization program.

The Android system will not install and run any undigitally signed apk program, either on the simulator or on the actual physical device. Android's development tools (ADT plug-ins and Ant) can help developers sign apk programs, and they both have two modes: debug mode (debug mode) and release mode (release mode).

In debug mode, the development tool of android will use the digital certificate used for debugging to sign the program each time it is compiled, so the developer does not need to care.

When releasing a program, developers need to sign the apk package with their own digital certificate, and there are two ways.

(1) use the and Keytool in JDK (for generating digital certificates) and Jarsigner (for signing with digital certificates) to sign the apk package at the command line.

(2) use ADT Export Wizard for signing (if you do not have a digital certificate, you may need to generate a digital certificate).

Three; two signature methods

* signature method, which uses Keytool and Jarsigner to sign the program (for version 1.5 and below)

Command: keytool-genkey-v-keystore android.keystore-alias android-keyalg RSA-validity 20000

In this command,-keystore ophone.keystore represents the generated certificate and can be added with a path (default is under the user's home directory);-alias ophone indicates that the alias of the certificate is the RSA algorithm used by ophone;-keyalg RSA; and-validity 20000 indicates that the certificate is valid for 20000 days.

At this point, we will see ophone.keystore, the certificate we just created, under the interoperability home directory.

The second signature method: now introduce android 1.5 and newer apk signature method

1. Open Eclipse- > Select the item you want to sign-> right-click-> android tools- > Export signed Application package...

2, jump out of the window

3Perfect project checks if there is no problem in checking the project name, click Next

Then jump out of keystore selection if it is a file that already exists keystore, select and then next enter the password of keystore to sign.

If not, select create new keystore, then select the location where keystore is saved, set the password for keystore, and click Next.

4. Fill in the basic information of keystore, such as alias, password, validity period, name, organization, organization name, city, province, country, etc., and click Next

5. Select the location where the signed APK is saved. Click finish.

6. You can find the corresponding signed APK file in your saved location.

Thank you for reading this article carefully. I hope the article "sample Analysis of Android signatures" shared by the editor will be helpful to you. At the same time, I also hope you will support us and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.