技术小黑屋

Android签名相关知识整理

不止一次有用到Android签名相关的知识,每次都几乎从零开始在Google上搜索找,不想在继续这样了,找了个时间好好整理了一下自己用到的一些碎片知识,于是乎放到这里,一是备忘,二是帮助别人。

从APK文件中获取签名信息

使用方法

1
keytool -list -printcert -jarfile your_apk_file

输出信息

  • 签名Owner,Issuer等信息
  • 签名的fingerprints,如md5及sha1等值
  • 签名有效期等信息

示例效果

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16:29 $ keytool -list -printcert -jarfile akoi_1.2.apk
Signer #1:

Signature:

Owner: CN=Andrew Wallace, OU=droidyue.com, O=droidyue.com, L=Beijing, ST=Beijing, C=86
Issuer: CN=Andrew Wallace, OU=droidyue.com, O=droidyue.com, L=Beijing, ST=Beijing, C=86
Serial number: 11a8a4a3
Valid from: Tue Feb 10 18:07:43 CST 2015 until: Sun Jun 13 18:07:43 CST 3013
Certificate fingerprints:
   MD5:  46:C5:BE:EF:B5:C9:00:E1:FA:42:50:50:57:54:CA:15
   SHA1: C1:14:5D:0A:C2:BF:F6:06:43:20:AE:2C:07:12:97:58:C2:1B:39:D1
   SHA256: 0E:88:7D:C2:4C:D6:84:A7:58:D4:24:1E:9D:38:F9:05:98:1E:B2:A2:D7:CB:0F:81:74:60:5B:38:89:FF:21:1C
   Signature algorithm name: SHA256withRSA
   Version: 3

从签名文件中获取签名信息

使用方法

1
keytool -list -v -keystore your_kestore_file

注意,上述命令执行后,会提示输入密码,其实输入错误也没有关系,不影响结果。

输出信息

  • 签名Owner,Issuer等信息
  • 签名的fingerprints,如md5及sha1等值
  • 签名有效期等信息

示例效果

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: droidyue.com
Creation date: Feb 10, 2015
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Andrew Wallace, OU=droidyue.com, O=droidyue.com, L=Beijing, ST=Beijing, C=86
Issuer: CN=Andrew Wallace, OU=droidyue.com, O=droidyue.com, L=Beijing, ST=Beijing, C=86
Serial number: 11a8a4a3
Valid from: Tue Feb 10 18:07:43 CST 2015 until: Sun Jun 13 18:07:43 CST 3013
Certificate fingerprints:
   MD5:  46:C5:BE:EF:B5:C9:00:E1:FA:42:50:50:57:54:CA:15
   SHA1: C1:14:5D:0A:C2:BF:F6:06:43:20:AE:2C:07:12:97:58:C2:1B:39:D1
   SHA256: 0E:88:7D:C2:4C:D6:84:A7:58:D4:24:1E:9D:38:F9:05:98:1E:B2:A2:D7:CB:0F:81:74:60:5B:38:89:FF:21:1C
   Signature algorithm name: SHA256withRSA
   Version: 3

重新签名APK

在没有源码情况下,我们就能对apk进行更换签名。

脚本

使用方法

1
bash signapk.sh your_apk_file your_keystore_file keystore_pass keystore_alias

示例效果

1
2
3
4
5
6
7
8
9
10
11
12
13
16:57 $ bash signapk.sh weixin6313android740.apk ~/Documents/baidu_disk/百度云同步盘/droidapp/mykiki 123456 droidyue.com
param1 weixin6313android740.apk
param2 /Users/androidyue/Documents/droidapp/mykiki
param3 123456
param4 droidyue.com
deleting: META-INF/MANIFEST.MF
deleting: META-INF/DROIDYUE.SF
deleting: META-INF/DROIDYUE.RSA
   adding: META-INF/MANIFEST.MF
   adding: META-INF/DROIDYUE.SF
   adding: META-INF/DROIDYUE.RSA
......
Verification succesful

生成的文件会放在当前目录,其文件名相对输入文件,增加了signed_前缀,比如对weixin6313android740.apk进行上述操作得到的输出文件是signed_weixin6313android740.apk

Gradle build生成签名APK

想要在执行gradle build时生成指定签名的apk,需要在build.gradle中如下修改

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
android {

    signingConfigs {
        release {
            storeFile file("myrelease.keystore")
            storePassword "********"
            keyAlias "******"
            keyPassword "******"
        }
    }
    buildTypes {
        release {
            signingConfig signingConfigs.release
        }
    }
}

知乎 Live 推荐

我将要在知乎上进行我的第二场 Live,题为《我学安卓的那些套路》,来分享我学习安卓的经验与心得。覆盖的内容如下:

  • Android 需要打好哪些编程基础?
  • 除了编程基础,我们还需要补充哪些能力?
  • 作为 Android 程序员,如何把握好技术的宽度和深度?
  • Android 每块知识学到什么程度,怎么做到?
  • 如何从日常的工作中获取最大的收益?
  • Android 那么多库,我该选择哪些,怎么学,学到什么程度?
  • 对于初学者或大学生的建议有哪些?

如果你想听一听我的经验或者有疑惑,欢迎参与。

参与地址:https://www.zhihu.com/lives/802899577341620224