It is currently Tue 21 Sep 2021 9:53 am

All times are UTC + 7 hours




Post new topic Reply to topic  [ 10 posts ] 
Author Message
 Post subject: Android: How to signed APK
PostPosted: Fri 23 Jul 2021 7:43 pm 
Offline
Site Admin

Joined: Fri 01 May 2009 8:55 pm
Posts: 2299
aapt.exe			https://developer.android.com/studio/releases/build-tools
https://dl.google.com/android/repository/build-tools_r29.0.3-windows.zip

adb.exe https://developer.android.com/studio/releases/platform-tools
AdbWinApi.dll https://dl.google.com/android/repository/platform-tools_r31.0.2-windows.zip
AdbWinUsbApi.dll
fastboot.exe

apktool_2.5.0.jar https://bitbucket.org/iBotPeaches/apktool/downloads/

jarsigner.exe https://docs.oracle.com/javase/9/tools/jarsigner.htm

zipalign.exe https://developer.android.com/studio/command-line/zipalign
libwinpthread-1.dll
apksigner.jar https://developer.android.com/studio/command-line/apksigner

If you use jarsigner, zipalign must only be performed after the APK file has been signed.
If you use apksigner, zipalign must only be performed before the APK file has been signed.

keytool.exe https://docs.oracle.com/javase/9/tools/keytool.htm

openssl.exe http://gnuwin32.sourceforge.net/packages/openssl.htm
openssl.cnf
libcrypto-1_1-x64.dll
libssl-1_1-x64.dll


Top
 Profile  
 
 Post subject: Re: Android: How to signed APK
PostPosted: Fri 23 Jul 2021 7:45 pm 
Offline
Site Admin

Joined: Fri 01 May 2009 8:55 pm
Posts: 2299
=========================================================================================================================
There are two types of the private key and certificate files.
=========================================================================================================================

(1) Combine - Oracle Keystore (*.keystore, *.jks)
(2) Split - Private key (*.pk8, *.pem) and Certificate (*.x509.pem)


=========================================================================================================================
Create myKey.keystore by keytool (Need alias and password)
=========================================================================================================================

"C:\Program Files\Java\jre1.8.0_301\bin\keytool.exe" -genkeypair -v -alias myKey -storepass 123456 -keypass 123456 -keystore myKey.keystore -keyalg RSA -keysize 2048 -validity 9999 -dname "EMAILADDRESS=android@android.com, CN=Android, OU=Android, O=Android, L=Mountain View, ST=California, C=US"


=========================================================================================================================
Create myKey.pk8 and myKey.x509.pem by openssl 1.x.x
=========================================================================================================================

(1) openssl genrsa -out myKey.pem 2048
-or-
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out myKey.pem

(2) openssl req -new -key myKey.pem -out myKey.req.pem -subj "/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com" -config openssl.cnf

(3) openssl x509 -req -days 9999 -in myKey.req.pem -signkey myKey.pem -out myKey.x509.pem

(4) openssl pkcs8 -topk8 -nocrypt -inform PEM -outform DER -in myKey.pem -out myKey.pk8

-or-

(1) openssl req -x509 -days 9999 -newkey rsa:2048 -nodes -keyout myKey.pem -out myKey.x509.pem -subj "/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com" -config openssl.cnf

(2) openssl pkcs8 -topk8 -nocrypt -inform PEM -outform DER -in myKey.pem -out myKey.pk8


Top
 Profile  
 
 Post subject: Re: Android: How to signed APK
PostPosted: Fri 23 Jul 2021 7:55 pm 
Offline
Site Admin

Joined: Fri 01 May 2009 8:55 pm
Posts: 2299
=============================================================================================================
Sign APK
=============================================================================================================

(1) java -jar jarsigner.jar -keystore myKey.keystore -storepass 123456 -signedjar gg.Signed.apk gg.apk myKey

(2) zipalign.exe -f -p 4 gg.Signed.apk gg.Align.apk

-or-

(1) zipalign.exe -f -p 4 gg.apk gg.Align.apk

(2) java -jar apksigner.jar sign --key myKey.pk8 --cert myKey.x509.pem --out gg.Signed.apk gg.Align.apk
-or-
java -jar apksigner.jar sign --ks myKey.keystore --ks-pass pass:123456 --out gg.Signed.apk gg.Align.apk


Top
 Profile  
 
 Post subject: Re: Android: How to signed APK
PostPosted: Fri 23 Jul 2021 7:58 pm 
Offline
Site Admin

Joined: Fri 01 May 2009 8:55 pm
Posts: 2299
=========================================================================================================================
Verify/View APK
=========================================================================================================================

"C:\Program Files\Java\jre1.8.0_301\bin\keytool.exe" -printcert -jarfile gg.Signed.apk

-or-

java -jar jarsigner.jar -verify -verbose -certs gg.Signed.apk

-or-

java -jar apksigner.jar verify -v --print-certs gg.Signed.apk


Top
 Profile  
 
 Post subject: Re: Android: How to signed APK
PostPosted: Fri 23 Jul 2021 8:02 pm 
Offline
Site Admin

Joined: Fri 01 May 2009 8:55 pm
Posts: 2299
Self Signed Certificate always Blocked by Play Protect

Play Protect doesn't recognise this app's developer.
We have to submit an app to Google Play Console to recognize the fingerprint.

blocked.png


Top
 Profile  
 
 Post subject: Re: Android: How to signed APK
PostPosted: Fri 23 Jul 2021 9:15 pm 
Offline
Site Admin

Joined: Fri 01 May 2009 8:55 pm
Posts: 2299
-dname "CN=Android Debug, OU=Android, O=US, L=US, ST=US, C=US"
-subj "/C=US/ST=US/L=US/O=US/OU=Android/CN=Android Debug"

-dname "EMAILADDRESS=android@android.com, CN=Android, OU=Android, O=Android, L=Mountain View, ST=California, C=US"
-subj "/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com"


Top
 Profile  
 
 Post subject: Re: Android: How to signed APK
PostPosted: Sun 25 Jul 2021 1:00 am 
Offline
Site Admin

Joined: Fri 01 May 2009 8:55 pm
Posts: 2299
=============================================================================================================
Certificates and private keys
=============================================================================================================

Each key comes in two files:
the certificate, which has the extension .x509.pem, and the private key, which has the extension .pk8.

The private key should be kept secret and is needed to sign a package. The key may itself be protected by a password.
The certificate, in contrast, contains only the public half of the key, so it can be distributed widely.
It is used to verify a package has been signed by the corresponding private key.


=============================================================================================================
The standard Android build uses five keys, all of which reside in build/target/product/security:
=============================================================================================================

testkey : Generic default key for packages that do not otherwise specify a key.
platform : Test key for packages that are part of the core platform.
shared : Test key for things that are shared in the home/contacts process.
media : Test key for packages that are part of the media/download system.
networkstack : Test key for packages that are part of the networking system.
The networkstack key is used to sign binaries designed as Modular System Components.
If your module updates are built separately and integrated as prebuilts in your device image,
you may not need to generate a networkstack key in the Android source tree.

"C:\Program Files\Java\jre1.8.0_301\bin\keytool.exe" -printcert -file testkey.x509.pem
"C:\Program Files\Java\jre1.8.0_301\bin\keytool.exe" -printcert -file platform.x509.pem
"C:\Program Files\Java\jre1.8.0_301\bin\keytool.exe" -printcert -file shared.x509.pem
"C:\Program Files\Java\jre1.8.0_301\bin\keytool.exe" -printcert -file media.x509.pem
"C:\Program Files\Java\jre1.8.0_301\bin\keytool.exe" -printcert -file networkstack.x509.pem
"C:\Program Files\Java\jre1.8.0_301\bin\keytool.exe" -printcert -file verity.x509.pem
"C:\Program Files\Java\jre1.8.0_301\bin\keytool.exe" -printcert -file cts_uicc_2021.x509.pem

https://source.android.com/devices/tech/ota/sign_builds
https://android.googlesource.com/platform/build/+/refs/heads/master/target/product/security/
https://github.com/aosp-mirror/platform_build/tree/master/target/product/security


Top
 Profile  
 
 Post subject: Re: Android: How to signed APK
PostPosted: Sun 25 Jul 2021 2:33 pm 
Offline
Site Admin

Joined: Fri 01 May 2009 8:55 pm
Posts: 2299
Alias     : androiddebugkey
StorePass : android
KeyPass : android


=============================================================================================================
Convert testkey.pk8 and testkey.x509.pem to testkey.keystore
=============================================================================================================

openssl.exe pkcs8 -nocrypt -inform DER -outform PEM -in testkey.pk8 -out testkey.pem
openssl.exe pkcs12 -export -name androiddebugkey -password pass:android -inkey testkey.pem -in testkey.x509.pem -out testkey.keystore.p12

"C:\Program Files\Java\jre1.8.0_301\bin\keytool.exe" -importkeystore -srckeystore testkey.keystore.p12 -destkeystore testkey.keystore -srcstoretype PKCS12 -deststoretype JKS -srcstorepass android


=============================================================================================================
Convert testkey.keystore to testkey.pk8 and testkey.x509.pem
=============================================================================================================

"C:\Program Files\Java\jre1.8.0_301\bin\keytool.exe" -importkeystore -srckeystore testkey.keystore -destkeystore testkey.keystore.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass android

openssl.exe pkcs12 -nokeys -in testkey.keystore.p12 -out testkey.x509.pem
openssl.exe pkcs12 -nocerts -nodes -in testkey.keystore.p12 -out testkey.pem
openssl.exe pkcs8 -topk8 -nocrypt -inform PEM -outform DER -in testkey.pem -out testkey.pk8


=============================================================================================================
testkey.pk8 and testkey.x509.pem
=============================================================================================================

Verified using v1 scheme (JAR signing): true
Verified using v2 scheme (APK Signature Scheme v2): true
Verified using v3 scheme (APK Signature Scheme v3): false
Number of signers: 1
Signer #1 certificate DN: EMAILADDRESS=android@android.com, CN=Android, OU=Android, O=Android, L=Mountain View, ST=California, C=US
Signer #1 certificate SHA-256 digest: a40da80a59d170caa950cf15c18c454d47a39b26989d8b640ecd745ba71bf5dc
Signer #1 certificate SHA-1 digest: 61ed377e85d386a8dfee6b864bd85b0bfaa5af81
Signer #1 certificate MD5 digest: e89b158e4bcf988ebd09eb83f5378e87
Signer #1 key algorithm: RSA
Signer #1 key size (bits): 2048
Signer #1 public key SHA-256 digest: ef57b690165cb561b5026922c00d2d6574e8b184fa7d161e076f06e06e6d35db
Signer #1 public key SHA-1 digest: 0c2440c055c753a8f0493b4e602d3ea0096b1023
Signer #1 public key MD5 digest: 452f8cfe026b30a8a3e99a6074e5f285


Attachments:
Key-ASOP.zip [19.06 KiB, 36 times]
Top
 Profile  
 
 Post subject: Re: Android: How to signed APK
PostPosted: Sun 25 Jul 2021 11:07 pm 
Offline
Site Admin

Joined: Fri 01 May 2009 8:55 pm
Posts: 2299
Alias     : lorenz
StorePass : 123456
KeyPass : 123456


=============================================================================================================
Convert lorenz.pk8 and lorenz.x509.pem to lorenz.keystore
=============================================================================================================

openssl.exe pkcs8 -nocrypt -inform DER -outform PEM -in lorenz.pk8 -out lorenz.pem
openssl.exe pkcs12 -export -name lorenz -password pass:123456 -inkey lorenz.pem -in lorenz.x509.pem -out lorenz.keystore.p12

"C:\Program Files\Java\jre1.8.0_301\bin\keytool.exe" -importkeystore -srckeystore lorenz.keystore.p12 -destkeystore lorenz.keystore -srcstoretype PKCS12 -deststoretype JKS -srcstorepass 123456


=============================================================================================================
Convert lorenz.keystore to lorenz.pk8 and lorenz.x509.pem
=============================================================================================================

"C:\Program Files\Java\jre1.8.0_301\bin\keytool.exe" -importkeystore -srckeystore lorenz.keystore -destkeystore lorenz.keystore.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass 123456

openssl.exe pkcs12 -nokeys -in lorenz.keystore.p12 -out lorenz.x509.pem
openssl.exe pkcs12 -nocerts -nodes -in lorenz.keystore.p12 -out lorenz.pem
openssl.exe pkcs8 -topk8 -nocrypt -inform PEM -outform DER -in lorenz.pem -out lorenz.pk8


=============================================================================================================
lorenz.pk8 and lorenz.x509.pem
=============================================================================================================

Verified using v1 scheme (JAR signing): true
Verified using v2 scheme (APK Signature Scheme v2): true
Verified using v3 scheme (APK Signature Scheme v3): true
Number of signers: 1
Signer #1 certificate DN: EMAILADDRESS=lorenz@londatiga.net, CN=Lorensius W. L. T, OU=AndroidDev, O=Londatiga, L=Bandung, ST=Jawa Barat, C=ID
Signer #1 certificate SHA-256 digest: 518ac8bdaf0c767deb31bae1eba826adbef793a68f22784cf3e19c67ba87ecb9
Signer #1 certificate SHA-1 digest: ece521e38c5e9cbea53503eaef1a6ddd204583fa
Signer #1 certificate MD5 digest: eea6f6f40858b8215c48b0465fe479b8
Signer #1 key algorithm: RSA
Signer #1 key size (bits): 1024
Signer #1 public key SHA-256 digest: d8dc2ef9b37fcb543b07678a2d64d3a1dc5122642ee824a61dfbed0bf86d25c4
Signer #1 public key SHA-1 digest: 74bd7b456d9e651fc84446f65041bef1207c408d
Signer #1 public key MD5 digest: 58d291bc49e568eb8fc84dabaf508d08


Attachments:
Key-Lorenz.zip [2.57 KiB, 34 times]
Top
 Profile  
 
 Post subject: Re: Android: How to signed APK
PostPosted: Sun 25 Jul 2021 11:08 pm 
Offline
Site Admin

Joined: Fri 01 May 2009 8:55 pm
Posts: 2299
Alias     : androiddebugkey
StorePass : android
KeyPass : android


=============================================================================================================
Convert debug.pk8 and debug.x509.pem to debug.keystore
=============================================================================================================

openssl.exe pkcs8 -nocrypt -inform DER -outform PEM -in debug.pk8 -out debug.pem
openssl.exe pkcs12 -export -name androiddebugkey -password pass:android -inkey debug.pem -in debug.x509.pem -out debug.keystore.p12

"C:\Program Files\Java\jre1.8.0_301\bin\keytool.exe" -importkeystore -srckeystore debug.keystore.p12 -destkeystore debug.keystore -srcstoretype PKCS12 -deststoretype JKS -srcstorepass android


=============================================================================================================
Convert debug.keystore to debug.pk8 and debug.x509.pem
=============================================================================================================

"C:\Program Files\Java\jre1.8.0_301\bin\keytool.exe" -importkeystore -srckeystore debug.keystore -destkeystore debug.keystore.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass android

openssl.exe pkcs12 -nokeys -in debug.keystore.p12 -out debug.x509.pem
openssl.exe pkcs12 -nocerts -nodes -in debug.keystore.p12 -out debug.pem
openssl.exe pkcs8 -topk8 -nocrypt -inform PEM -outform DER -in debug.pem -out debug.pk8


=============================================================================================================
debug.pk8 and debug.x509.pem from Eclipse or Android Studio (debug.keystore)
=============================================================================================================

Verified using v1 scheme (JAR signing): true
Verified using v2 scheme (APK Signature Scheme v2): true
Verified using v3 scheme (APK Signature Scheme v3): true
Number of signers: 1
Signer #1 certificate DN: CN=Android Debug, OU=Android, O=US, L=US, ST=US, C=US
Signer #1 certificate SHA-256 digest: 1e08a903aef9c3a721510b64ec764d01d3d094eb954161b62544ea8f187b5953
Signer #1 certificate SHA-1 digest: 5d08264b44e0e53fbccc70b4f016474cc6c5ab5c
Signer #1 certificate MD5 digest: ffd6314a83f267ac4f9407fd2e5a0480
Signer #1 key algorithm: RSA
Signer #1 key size (bits): 2048
Signer #1 public key SHA-256 digest: 353a102774907fe76fdc2387261a21cb48d181a864ef125b74816facf0a177df
Signer #1 public key SHA-1 digest: 67c2a2aece338209c9ee20735fff4252d2c9489b
Signer #1 public key MD5 digest: 2624523a16ecb1bc43b4155e363c4050


Attachments:
Key-Debug.zip [5.45 KiB, 36 times]
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 10 posts ] 

All times are UTC + 7 hours


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron