java 使用在 source/build/target/product/security/ 中找到的密钥将 apk 签名为系统
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/14035426/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Signing an apk as system using keys found in source/build/target/product/security/
提问by cnexus
Well as the title states, I am trying to sign my app using the platform.x509.pem and platform.pk8. The problem is that I get errors when using keytool-importkeypairs to add these like this:
正如标题所述,我正在尝试使用 platform.x509.pem 和 platform.pk8 对我的应用程序进行签名。问题是我在使用 keytool-importkeypairs 添加这些时出错:
keytool-importkeypair -k ~/.android/debug.keystore -p android -pk8 platform.pk8 -cert platform.x509.pem -alias platform
And I also get an error when trying to directly sign the APK using SignApk.jar like this:
当我尝试使用 SignApk.jar 直接签署 APK 时,我也会遇到错误,如下所示:
java -jar SignApk.jar platform.x509.pem platform.pk8 test-app.apk test-app-signed.apk
Keytool-importkeypairs error:
Keytool-importkeypairs 错误:
Error decrypting key
3074042056:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1319:
3074042056:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=PKCS8_PRIV_KEY_INFO
unable to load private key
3074091208:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:696:Expecting: ANY PRIVATE KEY
Importing "platform" with unable to load certificate
3073755336:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:696:Expecting: TRUSTED CERTIFICATE
keytool error: java.lang.Exception: Source keystore file exists, but is empty: /tmp/keytool-importkeypair.vDOP/p12
Sources Used: Apk with system privileges, How to sign Android app with system signature? (SO), and How to update the android dev phone 2 from 1.6 to 2.1
Neither of the methods described in the links above work now, as you can see.
Thanks in advance.
使用的来源:具有系统权限的 Apk,如何使用系统签名对 Android 应用程序进行签名?(SO)以及如何将 android dev phone 2 从 1.6 更新到 2.1
如您所见,上述链接中描述的方法现在都不起作用。提前致谢。
回答by Nikolay Elenkov
Check the format of the files first (with cat, etc.), the error suggests they are not in the expected format (ASN.1/PEM).
首先检查文件的格式(使用cat等),错误表明它们不是预期的格式 (ASN.1/PEM)。
More importantly, using those keys rarely makes any sense. Those are just samplekeys, and any self-respecting custom ROM will use its own privatekeys. Otherwise just about anyone can sign their APK with the publickeys in AOSP and get whatever privilege they want. Which is, needless to say, a very bad thing. If you need to develop an app that uses system privileges and want it to work on all (or most) rooted phones and custom ROMs, the right way to do it is to request root access with suand execute whatever you need to do in a root shell. If the user grants you the permission, of course.
更重要的是,使用这些键几乎没有任何意义。这些只是示例密钥,任何有自尊的自定义 ROM 都将使用自己的私钥。否则,几乎任何人都可以使用AOSP 中的公钥签署他们的 APK,并获得他们想要的任何特权。不用说,这是一件非常糟糕的事情。如果您需要开发一个使用系统权限的应用程序并希望它在所有(或大多数)root 手机和自定义 ROM 上运行,正确的方法是请求 root 访问su并执行您需要在 root 中执行的任何操作壳。当然,如果用户授予您权限。
EDIT:
编辑:
To debug the import error, run this step by step. It does work with the default AOSP keys.
要调试导入错误,请逐步运行此步骤。它确实适用于默认的 AOSP 密钥。
$ openssl pkcs8 -inform DER -nocrypt -in platform.pk8 -out platform.pem
$ openssl pkcs12 -export -in platform.x509.pem -inkey platform.pem -out platform.p12 -password pass:android -name platform
$ keytool -importkeystore -deststorepass android -destkeystore test.keystore -srckeystore platform.p12 -srcstoretype PKCS12 -srcstorepass android
$ keytool -list -v -keystore test.keystore
What it does:
它能做什么:
- Converts the PKCS#8 format binary key to PEM (
openssl pkcs8) - Creates a PKCS#12 file that includes both the private key and certificate (
openssl pkcs12) - Since Java's
keytoolcan read PKCS#12 files as keystore, it imports your PKCS#12 file to effectively convert it to the native format (BKS or JKS) (keytool -importkeystore) - (bonus) Uses
keytoolto list the contents in order to make sure everything worked. (keytool -list)
- 将 PKCS#8 格式的二进制密钥转换为 PEM (
openssl pkcs8) - 创建包含私钥和证书 (
openssl pkcs12)的 PKCS#12 文件 - 由于 Java
keytool可以将 PKCS#12 文件作为密钥库读取,因此它会导入您的 PKCS#12 文件以有效地将其转换为本机格式(BKS 或 JKS)(keytool -importkeystore) - (奖励)用于
keytool列出内容以确保一切正常。(keytool -list)
