Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Android: After building platform source, how to sign arbitrary APK with platform key?

As an experiment, I would like to use the platform key of my custom built Android platform to sign an arbitrary APK, that is built via the NDK. What is the process to go about doing this?

like image 788
zer0stimulus Avatar asked Nov 22 '10 16:11

zer0stimulus


People also ask

How do I sign an app with platform key?

Generate an upload key and keystoreIn the menu bar, click Build > Generate Signed Bundle/APK. In the Generate Signed Bundle or APK dialog, select Android App Bundle or APK and click Next. Below the field for Key store path, click Create new.

What is Android release key?

To submit an Android app to the Google Play store, it must be signed with a release key. That means you generate the key on your computer, then upload it to our build platform. If your plan includes app store submission, we will create this key for you.

What is signed APK?

The signed apk is simply the unsigned apk that has been signed via the JDK jarsigner tool. If you want to generate a signed apk then refer to How to Generate Signed Apk in Android Studio?

What is signed build?

It is used to verify a package has been signed by the corresponding private key. The standard Android build uses five keys, all of which reside in build/target/product/security : testkey. Generic default key for packages that do not otherwise specify a key.


2 Answers

If you have your platform key/certificate pair (.pk8 + x509.pem). Which can be found under build/target/product/security in the pulbic sdk.

You can use the SignApk.jar from the command line

java -jar SignApk.jar platform.x509.pem platform.pk8 Application.apk Application_signed.apk

Or to make automation easier, you can import the key/cert pair into your java keystore file, with the keytool-importkeypair, and use an ant makefile or eclipse for signing.

keytool-importkeypair -k ~/.android/debug.keystore -p android -pk8 platform.pk8 -cert platform.x509.pem -alias platform

like image 102
aprock Avatar answered Oct 10 '22 19:10

aprock


The signapk.jar (all lowercase) file mentioned in aprock' answer can be found at prebuilts/sdk/tools/lib/signapk.jar (or out/host/linux-x86/framework/signapk.jar).

Below I will describe how to manage the keystore used by Eclipse and ant release.


The following command takes the key file platform.pk8 and X509 certificate platform.x509.pem and outputs the decrypted key material in tmp.p12. The name platformkey is used to

 openssl pkcs8 -inform DER -nocrypt -in platform.pk8 | \     openssl pkcs12 -export -in platform.x509.pem -inkey /dev/stdin \     -name platformkey -password pass: -out tmp.p12 

Eclipse and ant debug use the keystore at ~/.android/debug.keystore which is locked with the password android. (You can also specify an other keystore file if you want to, e.g. ~/.android/mykeys.keystore.) The next command stores the key material from tmp.p12 in the keystore (without a password for the keys, if you want one, edit -srcstorepass '' below):

 keytool -importkeystore -deststorepass android -srckeystore tmp.p12 \     -srcstoretype PKCS12 -srcstorepass '' -destkeystore ~/.android/debug.keystore 

At this point, you can delete the tmp.p12 file because it is no longer needed.

In order to check what is in your keystore, you can run the next keytool command (the output it shown on the line thereafter):

 $ keytool -list -keystore ~/.android/debug.keystore -storepass android ... platformkey, Nov 23, 2013, PrivateKeyEntry,  Certificate fingerprint (SHA1): 12:34:56:(stripped):AB:CD:EF 

When you no longer need the key, it can be removed with:

 keytool -delete -keystore ~/.android/debug.keystore -storepass android -alias platformkey 

In your local.properties file, put (if you omit the key.*.password options, you have to enter it every time you sign the APK):

key.store=${user.home}/.android/debug.keystore key.alias=platformkey key.store.password=android key.alias.password= 

Now you can run ant release to sign your APK using the platform key you stored in a keystore.

like image 34
Lekensteyn Avatar answered Oct 10 '22 20:10

Lekensteyn