Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Can I change Android signing certificate Subject while keeping the private key

Tags:

android

google-play

I have developed an Android app that I am transferring to another person to further development. I have understood that if the new developer uses the same keystore, the seamless upgrade process continues.

How does Android validate the certificate when it is updating apps? Does it just validate only signature or does it compare whole certificates along with the Subject name?

My problem is that the new developer would like to market the app under their company name, not mine, hence the Google account change. But the certificate also contains my name and I would like to generate new certificate with the same private key, which should produce identical signature, but with different Subject in the Cert.

I have not used the certificate for any other apps, so I have no problem giving it away.

PS. Is it at all possible to upload the same application from another Google Account using the same keystore and package name so that seamless upgrade continues?

like image 819
Laas Avatar asked Nov 20 '12 12:11

Laas

1 Answers

No, when a certificate is signed the TBS field of the certificate is signed. As you can see the TBS filed contains a Subject field.

 Certificate  ::=  SEQUENCE  {
        tbsCertificate       TBSCertificate,
        signatureAlgorithm   AlgorithmIdentifier,
        signatureValue       BIT STRING  }

   TBSCertificate  ::=  SEQUENCE  {
        version         [0]  EXPLICIT Version DEFAULT v1,
        serialNumber         CertificateSerialNumber,
        signature            AlgorithmIdentifier,
        issuer               Name,
        validity             Validity,
        subject              Name,
        subjectPublicKeyInfo SubjectPublicKeyInfo,
        issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
                             -- If present, version MUST be v2 or v3

So, you cannot change fields in the TBS. Either continue without changing the certificate(the subject) or create a new certificate with the other person's credentials. But for that you will have to deactivate your app. And upload a fresh app(not as an update, but as a new app), which I think is not a good solution. So it is better to continue with your certificate.

It doesn't care about the actual 'details' (certificate DN, serial number, etc.), but just compares the certificates as binary blobs as told here. Since the certificates are different, you can't update an app originally signed with cert1 with another signed with cert2.

like image 151
Ashwin Avatar answered Sep 28 '22 11:09

Ashwin
Sign in to Comment

Related questions

Fling implementation on android canvas
Null pointer exception with custom view in layout xml
How to upload multiple files with AsyncHttpClient Android
Prevent multiple notification sounds android
Sort SparseArray in Android
Listen for updates ans install from server
Android Camera: require frontal OR rear camera
Android AIDL security
How to include a prebuilt static library in Android NDK's Android.mk file correctly?
How to show images in imageview in simple adapter?
Android - alternative for OpenCV?
How do you download a file to Android's Downloads folder using Phonegap?
Encrypt the WebView Cache on Android
Chart above grid lines in AChartEngine Bar Chart
Is there any way I can make images on buttons auto-resize to fit the screen?
Android HttpClient, DefaultHttpClient, HttpPost
Android message between classes
Android - is it possible to detect smile?
How to create peer-to-peer connection? [duplicate]
Android Testing: Dialog. Check it isShowing()

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!