Can I specify digest algorithm apksigner uses?

Question

Due to recent SHA1-collision news, I want to ensure that SHA1 is no longer used in my apk signing. However I cannot find a parameter in apksigner.

Is there a way to specify (either direct or indirect) the digest algorithm apksigner uses?

(Before SDK 24, Android used java's jarsigner to sign apk, which has options like -sigalg SHA1withRSA -digestalg SHA1)

---

Update: as Alex mentioned, I found how apksigner determine signature algorithm for scheme v1 in V1SchemeSigner.java.

In short, apksigner determine it from minimumSDK and key type of certificate.

• SHA256withRSA for minimum SDK 18 (Android 4.3) and up
• SHA256withDSA for minimum SDK 21 (Android 5.0) and up
• SHA256withEC for minimum SDK 18 and up
• SHA1with* for lower minimum SDK levels

This is a FAQ I wrote for memo: SHA1 Collision and Android APK Signing.

Answer 1

Not directly. apksigner attempts to use only secure digests and signing algorithms, but it does that within the constraints imposed by your signing key (size, algorithm) and Android platform versions supported by the APK being signed. In particular, for JAR signatures, apksigner uses SHA-256 or stronger by default, but only for APKs which support only API Level 18 or newer (as declared in minSdkVersion in their AndroidManifest.xml). APKs which run on earlier platforms must use SHA-1 because these earlier platforms don't support verifying APKs using SHA-256 or stronger. For APK Signature Scheme v2 signature, only SHA-256 or stronger is used, because this signature scheme does not even support SHA-1.

If you want apksigner to sign your APK with SHA-256, you can:

• Set the APK's minSdkVersion to 18 or higher, but this will make Android platforms with API Level 17 and lower reject the APK at install time.
• Pass in --min-sdk-version=18 to apksigner, but this will make Android platforms with API Level 17 and lower reject the APK at install time.
• Sign the APK only with APK Signature Scheme v2, by passing in --v1-signing-enabled=false to apksigner, but this will make Android platforms with API Level 23 and lower reject the APK at install time.

P. S. Even if you switched to signing your APKs using only SHA-256, Android will still accept APKs with your package name and signing cert, signed with SHA-1 or MD5. So, depending on your threat model, you may need to switch to new signing keys which have never been used with SHA-1 or weaker digest algorithms. And this is not only for the digest algorithm used in the actual cryptographic signature, but also for the digest algorithms used in .SF and MANIFEST.MF files.