Due to recent SHA1-collision news, I want to ensure that SHA1 is no longer used in my apk signing. However I cannot find a parameter in apksigner.
Is there a way to specify (either direct or indirect) the digest algorithm apksigner uses?
(Before SDK 24, Android used java's jarsigner
to sign apk, which has options like -sigalg SHA1withRSA -digestalg SHA1
)
Update: as Alex mentioned, I found how apksigner
determine signature algorithm for scheme v1 in V1SchemeSigner.java.
In short, apksigner
determine it from minimumSDK
and key type of certificate.
SHA256withRSA
for minimum SDK 18 (Android 4.3) and upSHA256withDSA
for minimum SDK 21 (Android 5.0) and upSHA256withEC
for minimum SDK 18 and upSHA1with*
for lower minimum SDK levelsThis is a FAQ I wrote for memo: SHA1 Collision and Android APK Signing.
Not directly. apksigner
attempts to use only secure digests and signing algorithms, but it does that within the constraints imposed by your signing key (size, algorithm) and Android platform versions supported by the APK being signed. In particular, for JAR signatures, apksigner
uses SHA-256 or stronger by default, but only for APKs which support only API Level 18 or newer (as declared in minSdkVersion
in their AndroidManifest.xml
). APKs which run on earlier platforms must use SHA-1 because these earlier platforms don't support verifying APKs using SHA-256 or stronger. For APK Signature Scheme v2 signature, only SHA-256 or stronger is used, because this signature scheme does not even support SHA-1.
If you want apksigner
to sign your APK with SHA-256, you can:
minSdkVersion
to 18 or higher, but this will make Android platforms with API Level 17 and lower reject the APK at install time.--min-sdk-version=18
to apksigner
, but this will make Android platforms with API Level 17 and lower reject the APK at install time.--v1-signing-enabled=false
to apksigner
, but this will make Android platforms with API Level 23 and lower reject the APK at install time.P. S. Even if you switched to signing your APKs using only SHA-256, Android will still accept APKs with your package name and signing cert, signed with SHA-1 or MD5. So, depending on your threat model, you may need to switch to new signing keys which have never been used with SHA-1 or weaker digest algorithms. And this is not only for the digest algorithm used in the actual cryptographic signature, but also for the digest algorithms used in .SF
and MANIFEST.MF
files.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With