Menu
Well as the title states, I am trying to sign my app using the platform.x509.pem and platform.pk8. The problem is that I get errors when using keytool-importkeypairs to add these like this:
keytool-importkeypair -k ~/.android/debug.keystore -p android -pk8 platform.pk8 -cert platform.x509.pem -alias platform
And I also get an error when trying to directly sign the APK using SignApk.jar like this:
java -jar SignApk.jar platform.x509.pem platform.pk8 test-app.apk test-app-signed.apk
Keytool-importkeypairs error:
Error decrypting key
3074042056:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1319:
3074042056:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=PKCS8_PRIV_KEY_INFO
unable to load private key
3074091208:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:696:Expecting: ANY PRIVATE KEY
Importing "platform" with unable to load certificate
3073755336:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:696:Expecting: TRUSTED CERTIFICATE
keytool error: java.lang.Exception: Source keystore file exists, but is empty: /tmp/keytool-importkeypair.vDOP/p12
Sources Used: Apk with system privileges, How to sign Android app with system signature? (SO), and How to update the android dev phone 2 from 1.6 to 2.1
Neither of the methods described in the links above work now, as you can see.
Thanks in advance.
368
platform: a key for packages that are part of the core platform. shared: a key for things that are shared in the home/contacts process. media: a key for packages that are part of the media/download system. testkey: the default key to sign with if not otherwise specified.
It is used to verify a package has been signed by the corresponding private key. The standard Android build uses five keys, all of which reside in build/target/product/security : testkey.
To submit an Android app to the Google Play store, it must be signed with a release key. That means you generate the key on your computer, then upload it to our build platform. If your plan includes app store submission, we will create this key for you.
To provide your own signing key for Google to use when signing your app, select Change app signing key > Use my own key and select one of the options that lets you securely upload a private key and its public certificate.
Check the format of the files first (with cat, etc.), the error suggests they are not in the expected format (ASN.1/PEM).
More importantly, using those keys rarely makes any sense. Those are just sample keys, and any self-respecting custom ROM will use its own private keys. Otherwise just about anyone can sign their APK with the public keys in AOSP and get whatever privilege they want. Which is, needless to say, a very bad thing. If you need to develop an app that uses system privileges and want it to work on all (or most) rooted phones and custom ROMs, the right way to do it is to request root access with su and execute whatever you need to do in a root shell. If the user grants you the permission, of course.
EDIT:
To debug the import error, run this step by step. It does work with the default AOSP keys.
$ openssl pkcs8 -inform DER -nocrypt -in platform.pk8 -out platform.pem
$ openssl pkcs12 -export -in platform.x509.pem -inkey platform.pem -out platform.p12 -password pass:android -name platform
$ keytool -importkeystore -deststorepass android -destkeystore test.keystore -srckeystore platform.p12 -srcstoretype PKCS12 -srcstorepass android
$ keytool -list -v -keystore test.keystore
What it does:
openssl pkcs8)openssl pkcs12)keytool can read PKCS#12 files as keystore, it imports your PKCS#12 file to effectively convert it to the native format (BKS or JKS) (keytool -importkeystore)keytool to list the contents in order to make sure everything worked. (keytool -list)
71
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
