We're working on a Cordova app and having difficulty signing the Android version of the app.
Using the command
jarsigner -keystore keystore.p12 -storetype pkcs12 android-release-unsigned.apk 1
gives the following exception
java.io.IOException: DerInputStream.getLength(): Redundant length bytes found
which comes from this line in OpenJDK apparently this was added to fix CVE-2016-5546 although I don't know enough about crypto to really understand it.
Exporting the certificate with openssl and creating a new p12 from that works fine but changes the signature which means the play store rejects the upload.
The keystore we have came from another company that we originally outsourced the app development to.
Any jarsigner or keytool command throws the same exception which I guess makes sense since they all use the same Java lib
We had the same problem. We have found that JDK 1.8.0_112 doesn't have the bug that you're talking about. So we resolved the problem in this way:
At first we converted temp_keystore.p12
into mycert.keystore
by using the following command (Java\jdk1.8.0_112\bin\keytool.exe
):
keytool -importkeystore -srckeystore temp_keystore.p12 -destkeystore mycert.keystore -srcstoretype pkcs12
Then we use the following command (Java\jdk1.8.0_112\bin\jarsigner.exe)
:
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore mycert.keystore ReadyForSigning.apk 1
to sign apk
. ("1
" at the end of command is the alias)
PS.: Converting from .p12
to .keystore
may be not necessary.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With