Menu
I am new to cryptography certificate and am trying to figure out the components of "CERT.RSA" file under "./META-INF" folder for an Android application.
To my understanding, "CERT.RSA" is used to verify the signiture of "CERT.SF" file under the same directory. It should consist of the certificate meta info (subject, issuer, Series number, etc.), the signature of "CERT.SF" signed by developers private key, and the public key used to verify the signature.
How can I derive the above components from "CERT.RSA" file? Especially, how can I retrieve the public key from the "CERT.RSA"?
I tried to use the following commands to reveal signing certificate. When people talk about signing certificate, is it (the following output) the public keys or the signed signature?
>> openssl pkcs7 -inform DER -print_certs -out cert.pem -in CERT.RSA >> cat cert.pem subject=/C=SE/ST=Kista/L=Kista/O=Javsym/OU=Mobile Visuals/CN=Eyvind Almqvist issuer=/C=SE/ST=Kista/L=Kista/O=Javsym/OU=Mobile Visuals/CN=Eyvind Almqvist -----BEGIN CERTIFICATE----- MIICWzCCAcSgAwIBAgIETVPFgjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJT RTEOMAwGA1UECBMFS2lzdGExDjAMBgNVBAcTBUtpc3RhMQ8wDQYDVQQKEwZKYXZz eW0xFzAVBgNVBAsTDk1vYmlsZSBWaXN1YWxzMRgwFgYDVQQDEw9FeXZpbmQgQWxt cXZpc3QwIBcNMTEwMjEwMTEwMTIyWhgPMjA2MTAxMjgxMTAxMjJaMHExCzAJBgNV BAYTAlNFMQ4wDAYDVQQIEwVLaXN0YTEOMAwGA1UEBxMFS2lzdGExDzANBgNVBAoT BkphdnN5bTEXMBUGA1UECxMOTW9iaWxlIFZpc3VhbHMxGDAWBgNVBAMTD0V5dmlu ZCBBbG1xdmlzdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjwLlwflQ2zoC 1EeCkICSqYTSkdv6Xj0YCqoQsuLJw0pwDbz5qRos61Ub0ZxWCa4TfXu1NJmuD4j+ LwQYvAR6JO985y4zjH1Ee5qZmHDC5yoSRko6P8B4KfmBm8E8CryhUjN7vNLUfG2o XrmXK+g5KKTx3wzWlb4+AdAS7/NlDVkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAS CxdfvR/LHPlULkCsoGw9/Q2ZhsTlPr7fZw32sef9vnz1hqd6iMDsLC2c34yRVJfb t6dZCVO9/gWMURIZ7NmT36uBFAUB+XkGK+5/ot3YEJicEwmk/Nvj1Tzo3PjBX3ZD lLBpEPgc3IUOhgMyzDR+ytgFlH0MkDps6FApunUpiQ== -----END CERTIFICATE----- By using the following command, I could get the meta info of this certificate:
>> keytool -printcert -file CERT.RSA Owner: CN=Eyvind Almqvist, OU=Mobile Visuals, O=Javsym, L=Kista, ST=Kista, C=SE Issuer: CN=Eyvind Almqvist, OU=Mobile Visuals, O=Javsym, L=Kista, ST=Kista, C=SE Serial number: 4d53c582 Valid from: Thu Feb 10 06:01:22 EST 2011 until: Fri Jan 28 06:01:22 EST 2061 Certificate fingerprints: MD5: 58:94:63:63:C1:ED:4C:02:CE:90:CE:64:DA:D7:4A:E4 SHA1: 17:5C:44:E3:A6:1A:F2:4F:A5:78:6E:C7:F0:42:4C:AD:E6:F5:CA:DF Signature algorithm name: SHA1withRSA Version: 3 Is there other tools/commands I can use to get more complete info from "CERT.RSA"?
Thanks a lot for any inputs!
682
RSA" is used to verify the signiture of "CERT. SF" file under the same directory. It should consist of the certificate meta info (subject, issuer, Series number, etc.), the signature of "CERT. SF" signed by developers private key, and the public key used to verify the signature.
Jar files are used by all types of java applications, they have a specific structure - the META-INF folder contains the manifest information and other metadata about the java package carried by the jar file.
In an APK file, the APK Signing Block is located immediately before the ZIP Central Directory, which is located at the end of the file. The block contains ID-value pairs wrapped in a way that makes it easier to locate the block in the APK. The v2 signature of the APK is stored as an ID-value pair with ID 0x7109871a.
If you only want to get the part of public-key out of the CERT.RSA file, you can try out the following method:
openssl pkcs7 -in CERT.RSA -inform DER -print_certs -out cert.pem
openssl x509 -in cert.pem -pubkey -noout
87
once you have the cert.pem file you can get the public key by using the following command:
openssl x509 -in cert.pem -noout -text
Regards,
Giuseppe
37
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
