android中全部運行在設備上的應用都必需要簽名,這是系統提供的一種安全認證機制。
下面以問答形式來自我認識下,後面在根據部份內容來進一步研究: html
若是不簽名呢?
直接安裝到設備上,則也提示:
從上面能夠有個很簡易的認知,若是不簽名或者簽名不對,則不能安裝在設備上。 java
若是應用androidmenifast.xml中加了android:sharedUserId="android.uid.system"時,要用平臺簽名,不然提示:
更多安裝異常能夠查找相關信息。 android
這裏的platform.*即爲平臺簽名的私鑰和公鑰,加密方式是非對稱加密。
從上圖能夠看出有好幾種的簽名,4種具體表示可參考當前目錄下的README.
安全
The following commands were used to generate the test key pairs: //製做key的腳本和相關信息 development/tools/make_key testkey '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com' development/tools/make_key platform '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com' development/tools/make_key shared '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com' development/tools/make_key media '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com' The following standard test keys are currently included: //testkey--當應用沒有指定其餘key時,源碼默認以此key簽名 testkey -- a generic key for packages that do not otherwise specify a key. //平臺簽名,系統級應用用此簽名 platform -- a test key for packages that are part of the core platform. //當須要用到聯繫人的共享數據時,須要此簽名 shared -- a test key for things that are shared in the home/contacts process. //對系統的media/download相關的應用,用此簽名 media -- a test key for packages that are part of the media/download system. These test keys are used strictly in development, and should never be assumed to convey any sort of validity. When $BUILD_SECURE=true, the code should not honor these keys in any context. signing using the openssl commandline (for boot/system images) -------------------------------------------------------------- 1. convert pk8 format key to pem format % openssl pkcs8 -inform DER -nocrypt -in testkey.pk8 -out testkey.pem 2. create a signature using the pem format key % openssl dgst -binary -sha1 -sign testkey.pem FILE > FILE.sig extracting public keys for embedding ------------------------------------ it's a Java tool but it generates C code take a look at commands/recovery/Android.mk you'll see it running $(HOST_OUT_JAVA_LIBRARIES)/dumpkey.jar
從shareed簽名,能夠聯想到:
當A應用須要用到B應用的共享數據時,他們的android:sharedUserId="xxx"須要一致,簽名也須要一致 app
loop android簽名機制(2)——如何簽名 oop
參考:http://www.cnblogs.com/heart-runner/archive/2012/01/30/2332020.html
ui
問題待補充...
參考: http://developer.android.com/tools/publishing/app-signing.html 加密