android-包簽名

android-包簽名

應用能在Android 系統上安裝必須是通過有私有key的證書數據簽名。Android系統經過證書肯定應用的做者，和與應用創建信任關係。證書不會用於控制應用的安裝。證書不須要權威機構簽名：它是很是完美和標準。

關於簽名的一些重要點：

• 全部的應用必須簽名(android 有默認簽名)。
• 測試和調試應用，構建工具用指定的調試密鑰(android sdk 構建工具建立的)簽名你的應用。
• 在發佈給終端用戶以前要用合適的密鑰簽名應用，不能用調試密鑰簽名將要發佈的應用。
• 能夠用本身簽名的證書籤名本身的應用。
• Android 系統僅僅會在應用安裝的時候檢查證書的有效期。若是應用在安裝以後過時，那麼應用還會正常運行。
• 咱們能夠用標準的工具-Keytool 和 Jarsigner - 生成密鑰和簽名應用。
• 在完成簽名以後，發佈以前，須要使用zipalign 工具優化最終的apk 包。

Android 系統不能安裝和運行沒有正確簽名的包。

簽名過程

---

Android 簽名應用與構建方式有關，不一樣構建方式會致使簽名過程的不一樣。這裏有兩個構建方式：調試模式和發佈模式。調試模式在開發和測試的狀況下使用，發佈模式是在將要發佈應用給用戶的時候纔會使用的(好比發佈到Google Play)。

When you build in debug mode the Android SDK build tools use the Keytool utility (included in the JDK) to create a debug key. Because the SDK build tools created the debug key, they know the debug key's alias and password. Each time you compile your application in debug mode, the build tools use the debug key along with the Jarsigner utility (also included in the JDK) to sign your application's .apk file. Because the alias and password are known to the SDK build tools, the tools don't need to prompt you for the debug key's alias and password each time you compile.

When you build in release mode you use your own private key to sign your application. If you don't have a private key, you can use the Keytool utility to create one for you. When you compile your application in release mode, the build tools use your private key along with the Jarsigner utility to sign your application's .apk file. Because the certificate and private key you use are your own, you must provide the password for the keystore and key alias.

The debug signing process happens automatically when you run or debug your application using Eclipse with the ADT plugin. Debug signing also happens automatically when you use the Ant build script with the debug option. You can automate the release signing process by using the Eclipse Export Wizard or by modifying the Ant build script and building with the release option.

簽名策略

---

簽名應用的方式會影響開發應用的方法。特別是在須要發佈多個應用的時候。

通常，對於全部的開發者比較推薦的策略是全部的應用用同一個證書籤名(在有效期以內)，這樣作的緣由是:

• 應用更新-當發佈更新應用的時候，須要用相同的證書籤名應用，這樣能夠保證用戶很好的更新到新版本。當應用安裝更新時，系統會把新版本中的證書與舊版本比較。若是證書匹配，包括證書數據和命令，系統纔會容許安裝更新，若是新版本的證書與舊版本的不匹配，那麼必須改變應用的包名-這種狀況，安裝的是一個全新的應用。
• 應用模塊化– Android 系統容許擁有一樣證書的應用運行在同一個線程中，若是應用須要，那麼系統會認爲他們是同一個應用。用這種方式你能夠模塊化部署應用，用戶能夠獨立的更新它們。
• 代碼/數據能夠共享-Android 系統基於權限機制提供簽名，以便一個應用能夠暴露方法給其餘的應用。

另一個決定簽名方式的重要因素是如何設置密鑰的有效期。

• 若是計劃支持單個應用的更新，咱們必須保證密鑰的有效期超過應用的有效期。有效時間最好是25年或者更長。當密鑰的有效期失效，用將不能無縫地更新應用
• 若是用同一個證書籤名多個應用，咱們必須保證密鑰的有效期足夠長，設置密鑰有效期的時候，要考慮應用依賴的應用的有效期。
• 若是咱們計劃發佈應用到google play。密鑰的有效期必須是在2033.10.22以後。google play 強制這些是爲了保證用戶可以無縫的更新應用到新的版本。

當咱們再設計應用的時候， 要考慮這些要點。

簽名基本設置

---

在開始以前，要保證Keytool和Jarsigner 工具都已經就緒，兩個工具都在JDK中。一般，經過在PATH 中設置JAVA_HOME的方式以便SDK構建工具能找到。

若是在linux系統上開發，要保證系統用的是JDK的工具， 而不是gcj版本的。

調試模式簽名

---

爲了更加方便開發和調試應用，Android 系統構建工具提供調試模式簽名. 用調試模式構建應用的時候，SDK工具用Keytool自動建立調試密鑰庫和 密鑰。這個密鑰在構建應用的時候自動的簽名應用，所以不須要手動的簽名應用。

SDK 工具提供預約義的name/password建立keystore/key:

• Keystore name: "debug.keystore"
• Keystore password: "android"
• Key alias: "androiddebugkey"
• Key password: "android"
• CN: "CN=Android Debug,O=Android,C=US"

若是須要改變keystore/key的位置和名字或者用自定義的keystore/key，都是作到的。 任何自定義的調試密鑰都須要保證同一個密鑰庫和密鑰。(To do so in Eclipse/ADT, go to Windows > Preferences > Android > Build.)

Caution: 應用不能用調試密鑰簽名去發佈.

Eclipse Users

If you are developing in Eclipse/ADT (and have set up Keytool and Jarsigner as described above in Basic Setup for Signing), signing in debug mode is enabled by default. When you run or debug your application, ADT signs the .apk file with the debug certificate, runs zipalign on the package, then installs it on the selected emulator or connected device. No specific action on your part is needed, provided ADT has access to Keytool.

Ant Users

If you are using Ant to build your .apk file, debug signing mode is enabled by using the debug option with the antcommand (assuming that you are using a build.xml file generated by the android tool). When you run ant debug to compile your app, the build script generates a keystore/key and signs the APK for you. The script then also aligns the APK with the zipalign tool. No other action on your part is needed. Read Building and Running Apps on the Command Line for more information.

調試證書期滿

自簽名證書在調試模式的時候簽名應用，證書的有效期只有365天。

當證書過時，那麼在構建的時候會發生錯誤。在ant 構建中，錯誤內容：

debug:[echo]Packaging bin/samples-debug.apk,and signing it with a debug key...[exec]DebugCertificate expired on 8/4/083:43 PM

In Eclipse/ADT, 類似的錯誤會出如今 Android console.

爲了解決這個問題, 簡單的方法是刪除 debug.keystore 文件. 文件的地址在 ~/.android/ on OS X and Linux, in C:\Documents and Settings\<user>\.android\ on Windows XP, and in C:\Users\<user>\.android\ on Windows Vista and Windows 7.

下次構建的時候， 構建工具會自動生成keystore 和 調試密鑰。

Note that, if your development machine is using a non-Gregorian locale, the build tools may erroneously generate an already-expired debug certificate, so that you get an error when trying to compile your application. For workaround information, see the troubleshooting topic I can't compile my app because the build tools generated an expired debug certificate.

發佈密鑰簽名應用

---

發佈應用給其餘用戶的時候，必須:

1. 生成一個合適的密鑰
2. 用發佈模式編譯應用
3. 用私有密鑰簽名應用
4. Align the final APK package(壓縮最後的包)

若是是用eclipse ADT開發，能夠用導出嚮導編譯，簽名，對其應用。這個嚮導甚至能夠幫助咱們生成私有的密鑰。能夠參考 Compile and sign with Eclipse ADT.

1. 生成私有密鑰

在簽名應用以前，保證有一個應用，私有密鑰有如下特色：

• 本身擁有
• 可以說明我的，公司，或者機構擁有應用
• 有一個有效週期，這個週期要超過應用的週期。A validity period of more than 25 years is recommended.

  If you plan to publish your application(s) on Google Play, note that a validity period ending after 22 October 2033 is a requirement. You can not upload an application if it is signed with a key whose validity expires before that date.

• 必須是android SDK tools 生成的.

The key may be self-signed. If you do not have a suitable key, you must generate one using Keytool. Make sure that you have Keytool available, as described in Basic Setup.

To generate a self-signed key with Keytool, use the keytool command and pass any of the options listed below (and any others, as needed).

Warning: Keep your private key secure. Before you run Keytool, make sure to read Securing Your Private Key for a discussion of how to keep your key secure and why doing so is critically important to you and to users. In particular, when you are generating your key, you should select strong passwords for both the keystore and key.

Warning: Keep the keystore file you generate with Keytool in a safe, secure place. You must use the same key to sign future versions of your application. If you republish your app with a new key, Google Play will consider it a new app. For more information on settings that must remain constant over the life of your app, see the Android Developer Blog post Things That Cannot Change.

Keytool Option	Description
-genkey	Generate a key pair (public and private keys)： 生成密鑰對(共有的和私有的)
-v	Enable verbose output.：容許輸出
-alias <alias_name>	An alias for the key. Only the first 8 characters of the alias are used. ：密鑰的別名，僅僅前面八個字符會被使用
-keyalg <alg>	The encryption algorithm to use when generating the key. Both DSA and RSA are supported. ：生成密鑰的加密算法。支持：DSA 和 RSA
-keysize <size>	The size of each generated key (bits). If not supplied, Keytool uses a default key size of 1024 bits. In general, we recommend using a key size of 2048 bits or higher. ：生成密鑰的大小。若是支持，Keytool 使用默認的大小(1024位)。通常來說，使用2048位 或者更大
-dname <name>	A Distinguished Name that describes who created the key. The value is used as the issuer and subject fields in the self-signed certificate. Note that you do not need to specify this option in the command line. If not supplied, Jarsigner prompts you to enter each of the Distinguished Name fields (CN, OU, and so on). ：這個名字說明誰建立了這個密鑰。
-keypass <password>	The password for the key. As a security precaution, do not include this option in your command line. If not supplied, Keytool prompts you to enter the password. In this way, your password is not stored in your shell history. ：密鑰的密碼
-validity <valdays>	The validity period for the key, in days. Note: A value of 10000 or greater is recommended. ：密鑰的有效期
-keystore <keystore-name>.keystore	A name for the keystore containing the private key. ：keystore 的名字
-storepass <password>	A password for the keystore. As a security precaution, do not include this option in your command line. If not supplied, Keytool prompts you to enter the password. In this way, your password is not stored in your shell history. ： keystore的密碼

Here's an example of a Keytool command that generates a private key:

$ keytool -genkey -v -keystore my-release-key.keystore
-alias alias_name -keyalg RSA -keysize 2048-validity 10000

Running the example command above, Keytool prompts you to provide passwords for the keystore and key, and to provide the Distinguished Name fields for your key. It then generates the keystore as a file called my-release-key.keystore. The keystore and key are protected by the passwords you entered. The keystore contains a single key, valid for 10000 days. The alias is a name that you — will use later, to refer to this keystore when signing your application.

For more information about Keytool, see the documentation athttp://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html

2. Compile the application in release mode

In order to release your application to users, you must compile it in release mode. In release mode, the compiled application is not signed by default and you will need to sign it with your private key.

Caution: You can not release your application unsigned, or signed with the debug key.

With Eclipse

To export an unsigned APK from Eclipse, right-click the project in the Package Explorer and select Android Tools > Export Unsigned Application Package. Then specify the file location for the unsigned APK. (Alternatively, open yourAndroidManifest.xml file in Eclipse, select the Manifest tab, and click Export an unsigned APK.)

Note that you can combine the compiling and signing steps with the Export Wizard. See Compiling and signing with Eclipse ADT.

With Ant

If you are using Ant, you can enable release mode by using the release option with the ant command. For example, if you are running Ant from the directory containing your build.xml file, the command would look like this:

$ ant release

By default, the build script compiles the application APK without signing it. The output file in your project bin/ will be<your_project_name>-unsigned.apk. Because the application APK is still unsigned, you must manually sign it with your private key and then align it using zipalign.

However, the Ant build script can also perform the signing and aligning for you, if you have provided the path to your keystore and the name of your key alias in the project's ant.properties file. With this information provided, the build script will prompt you for your keystore and alias password when you perform ant release, it will sign the package and then align it. The final output file in bin/ will instead be <your_project_name>-release.apk. With these steps automated for you, you're able to skip the manual procedures below (steps 3 and 4). To learn how to specify your keystore and alias in the ant.properties file, see Building and Running Apps on the Command Line.

3. Sign your application with your private key

應用簽名須要用到Jarsigner工具。確保Jarsigner和密鑰都是可用狀態。

To sign your application, you run Jarsigner, referencing both the application's APK and the keystore containing the private key with which to sign the APK. The table below shows the options you could use.

Jarsigner Option	Description
-keystore <keystore-name>.keystore	The name of the keystore containing your private key. ：keystore的名字
-verbose	Enable verbose output. ：輸出詳細內容
-sigalg	The name of the signature algorithim to use in signing the APK. Use the value SHA1withRSA. ：簽名應用的加密算法。值是SHA1withRSA
-digestalg	The message digest algorithim to use in processing the entries of an APK. Use the value SHA1.
-storepass <password>	The password for the keystore. As a security precaution, do not include this option in your command line unless you are working at a secure computer. If not supplied, Jarsigner prompts you to enter the password. In this way, your password is not stored in your shell history.
-keypass <password>	The password for the private key. As a security precaution, do not include this option in your command line unless you are working at a secure computer. If not supplied, Jarsigner prompts you to enter the password. In this way, your password is not stored in your shell history.

Here's how you would use Jarsigner to sign an application package called my_application.apk, using the example keystore created above.

$ jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore
my_application.apk alias_name

Running the example command above, Jarsigner prompts you to provide passwords for the keystore and key. It then modifies the APK in-place, meaning the APK is now signed. Note that you can sign an APK multiple times with different keys.

Caution: As of JDK 7, the default signing algorithim has changed, requiring you to specify the signature and digest algorithims (-sigalg and -digestalg) when you sign an APK.

To verify that your APK is signed, you can use a command like this:

$ jarsigner -verify my_signed.apk

If the APK is signed properly, Jarsigner prints "jar verified". If you want more details, you can try one of these commands:

$ jarsigner -verify -verbose my_application.apk

or

$ jarsigner -verify -verbose -certs my_application.apk

The command above, with the -certs option added, will show you the "CN=" line that describes who created the key.

Note: If you see "CN=Android Debug", this means the APK was signed with the debug key generated by the Android SDK. If you intend to release your application, you must sign it with your private key instead of the debug key.

For more information about Jarsigner, see the documentation athttp://docs.oracle.com/javase/6/docs/technotes/tools/windows/jarsigner.html

4. Align the final APK package

Once you have signed the APK with your private key, run zipalign on the file. This tool ensures that all uncompressed data starts with a particular byte alignment, relative to the start of the file. Ensuring alignment at 4-byte boundaries provides a performance optimization when installed on a device. When aligned, the Android system is able to read files with mmap(), even if they contain binary data with alignment restrictions, rather than copying all of the data from the package. The benefit is a reduction in the amount of RAM consumed by the running application.

The zipalign tool is provided with the Android SDK, inside the tools/ directory. To align your signed APK, execute:

$ zipalign -v 4your_project_name-unaligned.apk your_project_name.apk

The -v flag turns on verbose output (optional). 4 is the byte-alignment (don't use anything other than 4). The first file argument is your signed .apk file (the input) and the second file is the destination .apk file (the output). If you're overriding an existing APK, add the -f flag.

Caution: Your input APK must be signed with your private key before you optimize the package with zipalign. If you sign it after using zipalign, it will undo the alignment.

For more information, read about the zipalign tool.

Compile and sign with Eclipse ADT

If you are using Eclipse with the ADT plugin, you can use the Export Wizard to export a signed APK (and even create a new keystore, if necessary). The Export Wizard performs all the interaction with the Keytool and Jarsigner for you, which allows you to sign the package using a GUI instead of performing the manual procedures to compile, sign, and align, as discussed above. Once the wizard has compiled and signed your package, it will also perfom package alignment withzipalign. Because the Export Wizard uses both Keytool and Jarsigner, you should ensure that they are accessible on your computer, as described above in the Basic Setup for Signing.

To create a signed and aligned APK in Eclipse:

1. Select the project in the Package Explorer and select File > Export.
2. Open the Android folder, select Export Android Application, and click Next.

   The Export Android Application wizard now starts, which will guide you through the process of signing your application, including steps for selecting the private key with which to sign the APK (or creating a new keystore and private key).

3. Complete the Export Wizard and your application will be compiled, signed, aligned, and ready for distribution.

保護私有密鑰

---

維護私有密鑰對本身和對用戶都是最重要的。若是私有密鑰不被好好的保護，那麼頗有可能會被其餘人盜用。

若是第三方在沒有通過受權和容許的狀況下管理你的密鑰，那我的能夠很容易的簽名而且發佈應用，達到替換你的應用和入侵你的應用。應用的數據將不會在安全。

私有的密鑰在未來簽名包的時候都有用。若是密鑰丟失，那麼將不能發佈更新應用。你不能從新生成和以前同樣的密鑰。

Your reputation as a developer entity depends on your securing your private key properly, at all times, until the key is expired. Here are some tips for keeping your key secure:

• 選擇很是強健的keystore 和 key.
• 用Keytool生成密鑰的時候，命令行不須要提供-storepass 和 -keypass 參數。若是提供了，那麼密鑰將會保存到shell 記錄裏面，那麼其餘的用戶經過你的計算機能夠訪問。
• 類似的，當用Jarsigner簽名應用的時候，在命令行裏面不須要提供 -storepass和-keypass.
• 不要把密鑰借給或者給予他人，不要讓其餘人知道你的keystore和key passwords.
• Keep the keystore file containing your private key that you generate with the Keytool in a safe, secure place.

通常來說，依照注意事項生成，使用和存儲密鑰，均可以保證它的安全性。