互联网技术分享
0%

Android签名

发表于 更新于 分类于

一、Android.mk 文件配置签名

我们知道在 build/target/product/security 目录中有四组默认签名供,Android.mk在编译APK使用:

1、testkey:普通APK,默认情况下使用。
2、platform:该APK完成一些系统的核心功能。经过对系统中存在的文件夹的访问测试,这种方式编译出来的APK所在进程的UID为system。
3、shared:该APK需要和home/contacts进程共享数据。
4、media:该APK是media/download系统中的一环。

举例说明一下

系统中所有使用android.uid.system作为共享UID的APK,
都会首先在manifest节点中增加android:sharedUserId=”android.uid.system”,
然后在Android.mk中增加LOCAL_CERTIFICATE := platform。可以参见Settings等

系统中所有使用android.uid.shared作为共享UID的APK,
都会在manifest节点中增加android:sharedUserId=”android.uid.shared”,
然后在Android.mk中增加LOCAL_CERTIFICATE := shared。可以参见Launcher等

系统中所有使用android.media作为共享UID的APK,
都会在manifest节点中增加android:sharedUserId=”android.media”,
然后在Android.mk中增加LOCAL_CERTIFICATE := media。可以参见Gallery等。

二、AS项目在系统下编译MK文件

1.MK文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
LOCAL_PATH:= $(call my-dir)/src/main

include $(CLEAR_VARS)
LOCAL_STATIC_JAVA_LIBRARIES := android-support-v4

LOCAL_MODULE_TAGS := optional

#aidl文件引入
LOCAL_SRC_FILES := $(call all-subdir-java-files,java) \
	src/com/voole/epg/cooperation/aidl/VooleAIDL.aidl

#jar文件引入
LOCAL_STATIC_JAVA_LIBRARIES :=  umeng_ad  \
                                                             afinal_ad

#so库引入
LOCAL_JNI_SHARED_LIBRARIES := libaccstub \
                                                         libalgmsyoukutv 

#aar文件引入
LOCAL_STATIC_JAVA_AAR_LIBRARIES := inveno_meitu_ui_sdk \
                                                                   inveno_detail_info_sdk
LOCAL_AAPT_FLAGS += \
         --auto-add-overlay \
         --extra-packages com.inveno.basics \
         --extra-packages com.inveno.detailinfosdk \
LOCAL_PACKAGE_NAME := Mprobe
LOCAL_PROGUARD_ENABLED := full
#LOCAL_PROGUARD_FLAG_FILES := proguard.flags
LOCAL_CERTIFICATE := platform
include $(BUILD_PACKAGE)

include $(CLEAR_VARS)
LOCAL_PREBUILT_STATIC_JAVA_LIBRARIES :=  afinal_ad:libs/afinal.jar \
									     umeng_ad:libs/umeng-analytics-v5.5.3.jar 

LOCAL_PREBUILT_LIBS :=  libaccstub:libs/armeabi/libaccstub.so \
					   libalgmsyoukutv:libs/armeabi/libalgmsyoukutv.so 

LOCAL_PREBUILT_STATIC_JAVA_LIBRARIES += inveno_meitu_ui_sdk:libs/meitu_sdk-release_201709291605.aar \
                                                                              inveno_detail_info_sdk:libs/detail_info_sdk-release.aar
include $(BUILD_MULTI_PREBUILT)

2.android 系统下编译需要类库与资源的APP

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
 LOCAL_STATIC_JAVA_LIBRARIES += \
    android-support-v4 \
    android-support-v7-recyclerview \
    android-support-v7-preference \
    android-support-v7-appcompat \
    android-support-v14-preference \
    android-support-v17-preference-leanback \
    android-support-v17-leanback \
    xz-java

LOCAL_RESOURCE_DIR := \
    frameworks/support/v17/leanback/res \
    frameworks/support/v7/preference/res \
    frameworks/support/v14/preference/res \
    frameworks/support/v17/preference-leanback/res \
    frameworks/support/v7/appcompat/res \
    frameworks/support/v7/recyclerview/res \
    $(LOCAL_PATH)/res

LOCAL_AAPT_FLAGS := --auto-add-overlay \
    --extra-packages android.support.v17.leanback:android.support.v7.preference:android.support.v14.preference:android.support
.v17.preference:android.support.v7.appcompat:android.support.v7.recyclerview

三、apk重签系统名

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
#
#
# Generate by Binary Description tools
#

LOCAL_PATH := $(call my-dir)

# For /system/priv-app directory apks
SYSTEM_PRIV_APP_DIR_PREFIX:=priv-#
# If the PLATFORM_VERSION is 4.0.x 4.1.x 4.2.x 4.3.x, no priv-app support
ifneq ($(filter 4.0% 4.1% 4.2% 4.3%,$(strip $(PLATFORM_VERSION))),)
# Revert to ""
SYSTEM_PRIV_APP_DIR_PREFIX:=#
endif #end of filter



APP_SUFFIX := .apk
PREBUILT_APPS := $(subst $(APP_SUFFIX),,$(subst $(LOCAL_PATH)/,,$(wildcard $(LOCAL_PATH)/*$(APP_SUFFIX))))
$(foreach t,$(PREBUILT_APPS), \
  $(eval include $(CLEAR_VARS)) \
  $(eval LOCAL_MODULE := $(t) )\
  $(eval LOCAL_MODULE_TAGS := optional)\
  $(eval LOCAL_SRC_FILES := $(t)$(APP_SUFFIX) )\
  $(eval LOCAL_MODULE_CLASS := APPS) \
  $(eval LOCAL_MODULE_SUFFIX := $(COMMON_ANDROID_PACKAGE_SUFFIX)) \
  $(eval LOCAL_CERTIFICATE := platform) \
  $(eval include $(BUILD_PREBUILT)) \
  )

四、keystore与pk8+x509.pem转换

1.keystore文件转换格式为pk8+x509.pem

第一步 先v把keystore文件转换为pkcs12格式

1
keytool -importkeystore -srckeystore debug.keystore -destkeystore tmp.p12 -srcstoretype JKS -deststoretype PKCS12

第二步 将PKCS12 dump成pem 这样就可以按照文本形式查看了
1
openssl pkcs12 -in tmp.p12 -nodes -out tmp.rsa.pem

接下来打开文件intermediate.rsa.pem 看到 PRIVATE KEY 还有CERT PS:private 那边可能有RSA KEY 这个不用管
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Bag Attributes
   friendlyName: androiddebugkey
   localKeyID: 54 69 6D 65 20 31 33 38 38 39 37 38 34 32 36 38 36 39
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
Bag Attributes
   friendlyName: androiddebugkey
   localKeyID: 54 69 6D 65 20 31 33 38 38 39 37 38 34 32 36 38 36 39
subject=/C=US/O=Android/CN=Android Debug
issuer=/C=US/O=Android/CN=Android Debug
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
复制“BEGIN CERTIFICATE”  “END CERTIFICATE” 到(新建个文件) cert.x509.pem
[
pem里面内容(下的一样):
-----BEGIN CERTIFICATE-----
。。。。
-----END CERTIFICATE-----
]
复制 “BEGIN RSA PRIVATE KEY”   “END RSA PRIVATE KEY” 到(同上) private.rsa.pem

第三 生成pk8格式的私钥
1
openssl pkcs8 -topk8 -outform DER -in     private.rsa.pem -inform PEM -out private.pk8 -nocrypt

完毕 收集文件 cert.x509.pem private.pk8 其余的中间文件删除即可

2.pk8+x509.pem文件转换格式为keystore

1.把pkcs8格式的私钥转换为pkcs12格式:

1
$ openssl pkcs8 -in testkey.pk8 -inform DER -outform PEM -out testkey.priv.pem -nocrypt

2.生成pkcs12格式的密钥文件:

1
$ openssl pkcs12 -export -in testkey.x509.pem -inkey testkey.priv.pem -out testkey.pk12 -name androiddebugkey

(注:此过程中需要输入密码:android)

3.生成keystore:

1
$ keytool -importkeystore -deststorepass android -destkeypass android -destkeystore debug.keystore -srckeystore testkey.pk12 -srcstoretype PKCS12 -srcstorepass android -alias androiddebugkey