if ["$1" == ""]; then |
echo "Create a test certificate key." |
echo "Usage: $0 NAME" |
echo "Will generate NAME.pk8 and NAME.x509.pem" |
echo " /C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/[email protected]" |
return |
fi |
openssl genrsa -3 -out $1.pem 2048 |
openssl req -new -x509 -key $1.pem -out $1.x509.pem -days 10000 \ |
-subj '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/[email protected]' |
openssl pkcs8 -in $1.pem -topk8 -outform DER -out $1.pk8 -nocrypt |
root@bt:~/bubble example# openssl genrsa -3 -out test.pem 2048 Generating RSA private key, 2048 bit long modulus ...+++ ...................................................................................+++ e is 3 (0x3)
第二步:生成x509格式的公钥证书root@bt:~/bubble example# cat test.pem -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAxJGCXH8i3XgogreH9oMoTaqUR6zTmblWUH3dOg7lV7F+cDDC P4hPBItEumMGkwhHqdqXMrvAj3RlYVGq6iozWJDluUDzY095G7UuuiPRXr5q0vl4 t0kzPJIAon6kdbAl/0JFJqKLCeyk4aWsa4yRFBi0BWC7qg4ilLdHIZL0CFnRHK6F 9haXVxBBvDPdA06YT5MDqvThs/ZCY1BnGmBb+Srj8YJJ9Nvdxix5Dmqs5JDsn+L0 5OweZqwMcyKVMTrvjj921kJvReuHRRtVwE/xrSkusZITLZ45zySiRAi+NRR9hFlS efla/8gyCXmCYcvMDOFu827QJpbzWhKgFUWRawIBAwKCAQEAgwusPaoXPlAbAc+v +azFiRxi2nM3u9DkNak+JrSY5SD+9XXW1QWKAweDJuyvDLAvxpG6IdKAX6LuQOEc nBwiOwtD0NX3l4pQvSN0fBfg6dRHN1D7JNt3fbarFv8YTnVuqiwuGcGyBp3DQRkd nQhguBB4A5XScV7BuHova7dNWuVfLWJAgeSUckHZBUHKWkq6ETo63QBW9yqjwUKh aLAZFbyBMvmhX+9oWgKBTmmr91TIA4z0JbkpPWD8LBuTKKld6FSrOEA432+SNZvW WMjr2GxyPoE4+6kiB4EhnhQI7hOzSFHW7vD1dlxkDi+B7MvN+cgPqlZ0kvRO2v5V 5uz2GwKBgQD0s9PCzQnsdpOhUHUPAe6ztLk4Uy0y7NoWl7M/P7jEqTC73OP05oGx FVGLri3l2X7g/NVUtgSEzTUBJH/rEnBJKaCjVgtW0eaIM5Hu3x/evDdUIDeIpe6V 4D4ko6z5XuHddsURO7VOOTQXA8B2xG3bb1y8dCZ3SDN3VMX9TkQbpwKBgQDNpMdi ZjXMNRna49weee/NgQJzDEcsVFw2Kbk1vZ9xr19mSCfi/nMQKdcrap5FGBLfnbox 9lHbvWWRDHlNYcyZiB/Sq9bDJN2jwR+lXAKxLE8vM5i1DjHw46TLMz23cRUTIRl+ 19qclQmE8HHIuiw7ptia/8aqAfUFvM8h7J4EnQKBgQCjIo0siLFITw0WNaNfVp8i eHt64h4h8zwPD8zU1SXYcMsn6Jf4mavLY4uydB6ZO6nrUzjjJAMDM3irbaqctvWG G8Bs5AePNpmwImFJ6hU/KCTiwCUFw/Rj6tQYbR37lJaTpINg0nje0M1krSr52Ek8 9Oh9osRPhXek4y6o3tgSbwKBgQCJGITsRCPdeLvnQpK++/Uzq1b3XYTIOD15cSYj 07+hH5Tu2sVB/vdgG+THnGmDZWHqaSbL+Yvn05kLXaYzlohmWr/hx+SCGJPCgL/D kqx2HYofd7sjXsv17RiHd356S2NiFhD/OpG9uLEDSvaF0XLSbzsR/9nGq/iufd9r 8xQDEwKBgHVOxkAoYn4Q3DXhfeTrxpZEmg7lBTuZAg8A52xH/eVMVTSKwqw+NxfZ wrU+fGQeruGm5mmOzwOuTDwywcM8qs0/gQVsUVliCMd6IbwDnN4dsNLsZdZp1nV7 rbi0sCmk218gLOQ9p2jv9i0BS8etSEkBwRzF99KgruMGtyd4R39b -----END RSA PRIVATE KEY-----
root@bt:~/bubble example# openssl req -new -x509 -key test.pem -out test.x509.pem -days 10000 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:California Locality Name (eg, city) []:Mountain View Organization Name (eg, company) [Internet Widgits Pty Ltd]:Android Organizational Unit Name (eg, section) []:Android Common Name (eg, YOUR name) []:Android Email Address []:android@android.com
第三步:生成符合PKCS8标注的私钥文件root@bt:~/bubble example# cat test.x509.pem -----BEGIN CERTIFICATE----- MIIEqjCCA5KgAwIBAgIJALNXgLhW3YPbMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4g VmlldzEQMA4GA1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UE AxMHQW5kcm9pZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTAg Fw0xMjEyMTMwNzQ1MDZaGA8xOTA0MDMyNTAxMTY1MFowgZQxCzAJBgNVBAYTAlVT MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRAw DgYDVQQKEwdBbmRyb2lkMRAwDgYDVQQLEwdBbmRyb2lkMRAwDgYDVQQDEwdBbmRy b2lkMSIwIAYJKoZIhvcNAQkBFhNhbmRyb2lkQGFuZHJvaWQuY29tMIIBIDANBgkq hkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEAxJGCXH8i3XgogreH9oMoTaqUR6zTmblW UH3dOg7lV7F+cDDCP4hPBItEumMGkwhHqdqXMrvAj3RlYVGq6iozWJDluUDzY095 G7UuuiPRXr5q0vl4t0kzPJIAon6kdbAl/0JFJqKLCeyk4aWsa4yRFBi0BWC7qg4i lLdHIZL0CFnRHK6F9haXVxBBvDPdA06YT5MDqvThs/ZCY1BnGmBb+Srj8YJJ9Nvd xix5Dmqs5JDsn+L05OweZqwMcyKVMTrvjj921kJvReuHRRtVwE/xrSkusZITLZ45 zySiRAi+NRR9hFlSefla/8gyCXmCYcvMDOFu827QJpbzWhKgFUWRawIBA6OB/DCB +TAdBgNVHQ4EFgQU1aCdtEBdGQLhO7nqnaR4pCJW0q0wgckGA1UdIwSBwTCBvoAU 1aCdtEBdGQLhO7nqnaR4pCJW0q2hgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRMwEQYD VQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRAwDgYDVQQK EwdBbmRyb2lkMRAwDgYDVQQLEwdBbmRyb2lkMRAwDgYDVQQDEwdBbmRyb2lkMSIw IAYJKoZIhvcNAQkBFhNhbmRyb2lkQGFuZHJvaWQuY29tggkAs1eAuFbdg9swDAYD VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAq/BUGCGWpF1E7WQ/vmoDrZ4r 2XTmyHycQSFpvozeKjvlBD1ESNchEWvxOSFiFrCX/OqFwEn8sQRMClpR4fdXmKrv 5GxrXN3M6ZNOmr7cNGINNeJkKhQfepaUE9bdcdSyzQsgajF0rhYosyW48k7DW5J8 zXoBIrUgGV1KhnIPci+Jg7+QBhXGZxIOyVqDg8q8h8CJgMldyyPNdmhHDAH497Sp EgIioD/95Gk5DnrHDwlTo54vh5hT2KEjcfkMNEhXpQFgYJog+HYcJwjdFoH0ZA+P 2lZ9o6hT3Dkc1PzdgzehVVa+ys0SZ4pHMPpx2z5T9cR25wO15mC8inkcA5onqQ== -----END CERTIFICATE-----
root@bt:~/bubble example# openssl pkcs8 -in test.pem -topk8 -outform DER -out test.pk8 -nocrypt
#!/bin/sh MY_SDK_HOME=~/platform/android/main/mydroid/ PEM=${MY_SDK_HOME}/build/target/product/security/platform.x509.pem PK8=${MY_SDK_HOME}/build/target/product/security/platform.pk8 if [ $# -ne 2 ] then echo Usage $0 in.apk out.apk exit 1 fi java -jar ${MY_SDK_HOME}/out/host/linux-x86/framework/signapk.jar \ ${PEM} ${PK8} $1 $2
root@bt:~/bubble example/dis# java -jar signapk.jar test.x509.pem test.pk8 unsig.apk signapk.apk
root@bt:~/bubble example# zipalign -v 4 your_project_name-unaligned.apk your_project_name.apk
第二步:签名root@bt:~# keytool -genkey -alias dani.keystore -keyalg RSA -validity 4000 -keystore dani.keystore
第三步:优化oot@bt:~/bubble example/dis/FrozenBubbleSignapk/META-INF# jarsigner -keystore dani.keystore -digestalg SHA1 -sigalg MD5withRSA -signedjar signed.apk unsigend.apk dani.keystore
root@bt:~/bubble example# zipalign -v 4 your_project_name-unaligned.apk your_project_name.apk
#!/usr/bin/perl use Digest::SHA1 qw(sha1 sha1_hex sha1_base64); die "$0 requires one arguments (file pathname) . \n" if $#ARGV !=0; $filename=shift; open FH,$filename or die "cannot open $filename"; $sha1 = Digest::SHA1->new; $sha1->addfile(*FH); $digest= $sha1->b64digest; print $digest,"\n"; close FH;
SHA1("Name: filename"+CR+LF+"SHA1-Digest: "+SHA1(file_content)+CR+LF+CR+LF)
Signature signature = Signature.getInstance("SHA1withRSA");
signature.initSign(privateKey);
je = new JarEntry(CERT_SF_NAME);
je.setTime(timestamp);
outputJar.putNextEntry(je);
writeSignatureFile(manifest,
new SignatureOutputStream(outputJar, signature));
je = new JarEntry(CERT_RSA_NAME);
je.setTime(timestamp);
outputJar.putNextEntry(je);
writeSignatureBlock(signature, publicKey, outputJar);
root@bt:~/bubble example/dis# jarsigner -verify -certs -verbose FrozenBubble-modify-sig.apk 4689 Wed Dec 12 15:56:44 CST 2012 META-INF/MANIFEST.MF 4810 Wed Dec 12 15:56:44 CST 2012 META-INF/DANI_KEY.SF 913 Wed Dec 12 15:56:44 CST 2012 META-INF/DANI_KEY.RSA sm 29099 Wed Dec 12 15:10:22 CST 2012 assets/levels.txt X.509, CN=dani lee, OU=taomee, O=taomee, L=shanghai, ST=CA, C=CA [certificate is valid from 12/12/12 3:43 PM to 11/25/23 3:43 PM] sm 25213 Wed Dec 12 15:20:14 CST 2012 res/drawable/app_frozen_bubble.png