Android签名证书----Android新手笔记

在最新的Android SDK中我们看到了Android签名证书机制的出现，也就是说几乎和Symbian OS v9.x以上平台构架一样，都需要数字签名证书才可以运行，这也是考虑到平台的安全性，同样也提供了类似的自签名self-signed证书。

  Android系统要求所有安装的应用程序必需有数字签名。否这系统将不会安装后运行程序在没有合适的签名许可。最终无论是在真是设备还是模拟器上都必须给你的程序建立签名才可以调试运行。(The Android system requires that all installed applications are digitally signed — the system will not install or run an application that is not signed appropriately. This applies wherever the Android system is run, whether on an actual device or on the emulator. For this reason, you must set up signing for your application before you will be able to run or debug it on an emulator or device.)

  重点理解有关Android程序签名:(The important points to understand about signing Android applications are)

  所有程序必需签名，系统将不会安装一个未签名的程序。All applications must be signed. The system will not install an application that is not signed

  你可以自签名self-signed证书给你的程序.没有证书验证也是需要的。You can use self-signed certificates to sign your applications. No certificate authority is needed

  系统测试一个签名证书过期日期仅仅在安装时，如果程序签名已经过了在安装后，那么程序将可以继续使用正常的功能。The system tests a signer certificate's expiration date only at install time. If an application's signer certificate expires after the application is installed, the application will continue to function normally

  你可以使用标准工具KeyTool和Jarsigner来生成密钥和签名你的程序在apk文件中。 

The Android SDK tools assist you in signing your applications when debugging. Both the ADT Plugin for Eclipse and the Ant build tool offer two signing modes — debug mode and release mode.

• In debug mode, the build tools use the Keytool utility, included in the JDK, to create a keystore and key with a known alias and password. At each compilation, the tools then use the debug key to sign the application .apk file. Because the password is known, the tools don't need to prompt you for the keystore/key password each time you compile.
• When your application is ready for release, you compile it in release signing mode. In release mode, the tools compile your .apk without signiing it. You must then use Keytool to generate your own keystore/key and then use the Jarsigner tool, also included in the JDK, to sign the .apk.

Basic Setup for Signing

To support the generation of a keystore and debug key, you should first make sure that Keytool is available to the SDK build tools. In most cases, you can tell the SDK build tools how to find Keytool by making sure that your JAVA_HOME environment variable is set and that it references a suitable JDK. Alternatively, you can add the JDK version of Keytool to your PATH variable.