qiuri2008

  博客园 :: 首页 :: 博问 :: 闪存 :: 新随笔 :: 联系 :: 订阅 订阅 :: 管理 ::

介绍签名的两种方式:

1、signapk.jar命令行方式:

如果你需要开发一个带有系统权限的app,往往需要配置SharedUserId,比如:

 

[html] view plain copy
 
  1. </pre><pre name="code" class="html"><?xml version="1.0" encoding="utf-8"?>  
  2. <manifest xmlns:android="http://schemas.android.com/apk/res/android"  
  3.     package="com.cxq.signdemo"  
  4.     android:sharedUserId="android.uid.shell">  
  5.   
  6.     <application  
  7.         android:allowBackup="true"  
  8.         android:icon="@mipmap/ic_launcher"  
  9.         android:label="@string/app_name"  
  10.         android:supportsRtl="true"  
  11.         android:theme="@style/AppTheme">  
  12.         <activity android:name=".MainActivity">  
  13.             <intent-filter>  
  14.                 <action android:name="android.intent.action.MAIN" />  
  15.   
  16.                 <category android:name="android.intent.category.LAUNCHER" />  
  17.             </intent-filter>  
  18.         </activity>  
  19.     </application>  

 

此时,如果直接在AS中run,app是装不上的,需要先生成app,然后再使用系统文件对apk进行签名,

 

java -jar signapk.jar  platform.x509.pem platform.pk8 signDemo.apk signDemo_signed.apk

 虽然能够满足使用,但是作为开发者,不免会遇到需要调试的情况,然后这种离线的签名方式,就没法调试。。。严重影响了开发的效率。

 

2、在线自动打包签名的方式:

 需要准备的文件:

keytool-importkeypair (下载),或者COPY下面脚本。

platform.x509.pem、platform.pk8(位于../build/target/product/security)

其本质的原理是给apk加上开发者签名(jks文件),使用keytool-importkeypair 对jks文件进行系统签名,在出包的时候,直接使用带有系统签名的jks对apk进行签名,这样编译生成的apk文件就自带系统签名了

1、使用keytool-importkeypair对jks文件引入系统签名

把platform.x509.pem、platform.pk8和上一部生成的jks文件统一放到一个文件夹下,比如我的是放在工程目录的signApk目录下

      

 

 将下载好的keytool-importkeypair配置一下,其实主要就是配置一下环境变量,不熟悉的可以阅读官方文档,然后使用下面这条命令(需要在linux下,用windows的可以去在linux下生成jks,然后复制出新的jks回原目录也可以)对jks文件引入系统签名

 

./keytool-importkeypair -k [jks文件名] -p [jks的密码] -pk8 platform.pk8 -cert platform.x509.pem -alias [jks的别名]

 

例如我的对应的就是:

 ./keytool-importkeypair -k SignKitking.jks -p 123456 -pk8 platform.pk8 -cert platform.x509.pem -alias SignKitking

运行完这条命令之后,我们就得到了有系统签名的jks

 

2、配置gradle(app)

在在android区域下(与defaultConfig同级)添加signingConfigs配置:

依次填写jks的路径,密码,别名等 

apply plugin: 'com.android.application'
android {
    compileSdkVersion 22
    buildToolsVersion "27.0.3"

    defaultConfig {
        applicationId "com.android.factorytest"
    }

    signingConfigs {
        release {
            storeFile file("../signApk/SignKitking.jks")
            storePassword '123456'
            keyAlias 'SignKitking'
            keyPassword '123456'
        }

        debug {
            storeFile file("../signApk/SignKitking.jks")
            storePassword '123456'
            keyAlias 'SignKitking'
            keyPassword '123456'
        }
    }

    buildTypes {
        release {
            minifyEnabled false
            proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.txt'
        }
    }
}

dependencies {
    implementation files('src/main/libs/classes.jar')
    implementation files('src/main/libs/upgrade_ja.jar')
}

 

3、运行

经过以上配置之后,点击run,app就可以直接安装到目标机器上了

 

keytool-importkeypair脚本内容:

#! /bin/bash
#
# This file is part of keytool-importkeypair.
#

DEFAULT_KEYSTORE=$HOME/.keystore
keystore=$DEFAULT_KEYSTORE
pk8=""
cert=""
alias=""
passphrase=""
tmpdir=""

scriptname=`basename $0`

usage() {
cat << EOF
usage: ${scriptname} [-k keystore] [-p storepass]
-pk8 pk8 -cert cert -alias key_alias

This script is used to import a key/certificate pair
into a Java keystore.

If a keystore is not specified then the key pair is imported into
~/.keystore in the user's home directory.

The passphrase can also be read from stdin.
EOF
}

cleanup() {
if [ ! -z "${tmpdir}" -a -d ${tmpdir} ]; then
   rm -fr ${tmpdir}
fi
}

while [ $# -gt 0 ]; do
        case $1
        in
                -p | --passphrase | -passphrase)
                        passphrase=$2
                        shift 2
        ;;
                -h | --help)
                        usage
                        exit 0
        ;;
                -k | -keystore | --keystore)
                        keystore=$2
                        shift 2
        ;;
                -pk8 | --pk8 | -key | --key)
                        pk8=$2
                        shift 2
        ;;
                -cert | --cert | -pem | --pem)
                        cert=$2
                        shift 2
        ;;
                -a | -alias | --alias)
                        alias=$2
                        shift 2
        ;;
                *)
                        echo "${scriptname}: Unknown option $1, exiting" 1>&2
                        usage
                        exit 1
        ;;
        esac
done

if [ -z "${pk8}" -o -z "${cert}" -o -z "${alias}" ]; then
   echo "${scriptname}: Missing option, exiting..." 1>&2
   usage
   exit 1
fi


for f in "${pk8}" "${cert}"; do
    if [ ! -f "$f" ]; then
       echo "${scriptname}: Can't find file $f, exiting..." 1>&2
       exit 1
    fi
done

if [ ! -f "${keystore}" ]; then
   storedir=`dirname "${keystore}"`
   if [ ! -d "${storedir}" -o ! -w "${storedir}" ]; then
      echo "${scriptname}: Can't access ${storedir}, exiting..." 1>&2
      exit 1
   fi
fi

# Create temp directory ofr key and pkcs12 bundle
tmpdir=`mktemp -q -d "/tmp/${scriptname}.XXXX"`

if [ $? -ne 0 ]; then
   echo "${scriptname}: Can't create temp directory, exiting..." 1>&2
   exit 1
fi

key="${tmpdir}/key"
p12="${tmpdir}/p12"

if [ -z "${passphrase}" ]; then
   # Request a passphrase
  read -p "Enter a passphrase: " -s passphrase
  echo ""
fi

# Convert PK8 to PEM KEY
openssl pkcs8 -inform DER -nocrypt -in "${pk8}" -out "${key}"

# Bundle CERT and KEY
openssl pkcs12 -export -in "${cert}" -inkey "${key}" -out "${p12}" -password pass:"${passphrase}" -name "${alias}"

# Print cert
echo -n "Importing \"${alias}\" with "
openssl x509 -noout -fingerprint -in "${cert}"

# Import P12 in Keystore
keytool -importkeystore -deststorepass "${passphrase}" -destkeystore "${keystore}" -srckeystore "${p12}" -srcstoretype PKCS12 -srcstorepass "${passphrase}" 

# Cleanup
cleanup

 

posted on 2017-12-29 22:07  江召伟  阅读(7261)  评论(1编辑  收藏  举报