1.使用platform密鑰對(duì)apk進(jìn)行簽名

?

1.1.進(jìn)入<Android_Source_Path>/build/target/product/security,找到【platform.pk8】和【platform.x509.pem】系統(tǒng)密鑰。
1.2.進(jìn)入<Android_Source_Path>/build/tools/signapk找到SignApk.java，運(yùn)行javac編譯成SignApk.class
1.3.執(zhí)行命令java com.android.signapk.SignApk platform.x509.pem platform.pk8 input.apk output.apk

至此，完成。

?

2. 對(duì)1的補(bǔ)充：

<Android_Source_Path>/build/target/product/security下有多對(duì)密鑰，詳細(xì)如下：

The following commands were used to generate the test key pairs:

? development/tools/make_key testkey? '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
? development/tools/make_key platform '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
? development/tools/make_key shared?? '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
? development/tools/make_key media??? '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'

The following standard test keys are currently included:

testkey -- a generic key for packages that do not otherwise specify a key.
platform -- a test key for packages that are part of the core platform.
shared -- a test key for things that are shared in the home/contacts process.
media -- a test key for packages that are part of the media/download system.

These test keys are used strictly in development, and should never be assumed
to convey any sort of validity.? When $BUILD_SECURE=true, the code should not
honor these keys in any context.


signing using the openssl commandline (for boot/system images)
--------------------------------------------------------------

1. convert pk8 format key to pem format
?? % openssl pkcs8 -inform DER -nocrypt -in testkey.pk8 -out testkey.pem

2. create a signature using the pem format key
?? % openssl dgst -binary -sha1 -sign testkey.pem FILE > FILE.sig

extracting public keys for embedding
------------------------------------
it's a Java tool
but it generates C code
take a look at commands/recovery/Android.mk
you'll see it running $(HOST_OUT_JAVA_LIBRARIES)/dumpkey.jar

?

?

3.對(duì)3的補(bǔ)充：

在運(yùn)行第三步的命令前，請(qǐng)?jiān)谀惝?dāng)前的工作目錄下新建如下結(jié)構(gòu)的文件夾:com.android.signapk，然后將第二步編譯生成的SignApk放入該目錄下。或者也可以將SignApk.java的package聲明刪除后再運(yùn)行javac編譯。

?

命令java com.android.signapk.SignApk platform.x509.pem platform.pk8 input.apk output.apk

不單可以對(duì)apk文件進(jìn)行重簽名，也可以對(duì)所有的zip文件進(jìn)行重簽名，包括ROM文件。

?

網(wǎng)上Android數(shù)字簽名大多是與Android APK相關(guān)，而介紹Android系統(tǒng)簽名的方法卻不多。正巧前段時(shí)間幫別人做CTS 認(rèn)證，需要用到給Android系統(tǒng)簽名。

為什么需要給Android系統(tǒng)簽個(gè)名才能進(jìn)行CTS認(rèn)證呢？原來(lái)我們通過(guò)make -j4編譯出來(lái)的system.img使用的是test key,這種類型的key只適用于開發(fā)階段，而且這種秘鑰是公開的，誰(shuí)都可以使用。當(dāng)發(fā)布一款android產(chǎn)品，就需要另外給整個(gè)系統(tǒng)簽個(gè)名，防止被別人盜用。這種系統(tǒng)就是release版本的Android系統(tǒng)。

?

下面就詳細(xì)介紹下整個(gè)過(guò)程。

1、生成加密key文件

要對(duì)Android系統(tǒng)進(jìn)行簽名，需要生成四種類型的key文件。

a)releasekey

b)media

c)shared

d)platform

?

我們就拿releasekey為例簡(jiǎn)單介紹下生成過(guò)程。

1）進(jìn)入/android_src/development/tools目錄。

/development/tools$ ls
apkcheck? etc1tool??? hosttestlib? jdwpspy?????? makedict???????? mkstubs???????

axl?????? findunused? idegen?????? line_endings? make_key??? monkeyrunner??? zoneinfo

2）使用make_key工具生成簽名文件

development/tools$ sh make_key releasekey '/C=CN/ST=JiangSu/L=NanJing/O=Company/OU=Department/CN=YourName/emailAddress=YourE-mailAddress'

?

Enter password for 'releasekey' (blank for none; password will be visible): mypassword ??? <------- 設(shè)置你的密碼
creating platform.pk8 with password [mypassword]
Generating RSA private key, 2048 bit long modulus
...............+++
........................................................+++
e is 3 (0x3)

這里要順便介紹下make_key的參數(shù)。第一個(gè)參數(shù)是要生成key的名字，第二個(gè)參數(shù)是關(guān)于你公司的信息。

key的名字很好理解，就是前面提到的4中類型的key，公司信息的參數(shù)比較多，它們的含義如下：

C?? --->? Country Name (2 letter code)
ST? --->? State or Province Name (full name)
L?? --->? Locality Name (eg, city)
O?? --->? Organization Name (eg, company)
OU? --->? Organizational Unit Name (eg, section)
CN? --->? Common Name (eg, your name or your server’s hostname)
emailAddress --->? Contact email address

?

這樣就生成了一組releasekey,另外3種類型的key的生成方法也基本一樣。

生成后的結(jié)果如下：

/development/tools$ ls
makedict? media.pk8?????? mkstubs?????? platform.pk8?????? releasekey.pk8?????? shared.pk8??????
?make_key? media.x509.pem??? platform.x509.pem? releasekey.x509.pem? shared.x509.pem

*.pk8是生成的私鑰，而*.x509.pem是公鑰,生成時(shí)兩者是成對(duì)出現(xiàn)的.

2 、 把pk8和x509.pem文件拷貝到vendor/Modul/security/product_modul目錄

/android_src/vendor/Modul/security/product_modul$ cp ../../../../development/tools/*.pk8 ./
/android_src/vendor/Modul/security/product_modul$ cp ../../../../development/tools/*.pem ./

這一部雖然不是必須的,但最好還是這樣做下,由于牽涉到項(xiàng)目的原因,產(chǎn)品和產(chǎn)品型號(hào)就用Modul和product_modul代替了.

?

3 、 回到根目錄android_src

/android_src/vendor/Modul/security/product_modul$ cd ../../../../

大家看后肯定覺(jué)得這一步很多余,根本沒(méi)有必要單獨(dú)提出來(lái),但后來(lái)證明把這步提下還是很有必要的,因?yàn)榈?步的操作必須要在根目錄下執(zhí)行,不然會(huì)出錯(cuò).在這一點(diǎn)上我是吃了不少苦頭.

?

4 、編譯系統(tǒng)

/android_src$ make -j4 PRODUCT-product_modul-user dist

這個(gè)怎么跟平時(shí)的編譯不一樣,后面多了兩個(gè)參數(shù)PRODUCT-product_modul-user 和 dist. 編譯完成之后回在/android_src/dist/目錄內(nèi)生成個(gè)product_modul-target_files開頭的zip文件.這就是我們需要進(jìn)行簽名的文件系統(tǒng).

?

5 、開始簽名

android_src$ ./build/tools/releasetools/sign_target_files_apks -d vendor/Modul/security/product_modul/ out/dist/product_modul-target_files.zip? out/dist/signed_target_files.zip
ERROR: no key specified for:

? CalendarWidget.apk
? Contacts_yellowpage.apk
? SnsAppMain.apk
? fbandroid-1.5.0.apk
? AnalogClockWidget.apk
? MessageWidget.apk
? NewsWidget.apk

上面的意思是使用sign_target_files_apks工具采用vendor/Modul/security/product_modul/下的key對(duì)product_modul-target_files.zip文件進(jìn)行簽名,并把簽名結(jié)果放在out/dist/signed_target_files.zip里.

從上面的簽名結(jié)果看,簽名并沒(méi)有成功,原因是由于有些apk程序已經(jīng)簽過(guò)名了或者找不到對(duì)應(yīng)的key. 這也難不倒我們,我們可以通過(guò)設(shè)置過(guò)濾,不對(duì)上面的程序進(jìn)行簽名.方法如下:

通過(guò)參數(shù)"-e <apkname>=" 來(lái)過(guò)濾這些程序.

android_src$ ./build/tools/releasetools/sign_target_files_apks -d vendor/Modul/security/product_modul/? -e? CalendarWidget.apk=? -e ? Contacts_yellowpage.apk= ? -e? SnsAppMain.apk=? -e fbandroid-1.5.0.apk=? -e AnalogClockWidget.apk=? -e MessageWidget.apk=? -e? NewsWidget.apk=? ? out/dist/product_modul-target_files.zip? out/dist/signed_target_files.zip

?

Enter password for vendor/Modul/security/product_modul//media key>???????? <----- imput the password
Enter password for vendor/Modul/security/product_modul//platform key>????? <----- imput the password
Enter password for vendor/Modul/security/product_modul//releasekey key>? <----- imput the password
Enter password for vendor/Modul/security/product_modul//shared key>??????? <----- imput the password
rewriting RECOVERY/RAMDISK/default.prop:
? replace:? ro.build.tags=test-keys
???? with:? ro.build.tags=release-keys

NOT signing: CalendarWidget.apk
NOT signing: Contacts_yellowpage.apk
??? signing: Mms.apk????????????????????????????
??? signing: SoundRecorder.apk??????????????
??? signing: AccountAndSyncSettings.apk?????????
??? signing: Camera.apk??????????????????????????
.......................................................................
rewriting SYSTEM/build.prop:
? replace:? ro.build.tags=test-keys
???? with:? ro.build.tags=release-keys
? replace:? ro.build.description= test-keys
???? with:? ro.build.description= release-keys
? replace:? ro.build.fingerprint=...........................
???? with:? ro.build.fingerprint=.............................
??? signing: framework-res.apk????????????????????
done.

?

這樣就完成了android系統(tǒng)的簽名工作.

?

6 、生成image文件

android_src$ ./build/tools/releasetools/img_from_target_files? out/dist/signed-target-files.zip? out/dist/signed-img.zip
creating boot.img...
creating recovery.img...
creating system.img...
creating userdata.img...
cleaning up...
done.

使用img_from_target_files工具生成signed-img.zip文件.signed-img.zip文件包含了boot.img,userdate.img,system.img文件等.

?

7 、通過(guò)fastboot下載signed-img.zip文件

fastboot update signed-img.zip

通過(guò)fastboot就可以把簽了名的系統(tǒng)文件下載到手機(jī)上了。

?

?

介紹android APK簽名的方法有很多，下面這篇文章寫的挺不錯(cuò),有需要的可以參考一下.

http://yangguangfu.iteye.com/blog/723182

?

自己的key：

. make_key releasekey

'/C=CN/ST=GuangDong/L=ShenZhen/O=Toltech/OU=SystemSoftware/CN=Engineer/emailAddress=s

s@toltech.cn'

. make_key platform

'/C=CN/ST=GuangDong/L=ShenZhen/O=Toltech/OU=SystemSoftware/CN=Engineer/emailAddress=s

s@toltech.cn'

. make_key testkey

'/C=CN/ST=GuangDong/L=ShenZhen/O=Toltech/OU=SystemSoftware/CN=Engineer/emailAddress=s

s@toltech.cn'

. make_key shared

'/C=CN/ST=GuangDong/L=ShenZhen/O=Toltech/OU=SystemSoftware/CN=Engineer/emailAddress=s

s@toltech.cn'

. make_key media

'/C=CN/ST=GuangDong/L=ShenZhen/O=Toltech/OU=SystemSoftware/CN=Engineer/emailAddress=s

s@toltech.cn'

?

總結(jié)

以上是生活随笔為你收集整理的生成release版本的Android系统的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問(wèn)題。

如果覺(jué)得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。