As an experiment, I would like to use the platform key of my custom built Android platform to sign an arbitrary APK, that is built via the NDK. What is the process to go about doing this?
If you have your platform key/certificate pair (.pk8 + x509.pem). Which can be found under build/target/product/security in the pulbic sdk.
You can use the SignApk.jar from the command line
java -jar SignApk.jar platform.x509.pem platform.pk8 Application.apk Application_signed.apk
Or to make automation easier, you can import the key/cert pair into your java keystore file, with the keytool-importkeypair, and use an ant makefile or eclipse for signing.
keytool-importkeypair -k ~/.android/debug.keystore -p android -pk8 platform.pk8 -cert platform.x509.pem -alias platform
The signapk.jar (all lowercase) file mentioned in aprock' answer can be found at prebuilts/sdk/tools/lib/signapk.jar
(or out/host/linux-x86/framework/signapk.jar
).
Below I will describe how to manage the keystore used by Eclipse and ant release
.
The following command takes the key file platform.pk8 and X509 certificate platform.x509.pem and outputs the decrypted key material in tmp.p12. The name platformkey is used to
openssl pkcs8 -inform DER -nocrypt -in platform.pk8 | \ openssl pkcs12 -export -in platform.x509.pem -inkey /dev/stdin \ -name platformkey -password pass: -out tmp.p12
Eclipse and ant debug
use the keystore at ~/.android/debug.keystore which is locked with the password android
. (You can also specify an other keystore file if you want to, e.g. ~/.android/mykeys.keystore
.) The next command stores the key material from tmp.p12 in the keystore (without a password for the keys, if you want one, edit -srcstorepass ''
below):
keytool -importkeystore -deststorepass android -srckeystore tmp.p12 \ -srcstoretype PKCS12 -srcstorepass '' -destkeystore ~/.android/debug.keystore
At this point, you can delete the tmp.p12 file because it is no longer needed.
In order to check what is in your keystore, you can run the next keytool
command (the output it shown on the line thereafter):
$ keytool -list -keystore ~/.android/debug.keystore -storepass android ... platformkey, Nov 23, 2013, PrivateKeyEntry, Certificate fingerprint (SHA1): 12:34:56:(stripped):AB:CD:EF
When you no longer need the key, it can be removed with:
keytool -delete -keystore ~/.android/debug.keystore -storepass android -alias platformkey
In your local.properties
file, put (if you omit the key.*.password
options, you have to enter it every time you sign the APK):
key.store=${user.home}/.android/debug.keystore
key.alias=platformkey
key.store.password=android
key.alias.password=
Now you can run ant release
to sign your APK using the platform key you stored in a keystore.
© 2022 - 2024 — McMap. All rights reserved.