How to sign an application package (APK) using OpenPGP (Yubikey)?

Asked 15/6, 2018 at 11:4 Answered 25/4, 2023 at 15:7

java android apk code-signing jar-signing

I want to sign APK files with a OpenPGP key stored within the OpenPGP applet of my Yubikey.

I am aware, that there is a solution for APK signing using Yubikey's PIV applet. The PIV applet, however, can only handle RSA keys up to 2048 bits in key length.

The BSI TR-02102-1 Cryptographic Mechanisms Technical Guidelines (translated english version) states that from the year 2023 on (or for the usage in 2023 and later), only RSA keys with a key length greater or equal to 3000 bits are allowed. The first available standard key length would be 3072 bits. I have to be compliant to the BSI TR-02102.

This sums up into the requirement, that I have to use 3072 bits for the key length and RSA as the algorithm, and I cannot use the PIV APK singing approach.

Is there a way to use the OpenPGP applet of Yubikey 4 to sign APK files using the standard procedure, or using a custom procedure?

Note: The private key is generated on the Yubikey and is not exportable. This is due to the design of the Yubikey and by my minimum security requirements. So exportation and conversation is not a possible solution.

Regazzi answered 15/6, 2018 at 11:4 Comment(5)

As the signing takes place on the USB device a key size limitation is strange. Are you sure that your Java version is not an old one restricted for export (RSA keys larger 2048 were restricted in such versions). Make sure to use a current unrestricted Java version (e.g. 6u181, 7u171, 8u161) or install JCE Unlimited Strength policy files. – Impostume 24/6, 2018 at 15:58

This (limitation) has nothing to do with Java. The PIV standard describes explicitly only 1024 and 2048 RSA keys and nothing else (nothing else is allowed). This question is about how to setup the communication between the Yubikey and Keytool via the Yubikey OpenPGP applet. – Regazzi 25/6, 2018 at 5:27

IMHO using an outdated apk signer tool like yubico-piv-tool is more security relevant than the used key for signing. The outdated tools only support the deprecated? v1 signature, apk signature v2 has some major security advantages and AFAIR Google is just in progress of releasing the v3 signature. Anyway you can sign an APK using multiple signatures may be that is a solution for you? – Impostume 26/6, 2018 at 19:21

Sounds promising, anyway I cannot use it since Android 6 devices are being used (v1 only). – Regazzi 27/6, 2018 at 14:30

The signature v2 is AFAIK transparent for old devices, therefore you can use it. Old devices check v1, new devices use v2. And in 2023 when your key should no longer be used Android 6 devices should not be a problem anymore. – Impostume 27/6, 2018 at 14:48

Use an USB token or a SmartCard which supports RSA ~~3072~~ 4096 for personal identity verification? Not even the Yubikey 5 does support that for PIV / FIPS 201-2 (which is a SmartCard emulation). I've searched for a while, but it seems there barely is any hardware which supports it yet (in case it's even applicable); alternatives I could find were RSA SecurID, Nitrokey Pro 2 and Gemalto IDBridge K50.

With APK signing v2 or v3, the strength of the upload key might not even matter that much ... it says RSA 1024, RSA 2048, RSA 4096, RSA 8192, RSA 16384 are being supported, but it says nowhere which strength the actual release key would have, which would be the rather interesting part of it. The V3SchemeSigner hints for PKCS1 V1.5 encoding format; but the only way to find out would be to check the public key of a package from the Play Store by running ssh-keygen -lf ./rsa_key.pub (which shows the fingerprint of the public key file, which also displays the strength of the key).

security.stackexchange.com might provide further clues.

Tamaru answered 9/3, 2019 at 2:24 Comment(1)

Good idea. Windows only support and they site says "CRYPTOMATE64 is end-of-life already."... – Grotto 9/3, 2019 at 2:32

It's possible to use the OpenPGP applet on the Yubikey to sign an APK by using the OpenSC PKCS#11 module. By default OpenSC will use the keys from the PIV applet, the trick is to set the environment variable OPENSC_DRIVER=openpgp to force the use of the OpenPGP applet.

The syntax will look like this:

OPENSC_DRIVER=openpgp \
apksigner sign -ks NONE --ks-type PKCS11 \
               --ks-key-alias SIGN \
               --provider-class sun.security.pkcs11.SunPKCS11 \
               --provider-arg opensc.cfg \
               myapp.apk

and opensc.cfg is the SunPKCS11 configuration file for OpenSC:

name=OpenSC
library=/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
slot=8

(the actual slot may be different)

Nympha answered 25/4, 2023 at 15:7 Comment(0)

Recommended topics

Hot tags