Android APK签名存在什么样的陷阱?
免责声明:我知道签署APKs的基本知识,我只有一个项目有问题,而且只有在使用Microsoft Windows作为操作系统签署时才有问题。 我正在使用maven jarsigner插件构建我的APK并对其进行签名:Android APK签名存在什么样的陷阱?,android,maven,java-7,jarsigner,Android,Maven,Java 7,Jarsigner,免责声明:我知道签署APKs的基本知识,我只有一个项目有问题,而且只有在使用Microsoft Windows作为操作系统签署时才有问题。 我正在使用maven jarsigner插件构建我的APK并对其进行签名: <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-jarsigner-plugin</artifactId>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jarsigner-plugin</artifactId>
<executions>
<execution>
<id>signing</id>
<goals>
<goal>sign</goal>
</goals>
<phase>package</phase>
<inherited>true</inherited>
<configuration>
<archive>target/${project.build.finalName}.apk</archive>
<sigfile>CERT</sigfile>
<keystore>${env.HOME}/.keystore</keystore>
<storepass>${env.KEY_STOREPASS}</storepass>
<keypass>${env.KEY_KEYPASS}</keypass>
<alias>${env.KEY_ALIAS}</alias>
</configuration>
</execution>
</executions>
</plugin>
<arguments>
<argument>-sigalg</argument><argument>MD5withRSA</argument>
<argument>-digestalg</argument><argument>SHA1</argument>
</arguments>
正如我在第一句中所说的:在使用Mac OS X进行签名时,它可以正常工作。只有在使用Windows 7进行签名时,它才会失败
使用--debug
调用Maven时,我看到jarsigner被调用为ok,并且没有报告错误:
[INFO]
[INFO] --- maven-jarsigner-plugin:1.2:sign (signing) @ FX-602P-Droid ---
[DEBUG] org.apache.maven.plugins:maven-jarsigner-plugin:jar:1.2:
[DEBUG] org.apache.maven:maven-plugin-api:jar:2.0.6:compile
[DEBUG] org.apache.maven:maven-project:jar:2.0.6:compile
[DEBUG] org.apache.maven:maven-settings:jar:2.0.6:compile
[DEBUG] org.apache.maven:maven-profile:jar:2.0.6:compile
[DEBUG] org.apache.maven:maven-model:jar:2.0.6:compile
[DEBUG] org.apache.maven:maven-artifact-manager:jar:2.0.6:compile
[DEBUG] org.apache.maven:maven-repository-metadata:jar:2.0.6:compile
[DEBUG] org.apache.maven:maven-plugin-registry:jar:2.0.6:compile
[DEBUG] org.codehaus.plexus:plexus-container-default:jar:1.0-alpha-9-stable-1:compile
[DEBUG] junit:junit:jar:3.8.1:compile
[DEBUG] classworlds:classworlds:jar:1.1-alpha-2:compile
[DEBUG] org.apache.maven:maven-artifact:jar:2.0.6:compile
[DEBUG] org.codehaus.plexus:plexus-utils:jar:1.5.15:compile
[DEBUG] Created new class realm plugin>org.apache.maven.plugins:maven-jarsigner-plugin:1.2
[DEBUG] Importing foreign packages into class realm plugin>org.apache.maven.plugins:maven-jarsigner-plugin:1.2
[DEBUG] Imported: < project>net.sourceforge.uiq3:FX-602P-Droid:5.0.0
[DEBUG] Populating class realm plugin>org.apache.maven.plugins:maven-jarsigner-plugin:1.2
[DEBUG] Included: org.apache.maven.plugins:maven-jarsigner-plugin:jar:1.2
[DEBUG] Included: junit:junit:jar:3.8.1
[DEBUG] Included: org.codehaus.plexus:plexus-utils:jar:1.5.15
[DEBUG] Excluded: org.apache.maven:maven-plugin-api:jar:2.0.6
[DEBUG] Excluded: org.apache.maven:maven-project:jar:2.0.6
[DEBUG] Excluded: org.apache.maven:maven-settings:jar:2.0.6
[DEBUG] Excluded: org.apache.maven:maven-profile:jar:2.0.6
[DEBUG] Excluded: org.apache.maven:maven-model:jar:2.0.6
[DEBUG] Excluded: org.apache.maven:maven-artifact-manager:jar:2.0.6
[DEBUG] Excluded: org.apache.maven:maven-repository-metadata:jar:2.0.6
[DEBUG] Excluded: org.apache.maven:maven-plugin-registry:jar:2.0.6
[DEBUG] Excluded: org.codehaus.plexus:plexus-container-default:jar:1.0-alpha-9-stable-1
[DEBUG] Excluded: classworlds:classworlds:jar:1.1-alpha-2
[DEBUG] Excluded: org.apache.maven:maven-artifact:jar:2.0.6
[DEBUG] Configuring mojo org.apache.maven.plugins:maven-jarsigner-plugin:1.2:sign from plugin realm ClassRealm[plugin>org.apache.maven.plugins:maven-jarsigner-plugin:1.
2, parent: sun.misc.Launcher$AppClassLoader@214c4ac9]
[DEBUG] Configuring mojo 'org.apache.maven.plugins:maven-jarsigner-plugin:1.2:sign' with basic configurator -->
[DEBUG] (f) alias = krischik
[DEBUG] (f) archive = C:\Work\uiq3\Java\FX-602P-Droid\target\FX-602P-Droid-5.0.0.apk
[DEBUG] (f) arguments = []
[DEBUG] (f) keypass = Atlan.
[DEBUG] (f) keystore = C:\Users\martin.krischik/.keystore
[DEBUG] (f) processAttachedArtifacts = true
[DEBUG] (f) processMainArtifact = true
[DEBUG] (f) project = MavenProject: net.sourceforge.uiq3:FX-602P-Droid:5.0.0 @ C:\Work\uiq3\Java\FX-602P-Droid\pom.xml
[DEBUG] (f) removeExistingSignatures = false
[DEBUG] (f) sigfile = CERT
[DEBUG] (f) skip = false
[DEBUG] (f) storepass = !AtlanRhodan!
[DEBUG] (f) verbose = false
[DEBUG] -- end configuration --
[DEBUG] Verarbeite C:\Work\uiq3\Java\FX-602P-Droid\target\FX-602P-Droid-5.0.0.apk
[DEBUG] 'cmd.exe /X /C "C:\opt\Java\jdk\1.7.0\bin\jarsigner.exe -keystore C:\Users\martin.krischik/.keystore -storepass '*****' -keypass '*****' -sigfile CERT C:\Work\u
iq3\Java\FX-602P-Droid\target\FX-602P-Droid-5.0.0.apk krischik"'
[INFO] 1 Archiv(e) verarbeitet
[INFO]
[信息]
[信息]---maven jarsigner插件:1.2:sign(签名)@FX-602P-Droid---
[DEBUG]org.apache.maven.plugins:maven-jarsigner-plugin:jar:1.2:
[DEBUG]org.apache.maven:maven插件api:jar:2.0.6:compile
[DEBUG]org.apache.maven:maven项目:jar:2.0.6:compile
[DEBUG]org.apache.maven:maven设置:jar:2.0.6:compile
[DEBUG]org.apache.maven:maven profile:jar:2.0.6:compile
[DEBUG]org.apache.maven:maven模型:jar:2.0.6:compile
[DEBUG]org.apache.maven:maven工件管理器:jar:2.0.6:compile
[DEBUG]org.apache.maven:maven存储库元数据:jar:2.0.6:compile
[DEBUG]org.apache.maven:maven插件注册表:jar:2.0.6:compile
[DEBUG]org.codehaus.plexus:plexus容器默认值:jar:1.0-alpha-9-stable-1:compile
[DEBUG]junit:junit:jar:3.8.1:compile
[DEBUG]classworlds:classworlds:jar:1.1-alpha-2:compile
[DEBUG]org.apache.maven:maven工件:jar:2.0.6:compile
[DEBUG]org.codehaus.plexus:plexus-utils:jar:1.5.15:compile
[DEBUG]创建了新的类realm plugin>org.apache.maven.plugins:maven jarsigner plugin:1.2
[调试]将外来包导入类领域plugin>org.apache.maven.plugins:maven jarsigner plugin:1.2
[调试]导入:net.sourceforge.uiq3:FX-602P-Droid:5.0.0
[调试]填充类领域插件>org.apache.maven.plugins:maven jarsigner插件:1.2
[调试]包括:org.apache.maven.plugins:maven jarsigner插件:jar:1.2
[DEBUG]包括:junit:junit:jar:3.8.1
[调试]包括:org.codehaus.plexus:plexus-utils:jar:1.5.15
[调试]排除:org.apache.maven:maven插件api:jar:2.0.6
[DEBUG]排除:org.apache.maven:maven项目:jar:2.0.6
[DEBUG]排除:org.apache.maven:maven设置:jar:2.0.6
[DEBUG]排除:org.apache.maven:maven profile:jar:2.0.6
[DEBUG]排除:org.apache.maven:maven模型:jar:2.0.6
[DEBUG]排除:org.apache.maven:maven工件管理器:jar:2.0.6
[DEBUG]排除:org.apache.maven:maven存储库元数据:jar:2.0.6
[DEBUG]排除:org.apache.maven:maven插件注册表:jar:2.0.6
[DEBUG]排除:org.codehaus.plexus:plexus容器默认值:jar:1.0-alpha-9-stable-1
[DEBUG]排除:classworlds:classworlds:jar:1.1-alpha-2
[DEBUG]排除:org.apache.maven:maven工件:jar:2.0.6
[调试]配置mojo org.apache.maven.plugins:maven jarsigner插件:1.2:从插件领域ClassRealm[plugin>org.apache.maven.plugins:maven jarsigner插件:1。
2,父项:sun.misc.Launcher$AppClassLoader@214c4ac9]
[调试]使用基本配置程序-->
[调试](f)别名=Krishik
[DEBUG](f)archive=C:\Work\uiq3\Java\FX-602P-Droid\target\FX-602P-Droid-5.0.0.apk
[DEBUG](f)参数=[]
[DEBUG](f)keypass=Atlan。
[DEBUG](f)keystore=C:\Users\martin.krishik/.keystore
[DEBUG](f)processAttachedArtifacts=true
[DEBUG](f)processMainArtifact=true
[DEBUG](f)project=MavenProject:net.sourceforge.uiq3:FX-602P-Droid:5.0.0@C:\Work\uiq3\Java\FX-602P-Droid\pom.xml
[DEBUG](f)removeExistingSignatures=false
[DEBUG](f)sigfile=CERT
[DEBUG](f)skip=false
[DEBUG](f)storepass=!亚特兰罗丹!
[DEBUG](f)verbose=false
[调试]--结束配置--
[调试]Verarbeite C:\Work\uiq3\Java\FX-602P-Droid\target\FX-602P-Droid-5.0.0.apk
[DEBUG]'cmd.exe/X/C“C:\opt\Java\jdk\1.7.0\bin\jarsigner.exe-keystore C:\Users\martin.krishik/.keystore-storepass'*****'-keypass'*****'-sigfile CERT C:\Work\u
iq3\Java\FX-602P-Droid\target\FX-602P-Droid-5.0.0.apk krishik“'
[信息]1名建筑师(e)verarbeitet
[信息]
还有什么可能出了问题
PS:我刚刚注意到
C:\opt\Java\jdk\1.7.0\bin\jarsigner.exe
-jarsigner是否从1.6更改为1.7?为什么Maven会在1.6项目中使用1.7签名者?要找到1.7的使用信息是非常困难的,但一旦找到,就相当简单:
对于keytool
包括:
-sigalg SHA1withDSA -keyalg DSA -keysize 1024
-sigalg SHA1withDSA -digestalg SHA1
对于jarsigner
包括:
-sigalg SHA1withDSA -keyalg DSA -keysize 1024
-sigalg SHA1withDSA -digestalg SHA1
(1024是最大值,有效,越少越好)解决方案是将此添加到maven jarsigner插件的
:
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jarsigner-plugin</artifactId>
<executions>
<execution>
<id>signing</id>
<goals>
<goal>sign</goal>
</goals>
<phase>package</phase>
<inherited>true</inherited>
<configuration>
<archive>target/${project.build.finalName}.apk</archive>
<sigfile>CERT</sigfile>
<keystore>${env.HOME}/.keystore</keystore>
<storepass>${env.KEY_STOREPASS}</storepass>
<keypass>${env.KEY_KEYPASS}</keypass>
<alias>${env.KEY_ALIAS}</alias>
</configuration>
</execution>
</executions>
</plugin>
<arguments>
<argument>-sigalg</argument><argument>MD5withRSA</argument>
<argument>-digestalg</argument><argument>SHA1</argument>
</arguments>
,但是Maven插件没有。来自Baqueta的解决方案也适用于我
在keytool中使用以下参数:
-sigalg MD5withRSA -keyalg RSA -keysize 1024
我还在jarsigner中使用:
-sigalg MD5withRSA -digestalg SHA1
谢谢,APK最终使用Java7编译并安装在设备上 谢谢你。。。它帮助我纠正了签名问题
jarsigner -verbose -sigalg SHA1withRSA -digestalg
keytool -sigalg MD5withRSA -keyalg RSA
最后,别忘了zipalign
我使用了类似的keytool
和jarsigner
方法,问题得到了解决。更新:这确实是jarsigner的问题。从命令行使用1.6 jar签名器可以按预期工作。-这就变成了一个maven的问题:如何指定在maven中使用哪个jarsigner?更新:1.7 jarsigner使用了一种与Android不兼容的不同算法。这是一个bug,但我认为这必须在maven jarsigner插件中修复,就像在ANT中已经修复一样,请参阅:不完全jarsigner错误:java.security.SignatureException:私钥算法与签名算法不兼容使用这些设置时,我遇到了与Martin相同的错误。将keytool
args更改为-sigalg MD5withRSA-keyalg RSA-keysize 1024
对我很有效。Baq