[bytecode stake] Android signature mechanism (generate Android signature file | analyze signature file | function of two passwords in signature file | three signature methods)

1, Android signature mechanism

The APK file signature is to ensure the authenticity of the APK source and that the APK file has not been modified;

APK signature is based on Hash hash algorithm;

Hash hash algorithm features:

  • Uniqueness
  • Fixed length
  • Irreversible

Common Hash three column algorithms:

  • SHA-1 algorithm: secure hash algorithm 1 1 1. Length 160 160 160 bits;
  • MD5 algorithm: 128 128 128 bits;

Signature process:

  • ① Calculation data summary: calculate the original data through Hash algorithm;
  • ② Private key encryption: use the private key to encrypt the original data again; During verification, the public key is used to decrypt the original data;
  • ③ Write signature: write the signature into the signature block;

When signing, after entering the password of the signature file keystore, you should also enter the alias and alias password; One keystore can store multiple keys;

A signature is equivalent to a fingerprint. Any modification to the APK, even if a space is added to any resource file, will lead to the destruction of the signature and failure to pass the verification;

When signing, use the private key to encrypt APK; When installing APK package, the system will decrypt with public key;

2, Generate Android signature file

Generate signature key:

In Android Studio, select "menu bar / Build / Generate Signed Bundle/APK...",

Select the APK option,

Select to create a new signature file,

In "Key store path", select the generation path of the signature file,

In the pop-up dialog box, click the green Android icon to generate in the project root directory,

Enter the password and alias password, both set to 123456, and click "OK" to generate the signature file;

The signature file is generated in the project root directory;

3, Analyze signature file


keytool -list -v -keystore keystore.jks

Command to view the details of the signature key;

In the expansion below, there are 1 1 1 key #1: ObjectId: Criticality=false;

1 1 In one jks file, there can be multiple keys, and in this extension, there can be multiple keys;

The above signatures include those responsible for Java program signature and those responsible for Android APK signature;

Y:\002_WorkSpace\001_AS\AppStart>keytool -list -v -keystore keystore.jks
 Enter the keystore password:
Keystore type: PKCS12
 Keystore provider: SUN

Your keystore contains 1 entry

alias: key0
 Creation date: 2021-9-14
 entry type : PrivateKeyEntry
 Certificate chain length: 1
owner: CN=Han Shuliang
 Publisher: CN=Han Shuliang
 serial number: 3f8f6290
 Valid for Tue Sep 14 22:31:41 GMT+08:00 2021 to Sat Sep 08 22:31:41 GMT+08:00 2046
 Certificate fingerprint:
         MD5:  C1:02:69:22:1F:DB:62:A2:75:B4:C3:B8:6A:55:0C:23
         SHA1: 52:00:F8:BB:3B:3E:5B:DC:CF:BD:94:5A:30:A4:DF:C4:9D:33:54:EE
         SHA256: 02:42:F3:F2:5B:9A:04:9A:28:FD:16:06:25:66:BF:28:F0:DE:14:42:69:04:60:DF:2C:AD:42:C0:51:6D:9B:57
 Signature algorithm name: SHA256withRSA
 Principal public key algorithm: 2048 position RSA secret key
 edition: 3


#1: ObjectId: Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 26 9F 73 C0 B7 BC 03 F2   6A 15 0A E1 B7 8C 0B 78  &.s.....j......x
0010: 1A 92 C4 8E                                        ....


4, The role of two passwords in signing files

The password in the red rectangle is the password of the signature file;

The alias and password in the blue rectangle are the password for APK signature;

5, Three signature methods

Android has 3 3 3 sets of signature methods,

V1 signature is Jar file signature; The signature has certain insecurity;

V2 signature is the signature of the whole APK document; This is on Android 7.0 7.0 After 7.0;

V3 signature needs to upgrade the signature key; On Android 9.0 9.0 After 9.0;

Keywords: Android

Added by arunkar on Tue, 14 Sep 2021 23:04:03 +0300