0%

将.pem与.pk8文件转换成.keystore签名文件

新建一个platform目录,将平台用到的两个文件platform.x509.pem和platform.pk8拷贝过来,通常在build/target/product/security/目录下,普通签名方式是:

1
2
3
4
5
#!/bin/bash
inPath=$1
outPath=$2

java -jar out/host/linux-x86/framework/signapk.jar build/target/product/security/tinno_common/platform.x509.pem build/target/product/security/tinno_common/platform.pk8 ${inPath} ${outPath}

把pkcs8格式的私钥转换为pkcs12格式,生成platform.priv.pem文件:

1
$ openssl pkcs8 -in platform.pk8 -inform DER -outform PEM -out platform.priv.pem -nocrypt

生成pkcs12格式的密钥文件,生成platform.pk12文件,最后的brilliance是keystore的alias,需要输入两次密码,我们这里默认为android。

1
$ openssl pkcs12 -export -in platform.x509.pem -inkey platform.priv.pem -out platform.pk12 -name brilliance

生成platform.keystore

1
$ keytool -importkeystore -deststorepass android -destkeypass android -destkeystore platform.keystore -srckeystore platform.pk12 -srcstoretype PKCS12 -srcstorepass android -alias brilliance

使用.keystore签名的脚本signapk:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
#!/bin/bash
# Sample usage is as follows;
# ./signapk myapp.apk debug.keystore android androiddebugkey
#
# param1, APK file: Calculator_debug.apk
# param2, keystore location: ~/.android/debug.keystore
# param3, key storepass: android
# param4, key alias: androiddebugkey

USER_HOME=$(eval echo ~${SUDO_USER})

# use my debug key default
APK=$1
KEYSTORE="${2:-$USER_HOME/.android/debug.keystore}"
STOREPASS="${3:-android}"
ALIAS="${4:-androiddebugkey}"


# get the filename
APK_BASENAME=$(basename $APK)
SIGNED_APK="signed_"$APK_BASENAME

#debug
echo param1 $APK
echo param2 $KEYSTORE
echo param3 $STOREPASS
echo param4 $ALIAS

# delete META-INF folder
zip -d $APK META-INF/\*

# sign APK
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore $KEYSTORE -storepass $STOREPASS $APK $ALIAS
#verify
jarsigner -verify $APK

#zipalign
zipalign -v 4 $APK $SIGNED_APK