Loading ‘screen’ into random state – done
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
Country Name (2 letter code) [AU]:cn
State or Province Name (full name) [Some-State]:zhejiang
Locality Name (eg, city) :hangzhou
Organization Name (eg, company) [Internet Widgits Pty Ltd]:sing
Organizational Unit Name (eg, section) :sing
Common Name (eg, YOUR name) :netease
Email Address :email@example.com
openssl pkcs8 -in testkey.pem -topk8 -outform DER -out testkey.pk8 -nocrypt
I want to preface this question with two things so I can narrow down where my actual question is:
a) I’ve done software dev before, though never for android
b) I’m familiar with PKI and encryptions and hashing and digital signatures and blah blah blah
That being said I’m having trouble tracking down more information about where and how Android verifies app creators. I’ve heard a lot of different information so I’m trying to synthesize to get a better idea of the workflow.
I know that every app developer gets their own private/public key pair and they sign their apps by hashing the APK (with SHA-1 most of the time if I’m not mistaken) and there you go. You upload it and (I believe) the public key goes in META INF inside the APK. This much I understand.
My question is how this relates to when a user downloads the app itself. I know the phone checks to make sure that the app is validly signed, and that the signature also has information about author and etc included. But I’ve also read that apps are self signed and that Google Play (or whatever they’re calling the Market now) doesn’t implement a CA, and that there’s no identity authentication? But my question is what, then, stops people from uploading an app under another developers name (crowdsourcing aside)?
If the phone only checks for valid signatures does that imply that the only means of authentication is done when the app is uploaded? And if that’s the case how does the app market check it? Is it the usual – use the private key on file and verify the signature? Or does the developer have to provide the market with their private key to authenticate?
In short, Android and Google Play essentially don’t care about what’s in actual certificate. Google Play will validate it indeed, and check if it is valid for 30 years or more, but they don’t really use (at least currently, AFAIK) the actual info in the cert. You could use your own name/company name in the CN, but no one will validate this, and users won’t see this info at all. What Android does is:
check the signature to make sure the APK hasn’t been tampered with
then compare the singing certificate as a binary blob to the one of the currently installed version of the app to make sure that the two versions have been signed with the same key/certificate (e.g., by the same person/company)
it does the same thing to enforce permission if you are using using sharedUid or signature permissions with two or more apps.
So, to answer your question, someone can easily create a certificate with your name on it, but Android and Google Play don’t really care. As long as they don’t have your private key, they won’t be able produce an app signature that is the same as yours and thus they wouldn’t be able to overwrite/update your app with theirs, or get any special permissions.
Created with Colorer-take5 Library. Type 'html'
HTML Test Page
test.Applet1 will appear below in a Java enabled browser.<br><appletcodebase="."code="com.applet.TestSecurity"name="TestApplet"width="400"height="300"hspace="0"vspace="0"align="middle"archive="test.jar"></applet></body></html>
将以上html文件与test.jar文件放在同一目录,用IE打开,则可看到IE弹出安全警告: The application’s digital signature is invalid.Do you want to run the application?
用户可查看test.jar的签名信息,如果选择取消息,然后点击create a file 按钮,则提示:access denied(java.io.FilePermission c:\a.txt write)
如果在IE弹出安全警告选择”始终信任此发行者的内容”,然后点击运行,再点击create a file 按钮,则提示:成功创建文件c:\a.txt
The following standard test keys are currently included:
testkey — a generic key for packages that do not otherwise specify a key.
platform — a test key for packages that are part of the core platform.
shared — a test key for things that are shared in the home/contacts process.
media — a test key for packages that are part of the media/download system.
These test keys are used strictly in development, and should never be assumed
to convey any sort of validity. When $BUILD_SECURE=true, the code should not
honor these keys in any context.
signing using the openssl commandline (for boot/system images)
1. convert pk8 format key to pem format
% openssl pkcs8 -inform DER -nocrypt -in testkey.pk8 -out testkey.pem
2. create a signature using the pem format key
% openssl dgst -binary -sha1 -sign testkey.pem FILE > FILE.sig
extracting public keys for embedding
it’s a Java tool
but it generates C code
take a look at commands/recovery/Android.mk
you’ll see it running $(HOST_OUT_JAVA_LIBRARIES)/dumpkey.jar