android签名已存在的apk

Android 2019-12-26 阅读 51 评论 0

使用uber-apk-signer.jar

使用 google 的新apk签名工具 uber-apk-signer。uber-apk-signer是一个 cli 工具,支持v1、v2和v3的Android签名方案。下载最新uber-apk-signer.jar

用法如下:

-a,--apks <file/folder>           Can be a single apk or a folder containing multiple apks. These are used
                                  as source for zipalining/signing/verifying. It is also possible to
                                  provide multiple locations space seperated (can be mixed file folder):
                                  '/apk /apks2 my.apk'. Folder will be checked non-recursively.
   --allowResign                  If this flag is set, the tool will not show error on signed apks, but
                                  will sign them with the new certificate (therefore removing the old
                                  one).
   --debug                        Prints additional info for debugging.
   --dryRun                       Check what apks would be processed without actually doing anything.
-h,--help                         Prints help docs.
   --ks <keystore>                The keystore file. If this isn't provided, will tryto sign with a debug
                                  keystore. The debug keystore will be searched in the same dir as
                                  execution and 'user_home/.android' folder. If it is not found there a
                                  built-in keystore will be used for convenience. It is possible to pass
                                  one or multiple keystores. The syntax for multiple params is
                                  '<index>=<keystore>' for example: '1=keystore.jks'. Must match the
                                  parameters of --ksAlias.
   --ksAlias <alias>              The alias of the used key in the keystore. Must be provided if --ks is
                                  provided. It is possible to pass one or multiple aliases for multiple
                                  keystore configs. The syntax for multiple params is '<index>=<alias>'
                                  for example: '1=my-alias'. Must match the parameters of --ks.
   --ksDebug <keystore>           Same as --ks parameter but with a debug keystore. With this option the
                                  default keystore alias and passwords are used and any arguments relating
                                  to these parameter are ignored.
   --ksKeyPass <password>         The password for the key. If this is not provided, caller will get a
                                  user prompt to enter it. It is possible to pass one or multiple
                                  passwords for multiple keystore configs. The syntax for multiple params
                                  is '<index>=<password>'. Must match the parameters of --ks.
   --ksPass <password>            The password for the keystore. If this is not provided, caller will get
                                  a user prompt to enter it. It is possible to pass one or multiple
                                  passwords for multiple keystore configs. The syntax for multiple params
                                  is '<index>=<password>'. Must match the parameters of --ks.
-l,--lineage <path>               The lineage file for apk signer schema v3 if more then 1 signature is
                                  used. See here https://bit.ly/2mh6iAC for more info.
-o,--out <path>                   Where the aligned/signed apks will be copied to. Must be a folder. Will
                                  create, if it does not exist.
   --overwrite                    Will overwrite/delete the apks in-place
   --skipZipAlign                 Skips zipAlign process. Also affects verify.
-v,--version                      Prints current version.
   --verbose                      Prints more output, especially useful for sign verify.
   --verifySha256 <cert-sha256>   Provide one or multiple sha256 in string hex representation (ignoring
                                  case) to let the tool check it against hashes of the APK's certificate
                                  and use it in the verify process. All given hashes must be present in
                                  the signature to verify e.g. if 2 hashes are given the apk must have 2
                                  signatures with exact these hashes (providing only one hash, even if it
                                  matches one cert, will fail).
-y,--onlyVerify                   If this is passed, the signature and alignment is only verified.
   --zipAlignPath <path>          Pass your own zipalign executable. If this is omitted the built-in
                                  version is used (available for win, mac and linux)

对已有apk进行签名,并且对apk进行zipalign对齐(zipalign优化可以帮助操作系统更高效率地根据请求索引资源)优化。可以运行

java -jar uber-apk-signer.jar -a #app-release.apk# --ks #keystore.jks# --ksAlias #alias# --ksKeyPass #keyPass# --ksPass #keystorePass#

其中 #app-release.apk# 是apk的路径,#keystore.jks# 是签名文件,#alias# 是秘钥的别名,#keyPass# 是秘钥的密码,#keystorePass# 是keystore的密码。

运行之后,生成了app-release-aligned-signed.apk。

$ ls
app-release-aligned-signed.apk	app-release.apk

jarsigner验证

jarsigner是jdk下的一个工具,一般在 %JAVA_HOME%/bin 目录下。

验证签名apk命令:

jarsigner -verify -verbose app-release_legu-aligned-signed.apk
最后更新 2020-03-18