对应用进行签名需要先生成 签名文件/密钥库。Java 包含一个用于此目的的工具:keytool
。**keytool
**位于 Java JDK 中。 **keytool
**在你回答几个简单的问题后,它将快速生成一个公钥/私钥对并将它们存储在签名文件/密钥库中。
keytool
有许多命令和参数。用于 Android 签名的最常用命令**-genkeypair
,通常缩写-genkey
**。
-genkey
的主要选项如下:
-keystore | 生成的密钥库的文件名 |
---|---|
-alias | 密钥对别名 |
-keyalg | 用于生成密钥对的算法 |
-keysize | 密钥对大小,以位为单位 |
-validity | 密钥对有效期,以天为单位 |
一定要设置
-validity
参数,不指定它创建的密钥对默认有效期只有90天
keytool -genkey -v -keystore sample.jks -alias aliasName1 -keyalg RSA -validity 20000
# -validity 20000 大约是54年
# 按照提示设置密码和其他信息
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: itmob
What is the name of your organizational unit?
[Unknown]: itmob.cn
What is the name of your organization?
[Unknown]: itmob.cn
What is the name of your City or Locality?
[Unknown]: beijing
What is the name of your State or Province?
[Unknown]: beijing
What is the two-letter country code for this unit?
[Unknown]: 86
Is CN=sample name, OU=sample, O=sample, L=beijing, ST=beijing, C=86 correct?
[no]: yes
如果不指定别名(alias)参数,则会使用
mykey
作为默认的别名
重复该命令,修改别名再次执行可以在同一密钥库创建多个密钥对
keytool -genkey -v -keystore sample.jks -alias aliasName2 -keyalg RSA -validity 20000
# 按照提示设置密码和其他信息
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: itmob
What is the name of your organizational unit?
[Unknown]: itmob.cn
What is the name of your organization?
[Unknown]: itmob.cn
What is the name of your City or Locality?
[Unknown]: beijing
What is the name of your State or Province?
[Unknown]: beijing
What is the two-letter country code for this unit?
[Unknown]: 86
Is CN=sample name, OU=sample, O=sample, L=beijing, ST=beijing, C=86 correct?
[no]: yes
创建密钥时也可以指定 -keysize
keytool -genkey -v -keystore sample.jks -alias aliasName2 -keyalg RSA -keysize 2048 -validity 20000
查看创建的签名文件/密钥库
keytool -list -v -keystore sample.jks
Enter keystore password:
Keystore type: PKCS12
Keystore provider: SUN
Your keystore contains 2 entries
Alias name: aliasname1
Creation date: Aug 17, 2022
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=itmob, OU=itmob.cn, O=itmob.cn, L=beijing, ST=beijing, C=86
Issuer: CN=itmob, OU=itmob.cn, O=itmob.cn, L=beijing, ST=beijing, C=86
Serial number: cb1ef41f9104ef63
Valid from: Wed Aug 10 14:58:44 CST 2022 until: Tue Nov 15 14:58:44 CST 2022
Certificate fingerprints:
SHA1: E4:61:E7:B6:55:FF:1F:B4:C6:FB:F4:57:AA:99:CC:F7:6B:D6:BF:C5
SHA256: 13:11:08:D5:CD:ED:83:30:CF:2B:D3:89:3F:87:F9:A5:9E:77:9D:C0:0A:AC:70:C6:51:DD:40:ED:10:8D:BC:ED
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 8D 16 0E 10 99 0A 2E EC CB B1 B4 57 83 D1 56 55 ...........W..VU
0010: A4 E6 41 81 ..A.
]
]
*******************************************
*******************************************
Alias name: aliasname2
Creation date: Aug 17, 2022
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=itmob, OU=itmob.cn, O=itmob.cn, L=beijing, ST=beijing, C=86
Issuer: CN=itmob, OU=itmob.cn, O=itmob.cn, L=beijing, ST=beijing, C=86
Serial number: 4340ffaa49898cc4
Valid from: Wed Aug 17 15:00:37 CST 2022 until: Tue Nov 15 15:00:37 CST 2022
Certificate fingerprints:
SHA1: 39:AD:4C:51:36:8F:0E:6E:A8:8D:AC:9E:0B:FD:3A:FE:1C:F2:B8:AC
SHA256: 8F:FE:E8:DF:9C:7F:A7:56:2E:41:8D:C6:EA:FB:DF:E7:6E:13:64:9D:51:7E:6D:D7:48:01:EA:8D:B4:22:9F:DA
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 40 DB 5B E8 2B A7 18 66 EE B7 27 E3 A8 0E 9E 3B @...K..f..'....k
0010: 39 22 33 C7 9"6.
]
]
*******************************************
*******************************************