ITmob-Ly
发布于 2022-08-24 / 462 阅读
0

Android - 使用命令行生成密钥库/签名文件

keytool

对应用进行签名需要先生成 签名文件/密钥库。Java 包含一个用于此目的的工具:keytool 。**keytool**位于 Java JDK 中。 **keytool**在你回答几个简单的问题后,它将快速生成一个公钥/私钥对并将它们存储在签名文件/密钥库中。

keytool 有许多命令和参数。用于 Android 签名的最常用命令**-genkeypair,通常缩写-genkey**。

-genkey 的主要选项如下:

-keystore               生成的密钥库的文件名
-alias               密钥对别名
-keyalg               用于生成密钥对的算法
-keysize               密钥对大小,以位为单位
-validity               密钥对有效期,以天为单位

一定要设置 -validity 参数,不指定它创建的密钥对默认有效期只有90天

keytool -genkey -v -keystore sample.jks -alias aliasName1 -keyalg RSA -validity 20000

# -validity 20000 大约是54年
# 按照提示设置密码和其他信息
Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]:  itmob
What is the name of your organizational unit?
  [Unknown]:  itmob.cn
What is the name of your organization?
  [Unknown]:  itmob.cn
What is the name of your City or Locality?
  [Unknown]:  beijing
What is the name of your State or Province?
  [Unknown]:  beijing
What is the two-letter country code for this unit?
  [Unknown]:  86
Is CN=sample name, OU=sample, O=sample, L=beijing, ST=beijing, C=86 correct?
  [no]:  yes

如果不指定别名(alias)参数,则会使用 mykey 作为默认的别名

重复该命令,修改别名再次执行可以在同一密钥库创建多个密钥对

keytool -genkey -v -keystore sample.jks -alias aliasName2 -keyalg RSA -validity 20000

# 按照提示设置密码和其他信息
Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]:  itmob
What is the name of your organizational unit?
  [Unknown]:  itmob.cn
What is the name of your organization?
  [Unknown]:  itmob.cn
What is the name of your City or Locality?
  [Unknown]:  beijing
What is the name of your State or Province?
  [Unknown]:  beijing
What is the two-letter country code for this unit?
  [Unknown]:  86
Is CN=sample name, OU=sample, O=sample, L=beijing, ST=beijing, C=86 correct?
  [no]:  yes

创建密钥时也可以指定 -keysize

keytool -genkey -v -keystore sample.jks -alias aliasName2 -keyalg RSA -keysize 2048 -validity 20000

查看创建的签名文件/密钥库

keytool -list -v -keystore sample.jks

Enter keystore password:
Keystore type: PKCS12
Keystore provider: SUN

Your keystore contains 2 entries

Alias name: aliasname1
Creation date: Aug 17, 2022
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=itmob, OU=itmob.cn, O=itmob.cn, L=beijing, ST=beijing, C=86
Issuer: CN=itmob, OU=itmob.cn, O=itmob.cn, L=beijing, ST=beijing, C=86
Serial number: cb1ef41f9104ef63
Valid from: Wed Aug 10 14:58:44 CST 2022 until: Tue Nov 15 14:58:44 CST 2022
Certificate fingerprints:
         SHA1: E4:61:E7:B6:55:FF:1F:B4:C6:FB:F4:57:AA:99:CC:F7:6B:D6:BF:C5
         SHA256: 13:11:08:D5:CD:ED:83:30:CF:2B:D3:89:3F:87:F9:A5:9E:77:9D:C0:0A:AC:70:C6:51:DD:40:ED:10:8D:BC:ED
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 8D 16 0E 10 99 0A 2E EC   CB B1 B4 57 83 D1 56 55  ...........W..VU
0010: A4 E6 41 81                                        ..A.
]
]

*******************************************
*******************************************

Alias name: aliasname2
Creation date: Aug 17, 2022
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=itmob, OU=itmob.cn, O=itmob.cn, L=beijing, ST=beijing, C=86
Issuer: CN=itmob, OU=itmob.cn, O=itmob.cn, L=beijing, ST=beijing, C=86
Serial number: 4340ffaa49898cc4
Valid from: Wed Aug 17 15:00:37 CST 2022 until: Tue Nov 15 15:00:37 CST 2022
Certificate fingerprints:
         SHA1: 39:AD:4C:51:36:8F:0E:6E:A8:8D:AC:9E:0B:FD:3A:FE:1C:F2:B8:AC
         SHA256: 8F:FE:E8:DF:9C:7F:A7:56:2E:41:8D:C6:EA:FB:DF:E7:6E:13:64:9D:51:7E:6D:D7:48:01:EA:8D:B4:22:9F:DA
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 40 DB 5B E8 2B A7 18 66   EE B7 27 E3 A8 0E 9E 3B  @...K..f..'....k
0010: 39 22 33 C7                                        9"6.
]
]

*******************************************
*******************************************