如何获取APK签名?

发布于 2024-10-30 14:26:31 字数 62 浏览 5 评论 0原文

有没有办法检索用于签署 APK 的密钥的签名?我使用密钥库中的密钥签署了我的 APK。我如何以编程方式检索它?

Is there a way to retrieve the signature of the key used to sign an APK? I signed my APK with my key from my keystore. How can I retrieve it programmatically?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

冰雪梦之恋 2024-11-06 14:26:31

您可以使用 PackageManager 类访问 APK 的签名
http://developer.android.com/reference/android/content/pm /PackageManager.html

Signature[] sigs = context.getPackageManager().getPackageInfo(context.getPackageName(), PackageManager.GET_SIGNATURES).signatures;
for (Signature sig : sigs)
{
    Trace.i("MyApp", "Signature hashcode : " + sig.hashCode());
}

我用它来与我的调试密钥的哈希码进行比较,作为识别 APK 是调试 APK 还是发布 APK 的方法。

You can access the APK's signing signature like this using the PackageManager class
http://developer.android.com/reference/android/content/pm/PackageManager.html

Signature[] sigs = context.getPackageManager().getPackageInfo(context.getPackageName(), PackageManager.GET_SIGNATURES).signatures;
for (Signature sig : sigs)
{
    Trace.i("MyApp", "Signature hashcode : " + sig.hashCode());
}

I've used this to compare with the hashcode for my debug key, as a way to identify whether the APK is a debug APK or a release APK.

小草泠泠 2024-11-06 14:26:31

包管理器将为您提供任何已安装包的签名证书。然后您可以打印出签名密钥的详细信息,例如

final PackageManager packageManager = context.getPackageManager();
final List<PackageInfo> packageList = packageManager.getInstalledPackages(PackageManager.GET_SIGNATURES);

for (PackageInfo p : packageList) {
    final String strName = p.applicationInfo.loadLabel(packageManager).toString();
    final String strVendor = p.packageName;

    sb.append("<br>" + strName + " / " + strVendor + "<br>");

    final Signature[] arrSignatures = p.signatures;
    for (final Signature sig : arrSignatures) {
        /*
        * Get the X.509 certificate.
        */
        final byte[] rawCert = sig.toByteArray();
        InputStream certStream = new ByteArrayInputStream(rawCert);

        try {
            CertificateFactory certFactory = CertificateFactory.getInstance("X509");
            X509Certificate x509Cert = (X509Certificate) certFactory.generateCertificate(certStream);

            sb.append("Certificate subject: " + x509Cert.getSubjectDN() + "<br>");
            sb.append("Certificate issuer: " + x509Cert.getIssuerDN() + "<br>");
            sb.append("Certificate serial number: " + x509Cert.getSerialNumber() + "<br>");
            sb.append("<br>");
        }
        catch (CertificateException e) {
            // e.printStackTrace();
        }
    }
}

The package manager will give you the signing certificate for any installed package. You can then print out the details of the signing key, e.g.

final PackageManager packageManager = context.getPackageManager();
final List<PackageInfo> packageList = packageManager.getInstalledPackages(PackageManager.GET_SIGNATURES);

for (PackageInfo p : packageList) {
    final String strName = p.applicationInfo.loadLabel(packageManager).toString();
    final String strVendor = p.packageName;

    sb.append("<br>" + strName + " / " + strVendor + "<br>");

    final Signature[] arrSignatures = p.signatures;
    for (final Signature sig : arrSignatures) {
        /*
        * Get the X.509 certificate.
        */
        final byte[] rawCert = sig.toByteArray();
        InputStream certStream = new ByteArrayInputStream(rawCert);

        try {
            CertificateFactory certFactory = CertificateFactory.getInstance("X509");
            X509Certificate x509Cert = (X509Certificate) certFactory.generateCertificate(certStream);

            sb.append("Certificate subject: " + x509Cert.getSubjectDN() + "<br>");
            sb.append("Certificate issuer: " + x509Cert.getIssuerDN() + "<br>");
            sb.append("Certificate serial number: " + x509Cert.getSerialNumber() + "<br>");
            sb.append("<br>");
        }
        catch (CertificateException e) {
            // e.printStackTrace();
        }
    }
}
勿忘初心 2024-11-06 14:26:31

我的情况是我有一个预安装的 apk 使用了错误的 key-store 。所以直接安装会因为签名不一致而失败。我需要先检查签名以确保可以顺利安装。

这是我的解决方案

正如此代码所述,您可以从已安装的apk中获取签名。

详细信息:

Signature sig = context.getPackageManager().getPackageInfo(context.getPackageName(), PackageManager.GET_SIGNATURES).signatures[0];

其次:获取releaseApk hashCode进行比较。就我而言,我从服务器下载了这个 apk,并将其放入 sd_card 中。

Signature releaseSig = context.getPackageManager().getPackageArchiveInfo("/mnt/sdcard/myReleaseApk.apk", PackageManager.GET_SIGNATURES).signatures[0];

最后比较hashCode。

return sig.hashCode() == releaseSig.hashCode;

我已经尝试过上面的代码,它工作得很好。如果 hashCode 不同,您应该卸载旧的 apk,或者如果它是系统应用程序并且设备已 root,您可以使用runtime删除它,然后安装新的签名apk。

My situation is that I have a pre-installed apk which use a wrong key-store . So directly install will give a fail because of inconsistent signature.I need to check the signature first to make sure it can be install smoothly.

Here is my solution.

As this code says, you can get the signature from an installed apk.

details:

Signature sig = context.getPackageManager().getPackageInfo(context.getPackageName(), PackageManager.GET_SIGNATURES).signatures[0];

Secondly: get the releaseApk hashCode to compare. In my case, I downloaded this apk from my server, and put it in the sd_card.

Signature releaseSig = context.getPackageManager().getPackageArchiveInfo("/mnt/sdcard/myReleaseApk.apk", PackageManager.GET_SIGNATURES).signatures[0];

Finally,compare the hashCode.

return sig.hashCode() == releaseSig.hashCode;

I have tried the code above, it works just fine. If the hashCode is different, you should just uninstall the old apk or if it's a system app and the device is rooted, you can just use runtime to remove it,and then install the new signature apk.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文