Google Git
Sign in
android / platform / tools / apksig / 9dc0208515395911c275fcfe2b716f210c48be12
commit9dc0208515395911c275fcfe2b716f210c48be12[log] [tgz]
authorAlex Klyubin <klyubin@google.com>Sun Feb 12 14:54:10 2017 -0800
committerAlex Klyubin <klyubin@google.com>Fri Mar 03 14:55:25 2017 -0800
tree1aabbac4071182908779f17bbc3b33d3040c7b44
parent66260aaddcdb8c5e4d0782de95c97ab5a5a9cfc4 [diff]
Make apksigner compatible with jarsigner for non-ASCII passwords

When keytool and jarsigner obtain the keystore/key password via
stdin or console, contrary to the expectation of Java KeyStore API,
they do not appear to encrypt/decrypt the keystore/key using the
Unicode characters comprising the password. Instead, these tools
appear to convert the password to their encoded form (using the
console's character encoding) and then upcast each resulting Java byte
into a Java char. The keystore/key appears to be encrypted using the
resulting array of characters.

This behavior may be a remnant from the early days of Java when there
was no standard way to convert textual input obtained via stdin to
Unicode characters. The behavior is consistent with simply treating
each Java byte read via stdin as a Java char and then passing in the
resulting array of characters into KeyStore API as password.

Unfortunately, when the password is passed in into keytool/jarsigner
via the command-line, or when other tools (including apksigner) use
the Java KeyStore API to create/read keystores/keys, the above
strange behavior does not occur. As a result, there's a mismatch for
non-ASCII passwords.

This commit modifies apksigner to be compatible with both ways of
dealing with keystore/key passwords. For each provided password,
apksigner tries its Unicode character array form, as well as the two
additional forms obtained by encoding the password using the console
character encoding and the JVM's default character encoding.

NOTE: This does not solve the issue of portability of keystores with
non-ASCII passwords between environments with different console
character encodings. For example, a keystore created on Windows 10
with a non-ASCII keystore/key password entered on console with the
(default) IBM437 character encoding is likely to not be decryptable
in an environment which does not use IBM437 character encoding for
the console, such as most modern Linux/OSX machines which normally
use UTF-8 as the character encoding of the console.

https://code.google.com/p/android/issues/detail?id=234089

Test: Use keytool to create two JKS keystores protected using password
      "ab¡äю1" (one where the password is read from the console, the
      other where the password is provided on the command-line). Use
      apksigner to sign an APK using these keystores, providing the
      password via all four methods supported by apksigner. Do this on
      Windows 10 (IBM437 console encoding, windows 1252 file/JVM
      default encoding, OSX (UTF-8), and Linux (UTF-8).
Bug: 35330203
Change-Id: I7a7c215ae87343112f9969ee006791a5c7343754
2 files changed
tree: 1aabbac4071182908779f17bbc3b33d3040c7b44
  1. etc/
  2. src/
  3. Android.mk
  4. android_plugin_for_gradle.gradle
  5. apksig.iml
  6. BUILD
  7. build.gradle
  8. LICENSE
  9. README.md
README.md

apksig

apksig is a project which aims to simplify APK signing and checking whether APK's signatures should verify on Android. apksig supports JAR signing (used by Android since day one) and APK Signature Scheme v2 (supported since Android Nougat, API Level 24).

The key feature of apksig is that it knows about differences in APK signature verification logic between different versions of the Android platform. apksig can thus check whether a signed APK is expected to verify on all Android platform versions supported by the APK. When signing an APK, apksig will choose the most appropriate cryptographic algorithms based on the Android platform versions supported by the APK being signed.

The project consists of two subprojects:

  • apksig -- a pure Java library, and
  • apksigner -- a pure Java command-line tool based on the apksig library.

apksig library

apksig library offers three primitives:

  • ApkSigner which signs the provided APK so that it verifies on all Android platform versions supported by the APK. The range of platform versions can be customized if necessary.
  • ApkVerifier which checks whether the provided APK is expected to verify on all Android platform versions supported by the APK. The range of platform versions can be customized if necessary.
  • (Default)ApkSignerEngine which abstracts away signing an APK from parsing and building an APK file. This is useful in optimized APK building pipelines, such as in Android Plugin for Gradle, which need to perform signing while building an APK, instead of after. For simpler use cases where the APK to be signed is available upfront, the ApkSigner above is easier to use.

NOTE: Some public classes of the library are in packages having the word “internal” in their name. These are not public API of the library. Do not use *.internal.* classes directly.

apksigner command-line tool

apksigner command-line tool offers two operations:

  • sign the provided APK so that it verifies on all Android platforms supported by the APK. Run apksigner sign for usage information.
  • check whether the provided APK's signatures are expected to verify on all Android platforms supported by the APK. Run apksigner verify for usage information.

The tool determines the range of Android platform versions (API Levels) supported by the APK by inspecting the APK's AndroidManifest.xml. This behavior can be overridden by specifying the range of platform versions on the command-line.