一、创建系统秘钥
下面是android系统代码README描述,直接按照命令操作就可以,不用输入密码
build/make/target/product/security$ cat README
The test keys in this directory are used in development only and should
NEVER be used to sign packages in publicly released images (as that would
open a major security hole).
key generation
--------------
The following commands were used to generate the test key pairs:
development/tools/make_key testkey '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
development/tools/make_key platform '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
development/tools/make_key shared '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
development/tools/make_key media '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
二、platform签名秘钥转换成keystore类型的签名文件,给app使用,签名系统应用
有人在github上写好了工具,我们可以直接下载使用,https://github.com/getfatday/keytool-importkeypair
将系统证书 platform.x509.pem platform.pk8 放在keytool-importkeypair 目录下,执行下面命令:
./keytool-importkeypair -k ./platform.keystore -p 12345678 -pk8 platform.pk8 -cert platform.x509.pem -alias platform
-k 表示要生成的 keystore 文件的名字,这里命名为 platform.keystore
-p 表示要生成的 keystore 的密码,这里是 android
-pk8 表示要导入的 platform.pk8 文件
-cert 表示要导入的platform.x509.pem
-alias 表示给生成的 platform.keystore 取一个别名,这是命名为 platform
三、替换系统签名秘钥
我这里是海思芯片平台,每个芯片芯片厂家存放自己的签名秘钥位置不一样,需要根据自己平台替换。
1、 device/hisilicon/xxx/device.mk定义h海思签名key位置
PRODUCT_DEFAULT_DEV_CERTIFICATE := device/hisilicon/${CHIPNAME}/security/testkey
2、用刚制作的platform, release, media, shared签名秘钥对 替换海思芯片公版签名秘钥
device/hisilicon/xxx/security/*
3、build/make/core/config.mk定义android os编译使用的key位置
696 # The default key if not set as LOCAL_CERTIFICATE
697 ifdef PRODUCT_DEFAULT_DEV_CERTIFICATE
698 DEFAULT_SYSTEM_DEV_CERTIFICATE := $(PRODUCT_DEFAULT_DEV_CERTIFICATE)
699 else
700 DEFAULT_SYSTEM_DEV_CERTIFICATE := build/target/product/security/testkey
701 endif
四、命令小结
1、查看x509.pen证书信息方法。
openssl x509 -in testkey.x509.pem -inform pem -noout -text
2、 keytool工具制作签名key方法。
/keytool -genkey -v -keystore app.keystore -alias xxx -keyalg RSA -validity 20000
3、 查看.keystore签名key方法。
/usr/lib/jvm/java-1.8.0-openjdk-amd64/bin/keytool -list -v -keystore app.keystore
4、手动签名android升级包
java -Xmx2048m -jar -Djava.library.path=out/host/linux-x86/lib64 out/host/linux-x86/framework/signapk.jar -w device/hisilicon/xxx/security/testkey.x509.pem
device/hisilicon/xxx/security/testkey.pk8 xxx_input_file xxx_output_file
- 手动签名android app
java -jar -Djava.library.path= out/host/linux-x86/lib64 out/host/linux-x86/framework/signapk.jar device/hisilicon/xxx//security/platform.x509.pem device/hisilicon/xxx/security/platform.pk8 xxxinput_file $output_file"
五、参考博客
https://blog.csdn.net/XIADANXIN/article/details/113573285
https://www.cnblogs.com/wanqieddy/p/3556060.html