Wednesday, November 4, 2009

How to check the signature in APK files or JAR files

You can use the jarsigner tool from JDK.

JDKFOLDER\bin\jarsigner.exe -verify -verbose -certs myAndroidProgram.apk

or

JDKFOLDER\bin\jarsigner.exe -verify -verbose -certs myJavaProgram.jar

the output will be the list of files with a detail of the signature, as following:

sm 3366 Thu Nov 05 00:57:58 ART 2009 res/drawable/icon.png

X.509, CN=Android Debug, O=Android, C=US
[certificate is valid from 05/11/09 00:01 to 05/11/10 00:01]

sm 640 Thu Nov 05 00:57:58 ART 2009 res/layout/main.xml

X.509, CN=Android Debug, O=Android, C=US
[certificate is valid from 05/11/09 00:01 to 05/11/10 00:01]

sm 1248 Thu Nov 05 00:57:58 ART 2009 AndroidManifest.xml

X.509, CN=Android Debug, O=Android, C=US
[certificate is valid from 05/11/09 00:01 to 05/11/10 00:01]

sm 1012 Thu Nov 05 00:57:58 ART 2009 resources.arsc

X.509, CN=Android Debug, O=Android, C=US
[certificate is valid from 05/11/09 00:01 to 05/11/10 00:01]

sm 1984 Thu Nov 05 00:57:58 ART 2009 classes.dex

X.509, CN=Android Debug, O=Android, C=US
[certificate is valid from 05/11/09 00:01 to 05/11/10 00:01]

401 Thu Nov 05 00:57:58 ART 2009 META-INF/MANIFEST.MF
454 Thu Nov 05 00:57:58 ART 2009 META-INF/CERT.SF
771 Thu Nov 05 00:57:58 ART 2009 META-INF/CERT.RSA

s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope

jar verified.


Cheers

2 comments:

  1. How to check the signature of APK at runtime from Java code?

    ReplyDelete