You can use the jarsigner tool from JDK.
JDKFOLDER\bin\jarsigner.exe -verify -verbose -certs myAndroidProgram.apk
or
JDKFOLDER\bin\jarsigner.exe -verify -verbose -certs myJavaProgram.jar
the output will be the list of files with a detail of the signature, as following:
sm 3366 Thu Nov 05 00:57:58 ART 2009 res/drawable/icon.png
X.509, CN=Android Debug, O=Android, C=US
[certificate is valid from 05/11/09 00:01 to 05/11/10 00:01]
sm 640 Thu Nov 05 00:57:58 ART 2009 res/layout/main.xml
X.509, CN=Android Debug, O=Android, C=US
[certificate is valid from 05/11/09 00:01 to 05/11/10 00:01]
sm 1248 Thu Nov 05 00:57:58 ART 2009 AndroidManifest.xml
X.509, CN=Android Debug, O=Android, C=US
[certificate is valid from 05/11/09 00:01 to 05/11/10 00:01]
sm 1012 Thu Nov 05 00:57:58 ART 2009 resources.arsc
X.509, CN=Android Debug, O=Android, C=US
[certificate is valid from 05/11/09 00:01 to 05/11/10 00:01]
sm 1984 Thu Nov 05 00:57:58 ART 2009 classes.dex
X.509, CN=Android Debug, O=Android, C=US
[certificate is valid from 05/11/09 00:01 to 05/11/10 00:01]
401 Thu Nov 05 00:57:58 ART 2009 META-INF/MANIFEST.MF
454 Thu Nov 05 00:57:58 ART 2009 META-INF/CERT.SF
771 Thu Nov 05 00:57:58 ART 2009 META-INF/CERT.RSA
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar verified.
Cheers
How to check the signature of APK at runtime from Java code?
ReplyDeletegood question
ReplyDelete