Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

APK Signature Scheme v4 Support #12

Open
giladreich opened this issue Oct 28, 2021 · 0 comments
Open

APK Signature Scheme v4 Support #12

giladreich opened this issue Oct 28, 2021 · 0 comments

Comments

@giladreich
Copy link

Hi and thanks for the excellent library!

Are there any future plans adding support for Signature v4 scheme? It's a file based signature that can be bundled within an XAPK archive before release.

Here are some simple steps to reproduce V4 signed APK:

  1. Compile an APK with compileSdk 31 and targetSdk 31 and minSdk 21
  2. Sign the APK with the following command:
apksigner sign -v --ks /path/to/release.keystore --ks-pass pass:123456 --v4-signing-enabled true --v3-signing-enabled true --v2-signing-enabled true --v1-signing-enabled true --out v4-signed.apk app-release-unsigned.apk
  1. The previous command will generate two files; v4-signed.apk and v4-signed.apk.idsig. To verify that signature is correct, use apksigner with the following command:
apksigner verify -v -print-certs -v4-signature-file v4-signed.apk.idsig v4-signed.apk

The output of [3] should be:

Verifies
Verified using v1 scheme (JAR signing): true
Verified using v2 scheme (APK Signature Scheme v2): true
Verified using v3 scheme (APK Signature Scheme v3): true
Verified using v4 scheme (APK Signature Scheme v4): true

Happy to help if there are any questions.

Kind regards,
Gilad
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@giladreich