密钥库和密钥别名 [英] KeyStore and Key Alias
问题描述
我在导出一个应用程序的过程中,我很好奇的密钥库和keyalias。我真的不知道它们是什么了,或者我应该有多少个创建(也许为每个应用程序吗?)。我想AP preciate有关这些密钥的任何信息。谢谢
I'm in the process of exporting an app and I'm very curious about the keystore and keyalias. I'm not really sure what are they for, or how many should I create (maybe one for each app?). I would appreciate any information relating those keys. Thanks
推荐答案
它基本上是一个方法来识别自己与你的应用程序。有调试键和签名密钥,你需要的APK上传到Play商店并发布你的应用程序中的后者。密钥别名是指向一个特定的证书只是一个普通的名字。您可以创建一个用于每个版本,或只使用同一个对于所有的应用程序。我建议创建一个用于每个应用程序,并确保您备份多个副本。我想保持3,一个在我的系统,一个在我的Dropbox,而另一个在外部的某个地方。如果丢失了密钥库文件是绝对没有办法找回它,或发布应用程序的未来版本。 <一href="http://stackoverflow.com/questions/6849558/android-what-is-a-keystore-file-and-what-is-it-used-for">This问题是pretty的有用
It is basically a way to identify yourself with your app. There are debug keys and signing keys, the latter which you will need to upload APKs to the Play store and publish your app. The Key Alias is a just a commonplace name that points to a specific certificate. You can create one for each release, or just use the same one for all your apps. I suggest creating one for each app, and making sure you back up multiple copies. I like to keep 3, one on my system, one in my Dropbox, and another on an external somewhere. If you lose that keystore file there is absolutely no way to retrieve it, or publish future versions of an application. This questions is pretty useful
编辑:在开发者网站的应用程序签名部分实际上是建议使用跨所有的应用程序相同的证书
The "App-Signing" section of the Developer's site actually suggest using the same certificate across all your apps
在一般情况下,推荐的策略对所有开发商签署所有应用程序使用同一证书,在整个应用程序的预期寿命。有几个原因,你应该这样做......
In general, the recommended strategy for all developers is to sign all of your applications with the same certificate, throughout the expected lifespan of your applications. There are several reasons why you should do so...
应用程序升级 - 当你发布的更新到你的应用程序,您必须继续签署更新使用同一证书或设置证书,如果你希望用户能够无缝升级到新版本。当该系统安装的更新的应用程序,它比较在新版本中与那些在现有版本的证书(多个)。如果证书严丝合缝,包括证书数据和命令,那么该系统允许更新。如果不使用匹配的证书签署新的版本,则还必须指定一个不同的包名的应用程序 - 在这种情况下,用户安装新版本作为一个完全新的应用程序
Application upgrade – As you release updates to your application, you must continue to sign the updates with the same certificate or set of certificates, if you want users to be able to upgrade seamlessly to the new version. When the system is installing an update to an application, it compares the certificate(s) in the new version with those in the existing version. If the certificates match exactly, including both the certificate data and order, then the system allows the update. If you sign the new version without using matching certificates, you must also assign a different package name to the application — in this case, the user installs the new version as a completely new application.
应用模块化 - Android系统可以说是由同一证书签名的应用程序在同一个进程中运行,如果应用程序请求,以便系统将它们视为一个单一的应用程序。这样,您就可以部署模块应用程序,并且用户可以根据需要单独更新每个模块。 code /数据通过权限共享 - Android系统提供的基于签名的权限执行,这样应用程序可以公开的功能到与指定的证书签名的另一个应用程序。通过签署多个应用程序具有相同的证书,并使用基于特征的权限检查,你的应用程序可以在一个安全的方式共享code和数据。
Application modularity – The Android system allows applications that are signed by the same certificate to run in the same process, if the applications so requests, so that the system treats them as a single application. In this way you can deploy your application in modules, and users can update each of the modules independently if needed. Code/data sharing through permissions – The Android system provides signature-based permissions enforcement, so that an application can expose functionality to another application that is signed with a specified certificate. By signing multiple applications with the same certificate and using signature-based permissions checks, your applications can share code and data in a secure manner.
这篇关于密钥库和密钥别名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
