我可以指定摘要算法apksigner使用吗? [英] Can I specify digest algorithm apksigner uses?

问题描述

由于最近发生了SHA1冲突新闻，因此我想确保在我的apk签名中不再使用SHA1.但是我在 apksigner 中找不到参数.

Due to recent SHA1-collision news, I want to ensure that SHA1 is no longer used in my apk signing. However I cannot find a parameter in apksigner.

有没有一种方法可以指定(直接或间接)apksigner使用的摘要算法?

Is there a way to specify (either direct or indirect) the digest algorithm apksigner uses?

(在SDK 24之前，Android使用Java的jarsigner签名apk，该选项具有类似-sigalg SHA1withRSA -digestalg SHA1的选项)

(Before SDK 24, Android used java's jarsigner to sign apk, which has options like -sigalg SHA1withRSA -digestalg SHA1)

更新:如Alex所述，我在apksigner如何确定方案v1的签名算法. > V1SchemeSigner.java .

Update: as Alex mentioned, I found how apksigner determine signature algorithm for scheme v1 in V1SchemeSigner.java.

简而言之，apksigner由minimumSDK和证书的密钥类型确定.

In short, apksigner determine it from minimumSDK and key type of certificate.

• SHA256withRSA，用于最低SDK 18(Android 4.3)及更高版本
• SHA256withDSA用于最低SDK 21(Android 5.0)及更高版本
• SHA256withEC用于最低SDK 18及更高版本
• SHA1with*降低最低SDK级别

• SHA256withRSA for minimum SDK 18 (Android 4.3) and up
• SHA256withDSA for minimum SDK 21 (Android 5.0) and up
• SHA256withEC for minimum SDK 18 and up
• SHA1with* for lower minimum SDK levels

这是我为备忘录写的常见问题解答: SHA1碰撞和Android APK签名.

This is a FAQ I wrote for memo: SHA1 Collision and Android APK Signing.

推荐答案

不直接. apksigner尝试仅使用安全摘要和签名算法，但这样做是在您的签名密钥(大小，算法)和要签名的APK支持的Android平台版本所施加的限制内进行的.特别是，对于JAR签名，默认情况下apksigner使用SHA-256或更高版本，但仅适用于仅支持API级别18或更高版本(如minSdkVersion在其AndroidManifest.xml中声明的)的APK.在较早平台上运行的APK必须使用SHA-1，因为这些较早平台不支持使用SHA-256或更高版本的APK进行验证.对于APK签名方案v2签名，仅使用SHA-256或更高版本，因为该签名方案甚至不支持SHA-1.

Not directly. apksigner attempts to use only secure digests and signing algorithms, but it does that within the constraints imposed by your signing key (size, algorithm) and Android platform versions supported by the APK being signed. In particular, for JAR signatures, apksigner uses SHA-256 or stronger by default, but only for APKs which support only API Level 18 or newer (as declared in minSdkVersion in their AndroidManifest.xml). APKs which run on earlier platforms must use SHA-1 because these earlier platforms don't support verifying APKs using SHA-256 or stronger. For APK Signature Scheme v2 signature, only SHA-256 or stronger is used, because this signature scheme does not even support SHA-1.

如果您希望apksigner用SHA-256签名APK，则可以:

If you want apksigner to sign your APK with SHA-256, you can:

• 将APK的minSdkVersion设置为18或更高，但这将使具有API级别17且更低的Android平台在安装时拒绝该APK.
• 将--min-sdk-version=18传递到apksigner，但这将使具有API级别17且更低级别的Android平台在安装时拒绝APK.
• 通过将--v1-signing-enabled=false传递到apksigner，仅使用APK签名方案v2对APK进行签名，但这将使具有API级别23的Android平台并在安装时降低APK的权限.

• Set the APK's minSdkVersion to 18 or higher, but this will make Android platforms with API Level 17 and lower reject the APK at install time.
• Pass in --min-sdk-version=18 to apksigner, but this will make Android platforms with API Level 17 and lower reject the APK at install time.
• Sign the APK only with APK Signature Scheme v2, by passing in --v1-signing-enabled=false to apksigner, but this will make Android platforms with API Level 23 and lower reject the APK at install time.

P. S.即使您切换为仅使用SHA-256对APK进行签名，Android仍将接受带有您的软件包名称和签名证书且使用SHA-1或MD5签名的APK.因此，根据您的威胁模型，可能需要切换到从未与SHA-1或更弱的摘要算法一起使用的新签名密钥.这不仅适用于实际密码签名中使用的摘要算法，而且还适用于.SF和MANIFEST.MF文件中使用的摘要算法.

P. S. Even if you switched to signing your APKs using only SHA-256, Android will still accept APKs with your package name and signing cert, signed with SHA-1 or MD5. So, depending on your threat model, you may need to switch to new signing keys which have never been used with SHA-1 or weaker digest algorithms. And this is not only for the digest algorithm used in the actual cryptographic signature, but also for the digest algorithms used in .SF and MANIFEST.MF files.

这篇关于我可以指定摘要算法apksigner使用吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！