我可以指定 apksigner 使用的摘要算法吗? [英] Can I specify digest algorithm apksigner uses?
问题描述
由于最近的 SHA1 冲突新闻,我想确保在我的 apk 签名中不再使用 SHA1.但是我在 apksigner 中找不到参数.
Due to recent SHA1-collision news, I want to ensure that SHA1 is no longer used in my apk signing. However I cannot find a parameter in apksigner.
有没有办法指定(直接或间接)apksigner 使用的摘要算法?
Is there a way to specify (either direct or indirect) the digest algorithm apksigner uses?
(在 SDK 24 之前,Android 使用 java 的 jarsigner 来签署 apk,其中有类似 -sigalg SHA1withRSA -digestalg SHA1 的选项)
(Before SDK 24, Android used java's jarsigner to sign apk, which has options like -sigalg SHA1withRSA -digestalg SHA1)
更新:正如 Alex 提到的,我在 apksigner 如何确定方案 v1 的签名算法="nofollow noreferrer">V1SchemeSigner.java.
Update: as Alex mentioned, I found how apksigner determine signature algorithm for scheme v1 in V1SchemeSigner.java.
简而言之,apksigner根据minimumSDK和证书的密钥类型来确定.
In short, apksigner determine it from minimumSDK and key type of certificate.
SHA256withRSA适用于最低 SDK 18 (Android 4.3) 及更高版本SHA256withDSA适用于最低 SDK 21 (Android 5.0) 及更高版本SHA256withEC适用于最低 SDK 18 及更高版本SHA1with*用于较低的最低 SDK 级别
SHA256withRSAfor minimum SDK 18 (Android 4.3) and upSHA256withDSAfor minimum SDK 21 (Android 5.0) and upSHA256withECfor minimum SDK 18 and upSHA1with*for lower minimum SDK levels
这是我为备忘录写的常见问题解答:SHA1碰撞和 Android APK 签名.
This is a FAQ I wrote for memo: SHA1 Collision and Android APK Signing.
推荐答案
不是直接的.apksigner 尝试仅使用安全摘要和签名算法,但它会在您的签名密钥(大小、算法)和被签名的 APK 支持的 Android 平台版本所施加的限制内执行此操作.特别是,对于 JAR 签名,apksigner 默认使用 SHA-256 或更强,但仅适用于仅支持 API 级别 18 或更高级别的 APK(如在 minSdkVersionAndroidManifest.xml).在早期平台上运行的 APK 必须使用 SHA-1,因为这些早期平台不支持使用 SHA-256 或更高版本验证 APK.对于 APK Signature Scheme v2 签名,仅使用 SHA-256 或更强的签名,因为该签名方案甚至不支持 SHA-1.
Not directly. apksigner attempts to use only secure digests and signing algorithms, but it does that within the constraints imposed by your signing key (size, algorithm) and Android platform versions supported by the APK being signed. In particular, for JAR signatures, apksigner uses SHA-256 or stronger by default, but only for APKs which support only API Level 18 or newer (as declared in minSdkVersion in their AndroidManifest.xml). APKs which run on earlier platforms must use SHA-1 because these earlier platforms don't support verifying APKs using SHA-256 or stronger. For APK Signature Scheme v2 signature, only SHA-256 or stronger is used, because this signature scheme does not even support SHA-1.
如果您希望 apksigner 使用 SHA-256 对您的 APK 进行签名,您可以:
If you want apksigner to sign your APK with SHA-256, you can:
- 将 APK 的
minSdkVersion设置为 18 或更高,但这会使 API 级别为 17 及更低的 Android 平台在安装时拒绝 APK. - 将
--min-sdk-version=18传递给apksigner,但这会使 API 级别为 17 和更低的 Android 平台在安装时拒绝 APK. - 仅使用 APK 签名方案 v2 对 APK 进行签名,方法是将
--v1-signing-enabled=false传递给apksigner,但这将使 Android 平台具有 API23 级及更低级别在安装时拒绝 APK.
- Set the APK's
minSdkVersionto 18 or higher, but this will make Android platforms with API Level 17 and lower reject the APK at install time. - Pass in
--min-sdk-version=18toapksigner, but this will make Android platforms with API Level 17 and lower reject the APK at install time. - Sign the APK only with APK Signature Scheme v2, by passing in
--v1-signing-enabled=falsetoapksigner, but this will make Android platforms with API Level 23 and lower reject the APK at install time.
P.S. 即使您切换到仅使用 SHA-256 对 APK 进行签名,Android 仍会接受带有您的包名称和签名证书、使用 SHA-1 或 MD5 签名的 APK.因此,根据您的威胁模型,您可能需要切换到从未与 SHA-1 或更弱的摘要算法一起使用的新签名密钥.这不仅适用于实际加密签名中使用的摘要算法,也适用于 .SF 和 MANIFEST.MF 文件中使用的摘要算法.
P. S. Even if you switched to signing your APKs using only SHA-256, Android will still accept APKs with your package name and signing cert, signed with SHA-1 or MD5. So, depending on your threat model, you may need to switch to new signing keys which have never been used with SHA-1 or weaker digest algorithms. And this is not only for the digest algorithm used in the actual cryptographic signature, but also for the digest algorithms used in .SF and MANIFEST.MF files.
这篇关于我可以指定 apksigner 使用的摘要算法吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
