我可以改变的Andr​​oid签名证书的主题，同时保持私钥 [英] Can I change Android signing certificate Subject while keeping the private key

问题描述

我已经开发了一个Android应用程序，我转移到另一个人的进一步发展。我明白，如果新的开发人员使用相同的密钥存储，无缝升级过程将继续。

I have developed an Android app that I am transferring to another person to further development. I have understood that if the new developer uses the same keystore, the seamless upgrade process continues.

如何Android的验证，当它正在更新应用程序的证书？难道它只是验证只签名或做它的比较全证书随着使用者名称？

How does Android validate the certificate when it is updating apps? Does it just validate only signature or does it compare whole certificates along with the Subject name?

我的问题是，新的开发者想在推销他们公司的名字，不是我的，因此谷歌帐户更改应用程序。但是，证书也包含我的名字，我想是相同的私钥生成新的证书，这应该产生相同的签名，但在证书不同的主题。

My problem is that the new developer would like to market the app under their company name, not mine, hence the Google account change. But the certificate also contains my name and I would like to generate new certificate with the same private key, which should produce identical signature, but with different Subject in the Cert.

我没有使用任何其他应用程序的证书，所以我没有问题，给它了。

I have not used the certificate for any other apps, so I have no problem giving it away.

PS。它是在所有可能使用相同的密钥库和包名称，以便无缝升级继续上传从另一个谷歌帐户相同的应用程序？

PS. Is it at all possible to upload the same application from another Google Account using the same keystore and package name so that seamless upgrade continues?

推荐答案

没有，当一个证书签署的证书的TBS 场签名。正如你所看到的TBS提出包含主题字段。

No, when a certificate is signed the TBS field of the certificate is signed. As you can see the TBS filed contains a Subject field.

 Certificate  ::=  SEQUENCE  {
        tbsCertificate       TBSCertificate,
        signatureAlgorithm   AlgorithmIdentifier,
        signatureValue       BIT STRING  }

   TBSCertificate  ::=  SEQUENCE  {
        version         [0]  EXPLICIT Version DEFAULT v1,
        serialNumber         CertificateSerialNumber,
        signature            AlgorithmIdentifier,
        issuer               Name,
        validity             Validity,
        subject              Name,
        subjectPublicKeyInfo SubjectPublicKeyInfo,
        issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
                             -- If present, version MUST be v2 or v3

所以，你不能改变在TBS领域。无论是继续在不改变证书（主题）或创建与其他人的凭证的新证书。但是，你将不得不取消您的应用程序。 ，并上传一个新的应用程序（而不是作为一个更新，但作为一个新的应用程序），我认为这是不是一个很好的解决方案。因此，最好是继续使用证书。

它不关心实际的详细信息（证书DN，序列号等），但只是比较证书作为二进制斑点如告诉<一href="http://stackoverflow.com/questions/10938298/how-does-androids-app-signature-verification-work/10942302#comment18434028_10942302">here.由于该证书是不同的，你不能更新应用程序最初是用cert1与其他签署cert2签名。

So, you cannot change fields in the TBS. Either continue without changing the certificate(the subject) or create a new certificate with the other person's credentials. But for that you will have to deactivate your app. And upload a fresh app(not as an update, but as a new app), which I think is not a good solution. So it is better to continue with your certificate.

It doesn't care about the actual 'details' (certificate DN, serial number, etc.), but just compares the certificates as binary blobs as told here. Since the certificates are different, you can't update an app originally signed with cert1 with another signed with cert2.

这篇关于我可以改变的Andr​​oid签名证书的主题，同时保持私钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！