密钥库和别名-是否可以使用多个别名? [英] Keystore and Aliases - is there a use to multiple aliases?

问题描述

使用Eclipse导出已签名的Android应用程序时，是否有使用多个别名的目的?

根据有关签名的官方指南，建议您使用相同的证书对所有应用程序签名，以允许您的应用程序共享数据，代码并以模块化方式进行更新.

假设别名"，密钥"和证书"在这种情况下本质上是可互换的，那么有人为什么会想要为其所有应用程序使用不同的别名吗?我能想到的唯一原因是，它从某种意义上说可以增强应用程序的安全性，即某种意义上的密钥/密码不会破坏所有内容.还有其他原因吗?

此外，生成的密钥是否取决于别名的名称?换句话说，如果您更改别名的名称而不更改密码，则生成的证书会有所不同吗?

解决方案

如果我错了，请纠正我，但是如果您看到

仔细阅读答案，您会看到密钥库"包含别名"(实际上是私有+公钥对).当您对apk进行签名时，正是公钥"即嵌入的实际证书.

因此，在更新应用程序时，您应该始终使用相同的别名"，而不仅仅是相同的"keystore".至于为什么开发人员在他们的密钥库中会有多个别名"，除了您和其他人所说的以外，我不确定会带来什么好处.

您可以使用其他别名签名的唯一方法是克隆前一个别名，答案也表明了这一点.

我还确认，对具有不同别名(来自同一密钥库)的APK进行签名会生成不同的APK 签名，应证明不同的别名" =不同的证书. 如何获取签名信号(<-注意:我不知道他们指的是什么Trace.i方法，我改用Log.i)

When exporting a signed Android application using Eclipse, is there a purpose to using multiple aliases?

According to the official guide about signing, it's recommended that you sign all applications with the same certificate to allow your applications to share data, code and be updated in modular fashion.

Assuming that "alias", "key" and "certificate" are essentially interchangeable in this context, is there a reason why someone would want to use different aliases for all their applications? The only reason I can think of is that it adds more security to your applications, in the sense that a compromised key/password doesn't compromise everything. Are there other reasons?

Also, is the generated key dependent on the name of the alias? In other words, if you change the name of the alias but not the password, would the generated certificate be different?

解决方案

Correct me if I'm wrong but if you'll see this answer to a similar question you see that the certificate does indeed depend on the particular "alias" (within your keystore) that you choose to sign with.

Read the answer carefully and you see that the "keystore" contains "alias"s (which are actually private+public key pairs). When you sign your apk it is the "public key" that is the actual certificate being embedded.

Therefore when updating your app you should always use the same "alias", not just the same "keystore". As for why devs would have multiple "alias"s in their keystore, I'm uncertain of the benefit other than what you and others have stated.

And the only way you can sign with a different alias would be to clone the previous one as the answer also suggests.

I have also confirmed that signing an APK with different alias's (from the same Keystore) will generate different APK signing signatures which should be proof that different "alias"s = different certificate. How to get your signing sig (<- note: I don't know what the Trace.i method they refer to is, I used Log.i instead)

这篇关于密钥库和别名-是否可以使用多个别名?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！