检索现有的Android应用私钥 [英] Retrieve Private Key for Existing Android App
问题描述
可能重复:结果
<一href=\"http://stackoverflow.com/questions/11715621/lost-my-keystore-for-uploaded-app-on-android-market\">Lost我的密钥库上传应用程序在Android Market我推Android应用到谷歌的新版本Play商店,我希望它触发应用程序的当前用户的更新,而不是把它作为一个新的版本。我没有最初用于签署现有应用程序的私有密钥,所以我想下恢复它。
我能获得第3步,但我不能确定什么的.keystore文件名称是密钥工具-list -keystore我的签名-key.keystore命令,任何想法?
- 首先,解压APK和提取文件/META-INF/ANDROID_.RSA
(该文件还可以是CERT.RSA,但应该只有一个.RSA
文件)。然后发出以下命令:
的keytool -printcert -file ANDROID_.RSA您将获得证书
指纹是这样的:MD5:B3:4F:BE:07:AA:78:24:DC:CA:92:36:FF:AE:8C:17:DB
SHA1:16:59:E7:E3:0C:AA:7A:0D:F2:0D:05:20:12:A8:85:0B:32:C5:4F:68
签名算法名:SHA1withRSA然后再使用密钥工具,打印出所有的别名
签名密钥库:密钥工具-list -keystore我的签名,key.keystore
您将获得别名列表和它们的证书指纹:
android_key,2010年1月23日,PrivateKeyEntry,
证书指纹(MD5):B3:4F:BE:07:AA:78:24:DC:CA:92:36:FF:AE:8C:17:DB瞧!我们现在可以决定的APK已经与此密钥库签署,并与别名'android_key。
解决方案除非你有一个保存私钥原密钥存储文件,你不能从.apk文件解压缩。所述的apk仅包含公共密钥,并使用该专用密钥生成的签名,但它实际上不包含私有密钥本身。
考虑这一点 - 如果.apk文件包含实际的私钥,用于提取它指示是那么容易,任何人都能够从他们的应用程序获得谷歌,Facebook,微软,亚马逊或私有密钥和签署任何恶意软件它。 (苹果都难这样的攻击,因为他们没有任何出货Android软件:-P)
所以,除非你有访问原始密钥库文件(你知道密码 - 感谢@ 323go),这是用来签署previous .apk文件,我怕你的运气了。
Possible Duplicate:
Lost my keystore for uploaded app on android marketI'm pushing a new version of an Android app to the Google Play Store and I want it to trigger an update for the current users of the app and not treat it as a new version. I don't have the private key that was originally used to sign the existing app, so I'm trying the following to recover it.
I'm able to get to step 3, but I'm unsure what the .keystore file name is for the keytool -list -keystore my-signing-key.keystore command, any ideas?
- First, unzip the APK and extract the file /META-INF/ANDROID_.RSA (this file may also be CERT.RSA, but there should only be one .RSA file).
Then issue this command:
keytool -printcert -file ANDROID_.RSA You will get certificate fingerprints like this:
MD5: B3:4F:BE:07:AA:78:24:DC:CA:92:36:FF:AE:8C:17:DB SHA1: 16:59:E7:E3:0C:AA:7A:0D:F2:0D:05:20:12:A8:85:0B:32:C5:4F:68 Signature algorithm name: SHA1withRSA
Then use the keytool again to print out all the aliases of your signing keystore:
keytool -list -keystore my-signing-key.keystore
You will get a list of aliases and their certificate fingerprint:
android_key, Jan 23, 2010, PrivateKeyEntry, Certificate fingerprint (MD5): B3:4F:BE:07:AA:78:24:DC:CA:92:36:FF:AE:8C:17:DBVoila! we can now determined the apk has been signed with this keystore, and with the alias 'android_key'.
解决方案Unless you have the original keystore file that holds the private key, you can't extract it from the .apk. The .apk contains only the public key and the signature generated using the private key, but it does not actually contain the private key itself.
Consider this - if the .apk contained the actual private key, and the instructions for extracting it were so easy, anyone would be able to get Google, Facebook, Microsoft, or Amazon private key from their apps and sign any malware with it. (Apple is immune to such an attack, as they do not ship any Android software :-P)
So, unless you have access to the original keystore file (and you know the passphrase - thanks @323go) that was used to sign the previous .apk, I fear you're out of luck.
这篇关于检索现有的Android应用私钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
