可以将相同的密钥库用于多个应用程序吗? [英] Is it OK to use same keystore for several apps?

问题描述

当我们要发布应用以播放商店时，我们需要使用可以通过类似以下方式生成的密钥库对我们的应用进行签名:

When we want to publish our app to play store, we need to sign our app with keystore which can be generated via something like this:

keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000

那么，可以将相同的密钥库用于多个应用程序吗?

So, it is OK to use the same keystore for several apps?

推荐答案

Android开发者网站实际上建议使用相同的证书对您的所有应用进行签名:

The Android developer site actually recommends signing all of your apps with the same certificate:

您应在应用程序的预期使用寿命内使用相同的证书对所有应用程序进行签名.您这样做的原因有几个:

You should sign all of your apps with the same certificate throughout the expected lifespan of your applications. There are several reasons why you should do so:

• 应用程序升级:系统正在为应用程序安装更新时，它将新版本中的证书与现有版本中的证书进行比较.如果证书匹配，系统将允许更新.如果您使用不同的证书对新版本进行签名，则必须为该应用程序分配一个不同的程序包名称-在这种情况下，用户会将新版本安装为全新的应用程序.

• App upgrade: When the system is installing an update to an app, it compares the certificate(s) in the new version with those in the existing version. The system allows the update if the certificates match. If you sign the new version with a different certificate, you must assign a different package name to the application—in this case, the user installs the new version as a completely new application.

应用程序模块化:如果应用程序要求，Android允许使用相同证书签名的应用程序在同一进程中运行，以便系统将它们视为单个应用程序.这样，您可以在模块中部署应用程序，并且用户可以独立更新每个模块.

App modularity: Android allows apps signed by the same certificate to run in the same process, if the applications so requests, so that the system treats them as a single application. In this way you can deploy your app in modules, and users can update each of the modules independently.

通过权限共享代码/数据:Android提供了基于签名的权限实施，因此一个应用程序可以向使用指定证书签名的另一个应用程序公开功能.通过使用同一证书对多个应用程序签名并使用基于签名的权限检查，您的应用程序可以安全方式共享代码和数据.

Code/data sharing through permissions: Android provides signature-based permissions enforcement, so that an app can expose functionality to another app that is signed with a specified certificate. By signing multiple apps with the same certificate and using signature-based permissions checks, your apps can share code and data in a secure manner.

但是，您应该将此建议与一粒盐一起服用.第一个要点仅适用于给定应用程序的更新版本，不适用于多个不相关的应用程序.仅当您希望不同的应用程序如所述紧密协作时，第二和第三点才有意义.

However, you should take this advice with a grain of salt. The first bullet point only applies to updated versions of a given app, not to multiple unrelated apps. The second and third bullet points are only relevant if you intend your different apps to work closely together as described.

这篇关于可以将相同的密钥库用于多个应用程序吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！