Start the emulator ( create an AVD if none exists) $ tools/emulator -avd Simple8 Create new project $ tools/android create project \ > --package co... where " --target 2 " identifies the target platform as displayed by " tools/android list targets ", which is stored in the properties file default.properties in the project root folder. cd HelloWorld and install debug package onto the running emulator: $ ant install Buildfile: build.xml [set... Launch the Hello World application on the emulator. You'll see something like this: Edit res/values/string.xml , change the contents to: <?xml version="1.0" encoding="utf-8"?> <resourc... Edit res/layout/main.xml , change the contents to: <?xml version="1.0" encoding="utf-8"?> <LinearL... The contents of the text area now refer to a string defined in the resource file strings.xml , instead...

To sign an Android APK from command line: Sign the APK with jarsigner (using default keystore, android-root is the alias of the signing key): $ jarsigner -signedjar HelloWorld-new.apk HelloWor... Verify signature (optional) $ jarsigner -verify -verbose -certs HelloWorld-new... Align the APK (must use -v 4 option): $ ~/android-sdk-linux_86/tools/zipalign -v 4 Hello...

When you create a new key with Java keytool , it wraps the public key in a self signed certificate. You can generate a certificate signing request with the keytool -certreq command. After a certificate authority (CA) signs the certificate request, you can import the certificate received (a .crt file) back into the key store. Instead of using a CA, you can sign the certificate request with another key (with openssl, for example). If the certificate is not signed by a CA, you'll receive an error: $ keytool -import -alias android-root -file androi... To fix the problem, import the certificate of the signer: $ keytool -import -trustcacerts -file openssl.crt ... Import the certificate again (alias is the alias of the private key whose certificate was...

Create an openssl configuration file which enables subject alternative names ( openssl.cnf ): [req] distinguished_name = req_distinguished_... Create a certificate request using above configuration file: C:\work>openssl req -new -key testServer.key -out ... Verify the request was created successfully: C:\work>openssl req -text -noout -in testServer.cs... (Optional) self-sign the certificate request: C:\work>openssl x509 -req -days 3650 -in testServe...

These are the steps with openssl: openssl genrsa -out key.pem 1024 openssl req -new -key key.pem -out request.pem openssl x509 -req -days 3650 -in request.pem -signkey key.pem -out certificate.pem openssl pkcs8 -topk8 -outform DER -in key.pem -inform PEM -out key.pk8 -nocrypt Sign with SignApk : java com.android.signapk.SignApk -w certificate.pe... Note the -w switch, which is required to generate the whole file signature , which Google verifies. Zip files created by jarsigner doesn't have the whole file signature and therefore, does not pass Google validation.

Generate key valid for 10 years (3650 days). Since no -keystore option is given, the key is stored in the default keystore $HOME/.keystore . C:\tmp>keytool -genkey -keyalg rsa -alias myke... Create the applet jar: jar -cf myapplet.jar com/my/applet Sign jar: C:\tmp>jarsigner myapplet.jar mykey Enter Passp... Verify signature: C:\tmp>jarsigner -verify -verbose -certs myapplet....

Java SE 6 contains built-in utilities to generate XML signatures. This is an example that generates XML signatures using a Java keystore. It has options to generate signature for the whole document, for an element with a specific ID, or for elements matched by an XPATH expression. The XML document used to test is taken from Getting Started with XML Security : <?xml version="1.0"?> <PatientRecord> ... This is the Java code: import java.io.FileInputStream; import java.io.... However, it looks like the XPATH transform is not working. The digest generated with XPATH filter is exactly the same as that without it (i.e., the whole document)! Another reference: Programming With the Java XML Digital Signature API

Generate a private key and store it in the keystore. The keystore file theKeyStore.jks will be created if it does not exist. The default keystore file is $HOME/.keystore if the -keystore option is not given. keytool -genkey -alias myjavakey -keyalg RSA -keys... Generate a private key and self-sign for 10 years. keytool -genkey -alias myjavakey -keyalg RSA -vali... List keys in the keystore. # short list keytool -list -keystore theKeyStor... Create a certificate signing request (CSR). keytool -certreq -alias myjavakey -keystore theKey... It seems that the Java keytool utility can't sign third party certificate signing requests (CSRs). We can use openssl to sign the certificate request created above. Generate signing private key with openssl. openssl genrsa -out openssl_ca.key -des 2048 Generate self-signed certificate valid for...

There is a open source project named [ini4j] for processing Windows .ini configuration files. However, I found it an overkill for my purposes. So here is my simple implementation of a .ini parser. It mimics the standard java.util.Properties class with enhancements to get and set properties by section name. There are only a few simple rules: Leading and trailing spaces are trimmed from section names, property names and property values. Section names are enclosed between [ and ] . Properties following a section header belong to that section Properties defined before the appearance of any section headers are considered global properties and should be set and get with no section names. You can use either equal sign ( = ) or colon ( : )...

When you install Apache with mod_ssl, an executable file openssl (or openssl.exe for Windows) is installed in /usr/local/ssl/bin (or %APACHE_HOME%/bin ). This utility is used to generate private key and certificate request: Generate private key: openssl genrsa -out server.key 1024 # or wi... Generate certificate request: openssl req -new -key server.key -out server.csr ... Self-Sign Certificate: openssl x509 -req -days 3650 -in server.csr -signk... Apache configuration: Listen 443 <VirtualHost *:443> ServerNam... In some configurations SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unc... is used to work around MSIE bugs. See http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#msie for details.