Got this error while trying to build Android app: [apkbuilder] Creating AppInfo-debug-unaligned.ap... Solution: Delete the Android debug keystore: $ rm ~/.android/debug.keystore Build again: $ ant debug The new key is valid for 30 years (keystore password is 'android'): $ keytool -list -v -keystore ~/.android/debug.keys...

The javax.xml.crypto and javax.xml.crypto.dsig packages are not available in Android (as of version 2.3). Therefore, standard Java API does not work. But you can use the Apache Santuario library to do that. Here are the steps: Download the xml security source distribution (curently version 1.4.4). Build with ant. Create your own library jar (only the apache classes, no javax): jar -cf xmlsec-1.4.4.jar -C build/classes org Copy xmlsec-1.4.4.jar to the libs directory of your Android project. Here's the Java code: import java.io.*; import javax.xml.parsers.*; ...

To view certificate in CERT.RSA : C:\tmp>openssl pkcs7 -inform DER -in CERT.RSA -noo... To convert certificate to PEM: openssl pkcs7 -inform DER -in CERT.RSA -out CERT.p... Java keytool also works: $ keytool -printcert -file CERT.RSA Owner: EMA...

This Java code fragment gets the list of signatures associated with the named package. Usually, there's only one signature for a package. But if the signing key was signed by another key, or the package was signed with multiple keys, then there'll be multiple signatures. try { PackageInfo pkgInfo = getPackageManag...

To sign an Android APK from command line: Sign the APK with jarsigner (using default keystore, android-root is the alias of the signing key): $ jarsigner -signedjar HelloWorld-new.apk HelloWor... Verify signature (optional) $ jarsigner -verify -verbose -certs HelloWorld-new... Align the APK (must use -v 4 option): $ ~/android-sdk-linux_86/tools/zipalign -v 4 Hello...

Create an openssl configuration file which enables subject alternative names ( openssl.cnf ): [req] distinguished_name = req_distinguished_... Create a certificate request using above configuration file: C:\work>openssl req -new -key testServer.key -out ... Verify the request was created successfully: C:\work>openssl req -text -noout -in testServer.cs... (Optional) self-sign the certificate request: C:\work>openssl x509 -req -days 3650 -in testServe...

These are the steps with openssl: openssl genrsa -out key.pem 1024 openssl req -new -key key.pem -out request.pem openssl x509 -req -days 3650 -in request.pem -signkey key.pem -out certificate.pem openssl pkcs8 -topk8 -outform DER -in key.pem -inform PEM -out key.pk8 -nocrypt Sign with SignApk : java com.android.signapk.SignApk -w certificate.pe... Note the -w switch, which is required to generate the whole file signature , which Google verifies. Zip files created by jarsigner doesn't have the whole file signature and therefore, does not pass Google validation.

Generate key valid for 10 years (3650 days). Since no -keystore option is given, the key is stored in the default keystore $HOME/.keystore . C:\tmp>keytool -genkey -keyalg rsa -alias myke... Create the applet jar: jar -cf myapplet.jar com/my/applet Sign jar: C:\tmp>jarsigner myapplet.jar mykey Enter Passp... Verify signature: C:\tmp>jarsigner -verify -verbose -certs myapplet....

This is a more generic version, which can be expanded to accommodate additional file signatures. import java.io.*; import java.util.*; pu...

Get the public keys. The Apache HTTPD developer keys are available from: http://www.apache.org/dist/httpd/KEYS . Save the key file as KEYS . Import the keys into your keyring. The GPG ring is stored at $HOME/.gnupg/pubring.gpg . gpg --import KEYS Verify the signature. Using mod_proxy_html as example: C:\Downloads>gpg mod_proxy_html.zip.asc gpg: Si...

This XML signature validator comes from the Apache XML Security project. It validates the signature according to the core validation processing rules . It does not verify that the key used to generate the signature is a trusted key. You can override the KeySelector class to make sure that the signing key is from a trusted store. import javax.xml.crypto.*; import javax.xml.cry...

Java SE 6 contains built-in utilities to generate XML signatures. This is an example that generates XML signatures using a Java keystore. It has options to generate signature for the whole document, for an element with a specific ID, or for elements matched by an XPATH expression. The XML document used to test is taken from Getting Started with XML Security : <?xml version="1.0"?> <PatientRecord> ... This is the Java code: import java.io.FileInputStream; import java.io.... However, it looks like the XPATH transform is not working. The digest generated with XPATH filter is exactly the same as that without it (i.e., the whole document)! Another reference: Programming With the Java XML Digital Signature API