2

我目前正在使用此代码在 Android 中获取我的 apk 文件的签名

PackageManager pm = getPackageManager(); 
try { 
        PackageInfo info = pm.getPackageInfo(getPackageName(), PackageManager.GET_SIGNATURES); 
        Signature[] sig = info.signatures; 
        String sigstring = new String(sig[0].toChars()); 
        //Do something with signature. 
        System.out.println("Signature: " + sigstring);
        Log.i("TAG", "Signature: " + sigstring); 
        Toast.makeText(this, "Signature: " + sigstring, Toast.LENGTH_LONG).show();
} catch (NameNotFoundException e) { 
        e.printStackTrace(); 
}

这给了我输出

10-10 10:00:58.012: I/TAG(313): Signature: 308201e53082014ea0030201020204501829fd300d06092a864886f70d01010505003037310b30090603550406130255533110300e060355040a1307416e64726f6964311630140603550403130d416e64726f6964204465627567301e170d3132303733313138353435335a170d3432303732343138353435335a3037310b30090603550406130255533110300e060355040a1307416e64726f6964311630140603550403130d416e64726f696420446562756730819f300d06092a864886f70d010101050003818d0030818902818100d405c1549373bb8479ab7818793085dc49813aff9ed901699b457b23afff5df817f1bbcdd4da89a600a87b5785c870ad9ee1c54a3ce25184a0da7364953d0cd9e8965c9977854bd60dbd3e7a84c4daf525ca2816d33c40265b2563cb170a8cad10555a77700ce5daabeda5ee2829066747f5635ca740eceec714a53870f7233f0203010001300d06092a864886f70d0101050500038181005ac282bf6d158538db92fa32fadf431bf9631ecb0944d0934f096fdda53f510aaaa4c0ad425e497a94c4eba45136be01efe60b8379f0f1540b634fbcfd776f0b0fd52910f947f05593735d7b64c001d312dbf7006ba2c91190fbc7cea0098e44b45d46ca0248157979d757c2ee10e8cf8cfd4dbcaa5028d3449c1b5b72f68cba

但是如果我在同一个apk文件上使用keytool,我会得到这个作为签名

C:\Users\Random>keytool -printcert -file C:\Users\Random\Desktop\CERT.RSA
Owner: CN=Android Debug, O=Android, C=US
Issuer: CN=Android Debug, O=Android, C=US
Serial number: 501829fd
Valid from: Wed Aug 01 02:54:53 SGT 2012 until: Fri Jul 25 02:54:53 SGT 2042
Certificate fingerprints:
         MD5:  39:A8:DB:4D:46:03:C5:22:18:0A:BC:18:C8:4C:39:D8
         SHA1: 88:6A:33:FF:81:18:5F:E5:A4:07:D7:8C:73:01:2D:23:A6:E5:F0:34
         Signature algorithm name: SHA1withRSA
         Version: 3

这两个签名有什么区别?以及如何获得与使用 PC 在 Android 中获得的值相同的值

4

1 回答 1

5

通过获得的签名PackageManager.getPackageInfo是 DER 格式的证书本身(通常?)。
该文件META-INF/CERT.RSA是一个 pkcs7 容器,包含这些证书。

于 2012-11-06T11:47:46.093 回答