发布出去的APP,签名是必须要的,为什么要签名?
签名是为了证明APP的所有权是归公司所有。
签名可以是CA认证的证书签名文件,也可以是自签名的文件。
下面提供一种签名后的APP,在代码里获取签名信息的方式。
该签名信息可以用于app加解密时的唯一密钥,或者在此基础上进行二次加工的结果作为密钥。既保证了密钥的安全性,也保证的密码的强度。
获取签名信息
public static String getPublicKeyStrFromPackage() {
PublicKey publicKey = getPublicKeyFromPackage();
return publicKey != null ? publicKey.toString() : "";
}
public static PublicKey getPublicKeyFromPackage() {
String packageName = IGlobalAppContainer.getInstance().getContext().getPackageName();
PublicKey publicKey = null;
try {
PackageInfo packageInfo = IGlobalAppContainer.getInstance().getContext().getPackageManager().getPackageInfo(packageName, 64);
Signature[] signs = packageInfo.signatures;
Signature sign = signs[0];
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate)certFactory.generateCertificate(new ByteArrayInputStream(sign.toByteArray()));
publicKey = cert.getPublicKey();
Log.d("public key = " + publicKey);
} catch (CertificateException | NameNotFoundException var7) {
var7.printStackTrace();
}
return publicKey;
}
通过签名信息进行加解密(仅供参考)
加密:
public static String encryptByPublicKey(String content) throws Exception {
String publicKey = getPublicKeyStrFromPackage();
if (!TextUtils.isEmpty(publicKey)) {
int start = !publicKey.contains("modulus=") ? 0 : publicKey.indexOf("modulus=") + 8;
int end = publicKey.indexOf(",publicExponent=");
publicKey = publicKey.substring(start, end);
}
publicKey = MD5Tools.getMD5(publicKey);
return encrypt(content, publicKey);
}
解密:
public static String decryptByPublicKey(String content) {
try {
String publicKey = getPublicKeyStrFromPackage();
if (!TextUtils.isEmpty(publicKey)) {
int start = !publicKey.contains("modulus=") ? 0 : publicKey.indexOf("modulus=") + 8;
int end = publicKey.indexOf(",publicExponent=");
publicKey = publicKey.substring(start, end);
}
publicKey = MD5Tools.getMD5(publicKey);
return decrypt(content, publicKey);
} catch (NoSuchAlgorithmException var4) {
Log.w("解密失败! " + var4.toString());
return content;
}
}
你好,想请教下,okhttp做国密SSL改造,有没有比较完整的示例,或开源项目?需要单向、双向的
可以采用第三方签发证书机构进行国密证书签发与验证。
毛毛妹子太强了
哥斯拉小哥哥,好久不见~