Google Play 应用签名问题,升级应用签名密钥无效

问题描述 投票:0回答:1

我想用自己的证书签署应用程序,发布应用程序后,我在 Google Play 控制台中成功升级我的应用程序签名密钥。

但是当我从 google play 下载应用程序并导出 apk 时,我使用 apksigner 来打印证书,它的输出:

apksigner verify  -v --print-certs ~/Desktop/my.apk

Verifies
Verified using v1 scheme (JAR signing): true
Verified using v2 scheme (APK Signature Scheme v2): true
Verified using v3 scheme (APK Signature Scheme v3): true
Verified using v3.1 scheme (APK Signature Scheme v3.1): true
Verified using v4 scheme (APK Signature Scheme v4): false
Verified for SourceStamp: false
Number of signers: 1
Signer (minSdkVersion=33, maxSdkVersion=2147483647) certificate DN: CN=***, OU=myname, O=***, L=***, ST=***, C=***
Signer (minSdkVersion=33, maxSdkVersion=2147483647) certificate SHA-256 digest: *******4cd54be39f12785a80a7baf
Signer (minSdkVersion=33, maxSdkVersion=2147483647) certificate SHA-1 digest: *******fc6b66a9416da89169465
Signer (minSdkVersion=33, maxSdkVersion=2147483647) certificate MD5 digest: *******556b3cf266b2bc2741cf6
Signer (minSdkVersion=33, maxSdkVersion=2147483647) key algorithm: RSA
Signer (minSdkVersion=33, maxSdkVersion=2147483647) key size (bits): 2048
Signer (minSdkVersion=33, maxSdkVersion=2147483647) public key SHA-256 digest: 897a4860c3f2bb2ce4b9d4e687774394d776d6a624b84e78d47eb8cb0cb84189
Signer (minSdkVersion=33, maxSdkVersion=2147483647) public key SHA-1 digest: ef4e19e9869be1e469484b1cb9a15abdec1ffedd
Signer (minSdkVersion=33, maxSdkVersion=2147483647) public key MD5 digest: 53d0af1be1c494da91512013ac715e38


Signer (minSdkVersion=24, maxSdkVersion=32) certificate DN: CN=Android, OU=Android, O=Google Inc., L=Mountain View, ST=California, C=US
Signer (minSdkVersion=24, maxSdkVersion=32) certificate SHA-256 digest: a467d5b26721543e4497d2f13a8bb1ad2fda43a3c465cfa68aab1c788f6b1122
Signer (minSdkVersion=24, maxSdkVersion=32) certificate SHA-1 digest: 0064b9fda8a3607caffb40ee9cb473281a075506
Signer (minSdkVersion=24, maxSdkVersion=32) certificate MD5 digest: 21c559262c1eff96efca2e48838a4338
Signer (minSdkVersion=24, maxSdkVersion=32) key algorithm: RSA
Signer (minSdkVersion=24, maxSdkVersion=32) key size (bits): 4096
Signer (minSdkVersion=24, maxSdkVersion=32) public key SHA-256 digest: 6af34c08a9c2d16f1ad3778a4540f8582bc3f73f9079628a1f9fa91169dc24d9
Signer (minSdkVersion=24, maxSdkVersion=32) public key SHA-1 digest: b0f5300c9270f35ee0a12d5c1632dc96089a047a
Signer (minSdkVersion=24, maxSdkVersion=32) public key MD5 digest: 868505b614e176b68c539f2f64f64091

Source Stamp Signer certificate DN: CN=Android, OU=Android, O=Google Inc., L=Mountain View, ST=California, C=US
Source Stamp Signer certificate SHA-256 digest: 3257d599a49d2c961a471ca9843f59d341a405884583fc087df4237b733bbd6d
Source Stamp Signer certificate SHA-1 digest: b1af3a0bf998aeede1a8716a539e5a59da1d86d6
Source Stamp Signer certificate MD5 digest: 577b8a9fbc7e308321aec6411169d2fb
Source Stamp Signer key algorithm: RSA
Source Stamp Signer key size (bits): 4096
Source Stamp Signer public key SHA-256 digest: 4c53c1d28f2ecceadcb1351603f0b702615b3454b6e30070de759359f241b802
Source Stamp Signer public key SHA-1 digest: 188b067a9ee881bde55dabe0f8f7ecb320b1a091
Source Stamp Signer public key MD5 digest: 965afac83f033aa037a54482eb6922d5

为什么我自己的证书用于 minSdkVersion=33 ~ maxSdkVersion=2147483647,而 google play 的证书用于 minSdkVersion=24 ~ maxSdkVersion=32 (Adnroid 7 ~ Adnroid 13) ?

google-play android-app-signing
1个回答
0
投票

了解您的问题的重要一点是,对应密钥升级请求的唯一可用选项是“请求对 Android N(API 级别 24)及更高版本上的所有安装进行密钥升级”。这意味着版本低于 Android T(API 级别 33)的用户需要升级才能使用旧密钥来签署新安装或更新。该应用程序将继续使用您的旧密钥进行签名,但会生成徽章中包含的密钥轮换证明(以在您之前的密钥 A 和新密钥 B 之间建立信任),以便用户可以信任您正在使用的新密钥一次他们完全升级到 Android T 版本及更高版本,并且已经注册。

此外,请注意 API 32 及以下用户的附加条件:

对于 API 23 及更低版本,新密钥将作为密钥轮换徽章的一部分包含在内,但不会生效。 对于 API 24 至 API 32,新密钥将作为密钥轮换徽章的一部分包含在内,但旧密钥仍将用于验证您的集成 API 服务或触发应用程序更新。此外,如果用户的设备当前启用了 Google Play Protect,系统将确保使用轮换密钥(即您的新密钥)对更新进行签名。因此,除非禁用 GPP,否则用户将无法触发仅使用您的旧密钥签名的第三方来源的应用程序更新。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.