Reputation: 715
How do I sign an apk with a private key I made with GPG?
Is this even possible? I have a key-pair that I already made with GPG but I just can't find a way to sign it with that key. I don't really want to make a new key with keytool or whatever just for this; I'd rather use the key I have now. Anybody know how I could do this? Thanks in advance.
Upvotes: 6
Views: 2447
Answers (3)
Reputation: 1591
I just wanna manage the OpenPGP keys only too. So here is my way.
openpgp2ssh
First install it from monkeysphere.
sudo apt install monkeysphere
Note: openpgp2ssh works only if the secret key is not password-protected and RSA keys. So it might be necessary to remove the protection.
Now, export the PGP key and hand it over to openpgp2ssh:
gpg --list-keys # show your keys with keyid.
gpg --export-secret-subkeys your@email | openpgp2ssh $SubKeyId > id_rsa
openssl rsa -in id_rsa -outform pem > key.pem
openssl req -new -key key.pem -out request.pem
openssl x509 -req -days 9999 -in request.pem -signkey key.pem -out certificate.pem
openssl pkcs8 -topk8 -outform DER -in key.pem -inform PEM -out key.pk8 -nocrypt
Upvotes: 1
Reputation: 1025
You do need to sign with jarsigner. But jarsigner is actually a little more flexible than you'd think. If you already have a signing key you want to use then you can export it out of gpg and import it into a java keystore then sign that way. If you want to attempt to do that you can try keytool but it's far easier to get Keytool Explorer because keytool has a lot of options.
Jarsigner is actually pretty flexible. This Document describes a process by which you can create your own providers. I'm surprised there isn't already one that uses the GPG keystores already. There is a way to do it with a Yubikey which is the only reason I am aware of all of this - my signing keys are safely locked away in my yubikey where even I can't get them (yes I have a secure backup somewhere).
Upvotes: 0
Reputation: 10063
I very much doubt that GPG generates keys that could be used by jarsigner. It might be possible to write a converter to do this, but it would be far less work to just bite the bullet and generate a new key. The command to do this is simply
keytool -genkey -alias mynickname -validity 20000 -keystore ~/.android/my-keystore
(p.s. make a backup of the key and make very sure you don't forget either the keystore password or the key password. There are far too many sad stories of people who've put apps on the market and then forgotten or lost the password.)
Upvotes: 2
Related Questions
- How to sign an application package (APK) using OpenPGP (Yubikey)?
- Sign an apk using keytool
- How to Sign android app with private_key.pepk
- How to use jarsigner for signing an apk?
- Android - Error signing my apk wit jarsigner
- Unable to sign apk file using jarsigner
- Android how to sign my APK with google provided license key
- how to sign ".apk" file on an Android Phone?
- Signing APK by commandline
- How do I sign an apk using .key file?