Reputation: 387
How to sign a Linux/Android shared library?
Is there any existing solution on signing and verifying shared library (.so) in android/Linux? Thanks!
Upvotes: 1
Views: 909
Answers (1)
Reputation: 878
Assuming you're verifying the library from a normal Android app that you've built and signed, you could just add a build step (after the NDK build but before the Java build) to generate a Java class with the SHA1 sums (or a stronger hash function, if you prefer) of the .so files in your project. Build that generated Java class into your app, and verify at runtime. If the signature on your APK hasn't been tampered with, you can assume the values in the generated Java class are correct, so they must match the runtime-calculated hashes of the libraries.
Note that you may have to pick between a couple copies of the stored hash value if you're building for several platforms (arm, armv7-a, x86, etc.).
Upvotes: 1
Related Questions
- How to sign an android apk file
- NDK - linking a shared library
- Android: After building platform source, how to sign arbitrary APK with platform key?
- Shared library and Android NDK
- Link shared library under Android NDK
- Digitally signing a shared library on Android
- openssl as shared library in Android Native Code
- Do android libraries need to be signed?
- How to loadLibrary from another package signed by the same developer in Android?
- How to handle APK signing for Android in an FOSS project?