Sai
Reputation: 2109
Verifying an APK programmatically using JarSigner
I want to use verify an APK from Java code using JarSigner. I am writing an app that programatically installs APKs (much like Google Play) and before installing it checks for the following:
- Verify the signature of the .SF file itself.Verify the digest listed
in each entry in the .SF file with each corresponding section in the
manifest.
Verify the digest listed in each entry in the .SF file with each corresponding section in the manifest.
Read each file in the JAR file that has an entry in the .SF file. While reading, compute the file's digest, and then compare the result with the digest for this file in the manifest section.
This is much like running jarsigner with -verify option on command line
I looked up Java documentation, I think I could use JarSigner.verifyJar() API for this.But this is not public method. Has anyone tried to verify APK from Java code? Will appreciate any pointers.
Upvotes: 1
Views: 4484
Answers (1)
Buddy
Reputation: 11038
You can get your signature like this:
PackageInfo packageInfo = context.getPackageManager().getPackageInfo(
context.getPackageName(), PackageManager.GET_SIGNATURES);
List<String> list = new ArrayList<>();
for (Signature signature : packageInfo.signatures) {
MessageDigest md = MessageDigest.getInstance("SHA");
md.update(signature.toByteArray());
final String currentSignature = Base64.encodeToString(md.digest(), Base64.DEFAULT);
list.add(currentSignature);
}
Check out this article for full details.
Upvotes: 2
Related Questions
- Sign an apk using keytool
- How to use jarsigner for signing an apk?
- How to Sign apk programmatically in java / by using command line
- Android - Error signing my apk wit jarsigner
- How to verify a jar signed with jarsigner programmatically
- Unable to sign apk file using jarsigner
- Verify and Sign a Jar programmatically
- how to sign ".apk" file on an Android Phone?
- Signing APK by commandline
- How do I sign an apk using .key file?