Reputation: 1941
As you know there is two schemas for signing an APK file.(V1 (Jar Signature) and V2 (Full APK Signature).)
I have an APK file in hand and want to know whether it contains V1 or V2 or both. Is there a CLI tool which I can use it to do so?
Upvotes: 2
Views: 3167
Reputation: 17437
The Android SDK tools has a tool called apksigner
which allows you to verify the signature.
See https://developer.android.com/studio/command-line/apksigner#options-verify
$ apksigner verify --print-certs --verbose app-name.apk
You can find the binary under: [Path to Android SDK]/build-tools/28.0.3/apksigner
(Replace 28.0.3
which whatever version of build-tools you have)
Upvotes: 3
Reputation: 1941
Using this repository one can easily verify each of apk signatures.
Example:
$ ./print-apk-signature kodi-18.3-Leia-arm64-v8a.apk
Verifies
Verified using v1 scheme (JAR signing): true
Verified using v2 scheme (APK Signature Scheme v2): false
Number of signers: 1
Signer #1 certificate DN: CN=XBMC Foundation, OU=Android platform, O=XBMC Foundation, L=US, ST=US, C=us
Signer #1 certificate SHA-256 digest: f517b44b5db5e62a6c1ec55ba47526db7de0d61f6ba26a7987520e293499b8d5
Signer #1 certificate SHA-1 digest: 5cd9110c3d8e066324615d1279fb93a13c78d666
Signer #1 certificate MD5 digest: f9f0fe227fadf5c961400472a7e962ca
Signer #1 key algorithm: RSA
Signer #1 key size (bits): 2048
Signer #1 public key SHA-256 digest: 20ab9f102104a30fdf3859fb6b4f4033f7c98f7584530f8aeb46badb5a6bcd97
Signer #1 public key SHA-1 digest: 1b6455e869e679ebb65e0ca4b3cd0ab322e6da44
Signer #1 public key MD5 digest: 441b9aab27029f7a953cd16c2d20f525
Upvotes: 0