On Tue, Nov 16, 2010 at 1:48 PM, tera tellence <[email protected]>wrote:
> I verified it with jarsigner which returned a "jar verified" message and > the Android package installer also succeeds after an " adb install > xxx.apk". Then you didn't change it in a way that would count as a functional change to it. You haven't said what you are actually changing, so it is hard to address any comments you have. > Perhaps Dianne, could you clarify this: > After an .apk is signed, the META-INF with .RSA and .SF are created. > What does the .RSA contain?? > The .SF file seems to consist of all the component files of the .apk with > their individual digests. > I won't try to answer this, since it is jarsigner stuff I am not an expert on. > If I modify one of the files given here and then recompute the SHA1 > digest(base 64 encoded) then typically the apk would get signed however, the > verification would fail. > Is that right? > If your .apk is signed incorrectly, for whatever reason, then it will fail verification. This is not Android-specific; we just rely on the standard Java signing facilities, and you should be able to find a lot of documentation on that. -- Dianne Hackborn Android framework engineer [email protected] Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
