On Wed, May 4, 2011 at 6:19 AM, allstars <[email protected]> wrote:
> hi > I have a apk > which is signed by the signapk.jar in android > and the key I use is to use SHA1WithDSA > (I modify the make_key tool) > > and this apk can be installed on gingerbread > but not on froyo > > I found this line in bouncycastle > http://goo.gl/ja9zd > and these removed lines are enabled again on gingerbread > > is my problem related to this code? > probably. In Gingerbread I upgraded Bouncycastle to the then latest release of 1.45 and wrote tests to ensure that we had a well defined set of algorithms that was similar to desktop virtual machines. This is why SHA1WithDSA was added back. If I recall correctly, the APK just uses that standard jar signing formats, so it can handle a variety of algorithms, so when I added these implementations back, it would make sense that some new formats might be accepted. However, it doesn't mean that its supported, and as you found, its probably not going to work on any pre-gingerbread systems. -bri -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
