Supposedly you can fetch your public keys from PackageInfo.signatures. (Should only be one if the package is only signed once.) (Yeah, I know -- key != signature, but I have it from the Highest Authority that that interface returns the keys.)
On Oct 7, 10:58 am, BGraversen <br...@digital-identity.dk> wrote: > Hi. > > I've posted this on Android Security as well, but that group does not > appear to have as much activity, so I'm hoping someone here can help > me. Actually I guess my question belongs in this group anyway, even > though it touches on some of the security aspects of android packages. > > My goal is to access the certificate that was used to sign the apk > package; and ordinarily, I would do that from inside the program like > this > > Certificates[] signingCertificates = > getClass().getProtectionDomain().getCodeSource().getCertificates(); > > Unfortunately it appears that getProtectionDomain() returns null on > android - according to the specs > > http://developer.android.com/reference/java/lang/Class.html#getProtec... > > this method might return null (to converse space?), but only for > system classes. Since I'm calling this from one of my own classes, I > would expect to get a non-null value, but unfortunately not :( > > I have tried from the emulator, and from an application deployed on my > phone using adb through a USB cable. I'm using the latest SDK (2.2) > and targeting android 1.6. > > So I guess I have two questions, the first being: why does > getProtectionDomain return null, and have anyone had any success using > this method from inside an android application. > > And the second: Is there some other way to access the certificate that > a given apk package was signed with (I can live with the restriction > that only a given package can know its own certificate). > > Kind regards > Brian Graversen -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en