用命令:jarsigner -verify XXX.apk
增加 -verbose -certs 两个选项可显示更多信息.
如果有Android Debug字樣就是debug
如果已经签名: 显示类似如下信息
jar verified. Warning: This jar contains entries whose certificate chain is not validated. This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2040-09-01) or after any future revocation date. Re-run with the -verbose and -certs options for more details.
未签名显示如下信息
no manifest. jar is unsigned. (signatures missing or not parsable)
想查demo.apk所使用的签名的fingerprint,可以这样做:
1. 查找apk里的rsa文件Windows 平台:
> jar tfdemo.apk |findstr RSALinux 平台:
$ jar tfdemo.apk |grep RSAMETA-INF/CERT.RSA2. 从apk中解压rsa文件
jar xfdemo.apk META-INF/CERT.RSA3. 获取签名的fingerprints
keytool -printcert -file META-INF/CERT.RSA 证书指纹: MD5: 5A:5A:96:63:8E:EF:FC:66:9E:BC:1C:2A:A9:1E:E5:95 SHA1: 44:BD:33:2D:C5:21:AE:78:D5:04:92:1A:39:FD:AC:01:E2:32:3C:AB SHA256: 2F:C0:A3:8C:0D:42:84:70:48:78:44:A4:2E:64:5B:50:B3:B3:1E:33:94:62:A3:9F:2F:10:DD:EF:D7:CF:02:0B 签名算法名称: SHA1withRSA 版本: 3两个apk是否同签名,比较签名的MD5码或SHA1码 ,一样就是相同的,反之,不是
转载于:https://www.cnblogs.com/sjjg/p/4792220.html
相关资源:java生成及验证android签名文件源码及生成签名文件