Fixed
Status Update
Comments
kl...@google.com <kl...@google.com>
ap...@google.com <ap...@google.com> #2
Project: platform/tools/apksig
Branch: master
commit fcc8e2a50a3cde20bb30ce622d8d99ca3961fb49
Author: Alex Klyubin <klyubin@google.com>
Date: Sat Jul 22 16:05:13 2017
User-friendlier error when JAR sig alg unsupported
When reporting that an APK's JAR signature could not be verified
because it uses an unsupported digest or signature algorithm,
apksig/apksigner reported the OIDs of these two algorithms because
this is what's stored in the actual signature. This causes confusion
for users.
This commit thus adjusts this error message to use user-friendlier
algorithm names instead of OIDs. For example, SHA-256 instead of
2.16.840.1.101.3.4.2.1.
This commit also makes the list of API Levels look more readable.
Test: apksigner verify --min-sdk-version=14 \
src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha256-1.2.840.113549.1.1.1-2048.apk
Produces user-friendlier error without OIDs:
ERROR: JAR signer CERT.RSA: JAR signature META-INF/CERT.RSA
uses digest algorithm SHA-256 and signature algorithm RSA which
is not supported on API Level(s) 14-17 for which this APK is being
verified
Test: bazel test ...
Test: gradlew test
Bug: 63525618
Change-Id: If240b4199e0757f89d3eed0b71b20fbb8104b2c7
M src/main/java/com/android/apksig/ApkVerifier.java
M src/main/java/com/android/apksig/internal/apk/v1/V1SchemeVerifier.java
https://android-review.googlesource.com/442139
https://goto.google.com/android-sha1/fcc8e2a50a3cde20bb30ce622d8d99ca3961fb49
Branch: master
commit fcc8e2a50a3cde20bb30ce622d8d99ca3961fb49
Author: Alex Klyubin <klyubin@google.com>
Date: Sat Jul 22 16:05:13 2017
User-friendlier error when JAR sig alg unsupported
When reporting that an APK's JAR signature could not be verified
because it uses an unsupported digest or signature algorithm,
apksig/apksigner reported the OIDs of these two algorithms because
this is what's stored in the actual signature. This causes confusion
for users.
This commit thus adjusts this error message to use user-friendlier
algorithm names instead of OIDs. For example, SHA-256 instead of
2.16.840.1.101.3.4.2.1.
This commit also makes the list of API Levels look more readable.
Test: apksigner verify --min-sdk-version=14 \
src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha256-1.2.840.113549.1.1.1-2048.apk
Produces user-friendlier error without OIDs:
ERROR: JAR signer CERT.RSA: JAR signature META-INF/CERT.RSA
uses digest algorithm SHA-256 and signature algorithm RSA which
is not supported on API Level(s) 14-17 for which this APK is being
verified
Test: bazel test ...
Test: gradlew test
Bug: 63525618
Change-Id: If240b4199e0757f89d3eed0b71b20fbb8104b2c7
M src/main/java/com/android/apksig/ApkVerifier.java
M src/main/java/com/android/apksig/internal/apk/v1/V1SchemeVerifier.java
ap...@google.com <ap...@google.com> #3
Project: platform/tools/apksig
Branch: master
commit 41ca1d3f507de47becdf57f0713f5deab93c645e
Author: Alex Klyubin <klyubin@google.com>
Date: Wed Aug 09 09:30:22 2017
Bump apksigner version to 0.8
Changes since 0.7:
* Java 9 support: apksig and apksigner compile and run on Java 9
* User-friendlier error when unsupported digest or signature
algorithm in JAR signature
* New --pass-encoding parameter to deal with KeyStores and keys
encrypted using non-ASCII passwords. Existing setups with apksigner
and non-ASCII password KeyStores/keys may need to start using this
parameter after the switch to Java 9. See 'apksigner sign' help page
for more information.
* RDNs in PKCS #7 SignerIdentifier are no longer re-encoded (e.g.,
from Utf8String to PrintableString). Instead, the referenced X.509
certificate's Issuer DN is used verbatim.
Test: apksigner version
Bug: 37135737
Bug: 37137869
Bug: 63525618
Change-Id: I4a4f9639a3c1c08b8c89b076e4bed5be6680b79a
M src/apksigner/java/com/android/apksigner/ApkSignerTool.java
https://android-review.googlesource.com/455217
https://goto.google.com/android-sha1/41ca1d3f507de47becdf57f0713f5deab93c645e
Branch: master
commit 41ca1d3f507de47becdf57f0713f5deab93c645e
Author: Alex Klyubin <klyubin@google.com>
Date: Wed Aug 09 09:30:22 2017
Bump apksigner version to 0.8
Changes since 0.7:
* Java 9 support: apksig and apksigner compile and run on Java 9
* User-friendlier error when unsupported digest or signature
algorithm in JAR signature
* New --pass-encoding parameter to deal with KeyStores and keys
encrypted using non-ASCII passwords. Existing setups with apksigner
and non-ASCII password KeyStores/keys may need to start using this
parameter after the switch to Java 9. See 'apksigner sign' help page
for more information.
* RDNs in PKCS #7 SignerIdentifier are no longer re-encoded (e.g.,
from Utf8String to PrintableString). Instead, the referenced X.509
certificate's Issuer DN is used verbatim.
Test: apksigner version
Bug: 37135737
Bug: 37137869
Bug: 63525618
Change-Id: I4a4f9639a3c1c08b8c89b076e4bed5be6680b79a
M src/apksigner/java/com/android/apksigner/ApkSignerTool.java
kl...@google.com <kl...@google.com> #4
This is fixed in apksigner 0.8 which was released in Android SDK Build Tools 26.0.2.
Description
----
JAR signature META-INF/DELROID.RSA uses digest algorithm 2.16.840.1.101.3.4.2.1 and signature algorithm 1.2.840.113549.1.1.1 which is not supported on API Levels [[12, 17]]
---
The wording of the error is causing confusion among developers who use the library/tool (e.g.,