Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

am 45df16aa: am 6e372639: am 30890f28: am c5cb262c: Merge "docs: Keystore/Cert warning for Signing Apps, Issue: 8180111" into jb-mr1-dev

Browse Source 
# Via Android Git Automerger (3) and others
* commit '45df16aa73c6665f55c86f4a9998e6b383b751ca':
  docs: Keystore/Cert warning for Signing Apps, Issue: 8180111
This commit is contained in:
Joe Fernandez
2013-02-13 09:45:59 -08:00
committed by Android Git Automerger
parent c698a855d2 45df16aa73
commit 4c28487acd
1 changed files with 18 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
docs/html/tools/publishing/app-signing.jd
View File

@@ -96,8 +96,7 @@ you compile.</p>
you don't have a private key, you can use the Keytool utility to create one for you. When you you don't have a private key, you can use the Keytool utility to create one for you. When you
compile your application in release mode, the build tools use your private key along with the compile your application in release mode, the build tools use your private key along with the
Jarsigner utility to sign your application's <code>.apk</code> file. Because the certificate and Jarsigner utility to sign your application's <code>.apk</code> file. Because the certificate and
private key you use are your own, you will have to provide the password for the keystore and key private key you use are your own, you must provide the password for the keystore and key alias.</p>
alias.</p>
<p>The debug signing process happens automatically when you run or debug your application using <p>The debug signing process happens automatically when you run or debug your application using
Eclipse with the ADT plugin. Debug signing also happens automatically when you use the Ant build Eclipse with the ADT plugin. Debug signing also happens automatically when you use the Ant build
@@ -117,13 +116,13 @@ lifespan of your applications. There are several reasons why you should do so: <
<ul> <ul>
<li>Application upgrade &ndash; As you release updates to your application, you <li>Application upgrade &ndash; As you release updates to your application, you
will want to continue to sign the updates with the same certificate or set of must continue to sign the updates with the same certificate or set of certificates,
certificates, if you want users to upgrade seamlessly to the new version. When if you want users to be able to upgrade seamlessly to the new version. When
the system is installing an update to an application, it compares the the system is installing an update to an application, it compares the
certificate(s) in the new version with those in the existing version. If the certificate(s) in the new version with those in the existing version. If the
certificates match exactly, including both the certificate data and order, then certificates match exactly, including both the certificate data and order, then
the system allows the update. If you sign the new version without using matching the system allows the update. If you sign the new version without using matching
certificates, you will also need to assign a different package name to the certificates, you must also assign a different package name to the
application &mdash; in this case, the user installs the new version as a application &mdash; in this case, the user installs the new version as a
completely new application. </li> completely new application. </li>
@@ -314,6 +313,13 @@ your key secure and why doing so is critically important to you and to users. In
particular, when you are generating your key, you should select strong passwords particular, when you are generating your key, you should select strong passwords
for both the keystore and key.</p> for both the keystore and key.</p>
<p class="warning"><strong>Warning:</strong> Keep the keystore file you generate with Keytool
in a safe, secure place. You must use the same key to sign future versions of your application. If
you republish your app with a new key, Google Play will consider it a new app. For more information
on settings that must remain constant over the life of your app, see the Android Developer Blog post
<a href="http://android-developers.blogspot.com/2011/06/things-that-cannot-change.html">Things
That Cannot Change</a>.</p>
<table> <table>
<tr> <tr>
<th>Keytool Option</th> <th>Keytool Option</th>
@@ -597,6 +603,10 @@ replace your authentic applications or corrupt them. Such a person could also
sign and distribute applications under your identity that attack other sign and distribute applications under your identity that attack other
applications or the system itself, or corrupt or steal user data. </p> applications or the system itself, or corrupt or steal user data. </p>
<p>Your private key is required for signing all future versions of your application. If you lose or
misplace your key, you will not be able to publish updates to your existing application. You cannot
regenerate a previously generated key.</p>
<p>Your reputation as a developer entity depends on your securing your private <p>Your reputation as a developer entity depends on your securing your private
key properly, at all times, until the key is expired. Here are some tips for key properly, at all times, until the key is expired. Here are some tips for
keeping your key secure: </p> keeping your key secure: </p>
@@ -612,7 +622,9 @@ which any user on your computer could access.</li>
options at the command line. </li> options at the command line. </li>
<li>Do not give or lend anyone your private key, and do not let unauthorized <li>Do not give or lend anyone your private key, and do not let unauthorized
persons know your keystore and key passwords.</li> persons know your keystore and key passwords.</li>
<li>Keep the keystore file containing your private key that you <a href="#cert">generate with the
Keytool</a> in a safe, secure place.</li>
</ul> </ul>
<p>In general, if you follow common-sense precautions when generating, using, <p>In general, if you follow common-sense precautions when generating, using,
and storing your key, it will remain secure. </p> and storing your key, it will remain secure. </p>