Here, we will focus on using Android Studio itself, though note that there are options for signing your app via Gradle tasks. How you will apply this production signing key to sign your production app again varies by your tool chain. Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 10,000 daysįor: CN=Mark Murphy, OU=Unknown, O="CommonsWare, LLC", L=Unknown, ST=PA, C=US Is CN=Mark Murphy, OU=Unknown, O="CommonsWare, LLC", L=Unknown, ST=PA, C=US correct? What is the two-letter country code for this unit? What is the name of your State or Province? What is the name of your City or Locality? What is the name of your organizational unit? $ keytool -genkey -v -keystore cw-release.keystore -alias cw-release -keyalg RSA -validity 10000 -keysize 2048
You will need to supply these passwords later on when signing an application with the key. Each “keystore” has a password for the store itself, and keys can also have their own individual passwords. The keytool utility manages the contents of a “keystore”, which can contain one or more keys. This comes with the Java SDK, and so it should be available to you already. To manually create a production signing key, you will need to use keytool. Android StudioĪndroid Studio has support to create a production signing key as part of its overall process for creating a production-signed APK, which is covered later in this chapter. The mechanics of creating a production signing key depend on whether you will use Android Studio or will create one outside of any IDE. In other words, these certificates do not prove you are such-and-so person, but can prove that the same key signed two different APKs. These keys are for creating immutable identity, but are not for creating confirmed identity. Note that both the debug signing key and its production counterpart are self-signed certificates - you do not have to purchase a certificate from Verisign or anyone. Once your key expires, you can no longer use it for signing new applications, which means once the key expires, you cannot update existing Android applications. How long your production signing key is valid for is important. So, you will need to create a key that is acceptable to those channels, plus arrange to use that key when creating your production apps. Distribution channels like the Play Store do not accept apps signed with the debug signing key. Beyond the debug keystore, though, you will need one for production use.
0 kommentar(er)
