重学Android 之路之一 APK签名

从毕业到现在从事Android 开发也已经达1年了，但对于Android 整体还没有已经认知。

目前为止，还没有整整一个拿得出手的app，实属惭愧。

今日，刚好看到某eoe博友，分享学习心得。我也就想重头研究一下基本的东西，并将遇到的各种问题，都发出来，希望可以帮助到大家。

好咧，开篇。

先来讲讲签名

看看Android 给的解释： http://developer.android.com/tools/publishing/app-signing.html

Signing Your Applications

The Android system requires that all installed applications be digitally signed with a certificate whose private key is held by the application's developer. The Android system uses the certificate as a means of identifying the author of an application and establishing trust relationships between applications. The certificate is not used to control which applications the user can install. The certificate does not need to be signed by a certificate authority: it is perfectly allowable, and typical, for Android applications to use self-signed certificates.

Android系统要求所有安装的应用程序进行数字签名证书的私钥持有的应用程序的开发，Android系统使用证书的应用程序和应用程序之间建立信任关系的确定作者的一种手段。没有签名的程序将不能被安装。证书不需要证书颁发机构来颁发，完全是允许开发者自己来创建证书，Android应用程序使用自签名的证书。

The important points to understand about signing Android applications are:

以下重要的几点，让你了解Android签名

1. All applications must be signed. The system will not install an application on an emulator or a device if it is not signed.
2. To test and debug your application, the build tools sign your application with a special debug key that is created by the Android SDK build tools.
3. When you are ready to release your application for end-users, you must sign it with a suitable private key. You cannot publish an application that is signed with the debug key generated by the SDK tools.
4. You can use self-signed certificates to sign your applications. No certificate authority is needed.
5. The system tests a signer certificate's expiration date only at install time. If an application's signer certificate expires after the application is installed, the application will continue to function normally.
6. You can use standard tools — Keytool and Jarsigner — to generate keys and sign your application .apk files.
7. After you sign your application for release, we recommend that you use thezipalign tool to optimize the final APK package.

1. 所有的应用程序必须要签名，如果应用程序没有签名，将不能安装到模拟器和Android设备中。
2. 为了测试和调试应用程序，Android SDK会创建一个特殊的签名来对应用程序签名。
3. 当你要发布应用程序时，必须要签署一个你私有的密钥，不能讲SDK 工具默认的 debug签名的程序发布出去。
4. 您可以使用自己的签名来签署你的应用程序，可以没有颁发机构。
5. 只有在安装的时候系统才会检测证书到期时间，如果一个应用程序在安装之后过期，那这个程序还将继续正常运行。
6. 您可以使用标准工具 --Keytool 和 Jarsigner 来生成密钥，签名 .apk 文件。
7. 您签名后的准备发布的程序，我们建议您使用 zipalign 工具进行apk的最终优化。

这些工具都位于

The Android system will not install or run an application that is not signed appropriately. This applies wherever the Android system is run, whether on an actual device or on the emulator. For this reason, you must set up signing for your application before you can run it or debug it on an emulator or device.

Android 系统将无法运行没有签名的程序，所有的Android设备和模拟器都是这样的。所以，你必须先给你的应用程序签名，才可以运行在模拟器和所有Android 设备上。

Signing Process

The Android build process signs your application differently depending on which build mode you use to build your application. There are two build modes: debug mode and release mode. You use debug mode when you are developing and testing your application. You use release mode when you want to build a release version of your application that you can distribute directly to users or publish on an application marketplace such as Google Play.

未完待续....

 

 

 

<script type="text/javascript"><!--google_ad_client = "ca-pub-1944176156128447";/* cnblogs 首页横幅 */google_ad_slot = "5419468456";google_ad_width = 728;google_ad_height = 90;//--></script><script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>