Android中的签名机制.docxVIP

Android中的签名机制 /C=CN/ST=ShanDao/L=QingDao/O=Haier/OU=Haier/CN=Haier/emailAddress=Haier转载时请注明出处和作者联系方式文章出处：/blog作者联系方式：李先静 xianjimli at hotmail dot com昨天看了一下Android中的签名机制，这里介绍一下Android中签名用的Key的产生方法和签名的原理。产生Keyo 产生RSA私钥(private key)openssl genrsa -3 -out testkey.pem 2048-3 是算法的参数（public exponent）。2048 是私钥长度。testkey.pem 是输出的文件。o 产生PKCS#10格式的认证请求。所谓认证请求就是发给认证机构认证的一个请求，它主要包括一个公钥和一些相关信息(如组织名称和联系人邮件地址)。openssl req -new -x509 -key testkey.pem -out testkey.x509.pem -days 10000 /-subj ‘/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@’如果不提供最后两个参数，openssl会提示你输入相关信息，这里的信息可以根据你自己的实际情况填写。如：openssl req -new -x509 -key testkey.pem -out testkey.x509.pem -days 10000You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter ‘.’, the field will be left blank.—–Country Name (2 letter code) [GB]:CNState or Province Name (full name) [Berkshire]:GuangDongLocality Name (eg, city) [Newbury]:ShenZhenOrganization Name (eg, company) [My Company Ltd]:TopwiseOrganizational Unit Name (eg, section) []:BronchoCommon Name (eg, your name or your server’s hostname) []:Email Address []:bronchosales@o 把私钥的格式转换成PKCS #8（Private-Key Information Syntax Standard.）openssl pkcs8 -in testkey.pem -topk8 -outform DER -out testkey.pk8 -nocrypt私钥是不能让别人知道的，否则就起不到必威体育官网网址的作用了。私钥通常是要加密保存的，但这里指定了-nocryp，表示不加密。Android提供了一个脚本mkkey.sh用来简化上面的步骤：if [$1 == ]; thenecho Create a test certificate key.echo Usage: $0 NAMEecho Will generate NAME.pk8 and NAME.x509.pemecho /C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@returnfiopenssl genrsa -3 -out $1.pem 2048openssl req -new -x509 -key $1.pem -out $1.x509.pem -days 10000 /-subj /C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@openssl pkcs