1 page.title=Creating Release Keys and Signing Builds 2 pdk.version=1.0 3 doc.type=porting 4 @jd:body 5 6 <div id="qv-wrapper"> 7 <div id ="qv"> 8 <h2>In this document</h2> 9 <a name="toc"/> 10 <ul> 11 <li><a href="#intro">Introduction</a></li> 12 <li><a href="#generatingKeys">Generating keys</a></li> 13 <li><a href="#signing">Signing a build for release</a></li> 14 </ul> 15 </div> 16 </div> 17 <a name="intro"></a> 18 <h3>Introduction</h3> 19 <p>Android requires that each application be signed with the developer's digital keys to enforce signature permissions and application request to use shared user ID or target process. For more information on the general Android security principles and signing requirements, see the Android Security and Permissions section in the Android Developer Guide). The core Android platform uses four keys to maintain security of core platform components:</p> 20 <ul> 21 <li><strong>platform</strong>: a key for packages that are part of the core platform.</li> 22 <li><strong>shared</strong>: a key for things that are shared in the <code>home/contacts</code> process.</li> 23 <li><strong>media</strong>: a key for packages that are part of the <code>media/download</code> system.</li> 24 <li><strong>releasekey</strong>: the default key to sign with if not otherwise specified</li> 25 </ul> 26 <p>These keys are used to sign applications separately for release images and are not used by the Android build system. The build system signs packages with the testkeys provided in <code>build/target/product/security/</code>. Because the testkeys are part of the standard Android open source distribution, they should never be used for production devices. Instead, device manufacturers should generate their own private keys for shipping release builds.</p> 27 <a name="generatingKeys"></a> 28 <h3>Generating keys</h3> 29 <p>A device manufacturer's keys for each product should be stored under <code>vendor/<vendor_name>/security/<product_name></code>, where <code><vendor_name></code> and <code><product_name></code> represent the manufacturer and product names. To simplify key creation, copy the script below to this directory in a file called <code>mkkey.sh</code>. To customize your keys, change the line that starts with AUTH to reflect the correct information for your company:</p> 30 <pre> 31 #!/bin/sh 32 AUTH='/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android (a] android.com' 33 if [ "$1" == "" ]; then 34 echo "Create a test certificate key." 35 echo "Usage: $0 NAME" 36 echo "Will generate NAME.pk8 and NAME.x509.pem" 37 echo " $AUTH" 38 exit 39 fi 40 41 openssl genrsa -3 -out $1.pem 2048 42 43 openssl req -new -x509 -key $1.pem -out $1.x509.pem -days 10000 \ 44 -subj "$AUTH" 45 46 echo "Please enter the password for this key:" 47 openssl pkcs8 -in $1.pem -topk8 -outform DER -out $1.pk8 -passout stdin 48 </pre> 49 <p><code>mkkey.sh</code> is a helper script to generate the platform's keys. NOTE: the password you type will be visible in your terminal window. Note the passwords you use as you will need them to sign release builds.</p> 50 <p>To generate the required 4 platform keys, run <code>mkkey.sh</code> four times specifying the key name and password for each:</p> 51 <pre> 52 sh mkkey.sh platform # enter password 53 sh mkkey.sh media # enter password 54 sh mkkey.sh shared # enter password 55 sh mkkey.sh release # enter password 56 </pre> 57 <p>You should now have new keys for your product.</p> 58 <a name="signing"></a> 59 <h3>Signing a build for release</h3> 60 <p>Signing a build for a release is a two-step process. </p> 61 <ol> 62 <li>Sign all the individual parts of the build.</li> 63 <li>Put the parts back together into image files.</li> 64 </ol> 65 <h4>Signing applications</h4> 66 <p>Use <code>build/tools/releasetools/sign_target_files_apks</code> to sign a <code>target_files</code> package. The <code>target_files</code> package isn't built by default, you need to make sure to specify the "dist" target when you call make. For example:</p> 67 <pre> 68 make -j4 PRODUCT-<product_name>-user dist 69 </pre> 70 <p>The command above creates a a file under <code>out/dist </code>called <code><product_name>-target_files.zip</code>. This is the file you need to pass to the <code>sign_target_files_apks</code> script.</p> 71 <p>You would typically run the script like this:</p> 72 <pre> 73 ./build/tools/releasetools/sign_target_files_apks -d vendor/<vendor_name>/security/<product_name> <product_name>-target_files.zip signed-target-files.zip 74 </pre> 75 <p>If you have prebuilt and pre-signed apk's in your build that you don't want re-signed, you must explicitly ignore them by adding <code>-e Foo.apk=</code> to the command line for each apk you wish to ignore.</p> 76 <p><code>sign_target_files_apks</code> also has many other options that could be useful for signing release builds. Run it with <code>-h</code> as the only option to see the full help.</p> 77 <h4>Creating image files</h4> 78 <p>Once you have <code>signed-target-files.zip</code>, create the images so you can put it onto a device with the command below:</p> 79 <pre> 80 build/tools/releasetools/img_from_target_files signed-target-files.zip signed-img.zip 81 </pre> 82 <p><code>signed-img.zip</code> contains all the <code>.img</code> files. You can use <code>fastboot update signed-img.zip</code> to use fastboot to get them on the device.</p> 83