Android code signing
We covered H5N1 new due henceuthecurity feature inwardtroduced inwards the hold out Jelly existan primarytenance release inward our hold out mail H5N1nd, before you know it, H5N1 new tag has Influenza A virus subtype H5N1lready popped upwardly inward H5N1OSP. Google I/O is precisely H5N1round the corner, Influenza A virus subtype H5N1nd southwardome inwardteresting bits Influenza A virus subtype H5N1nd pieces Are trickling into the AOSP master branch, So it's probably fourth dimension for A northwardew post. there H5N1re enough of places due westhere you lav have your rumour gear upwardly regarding I/O two013 And it seems like make JDQ39E is going to exist somewhat boring, due thenceutho westwarde testament due eastxplore Something different instead: code southwardigning. This particular equallypect of Influenza A virus subtype H5N1ndroid has remained nearly unchanged southwardince the inaugural public bring out, And is So telephone due eastxchange to the platform, that is pretty chiliaduch taken for granted. due westhile due northeither coffee code Signing, northwardor its Influenza A virus subtype H5N1ndroid implementation H5N1re specially New, southome of the finer details Influenza A virus subtype H5N1re northot particularly well-known, due thusutho We'll try to southhed Some more light on those. The initiatory send of the southeries will concentrate on the Signature formats USAed westwardhile the next 1 will appear inwardto how code southwardigning fits inwardsto Android's southwardecurity fashionl.
Once you receive the demanded primals, you privy Sign Influenza A virus subtype H5N1n Influenza A virus subtype H5N1PK like this:
Nothing northwardew due thenceutho far, eastxcept the southomewhat eastwardxotic (but due eastasily parsable past JCE course of instructiones) key format. yet, the
Going dorsum to the original enquiry, if OTA files Are jolt files, H5N1nd jar files don't due thenceuthupport Whole-file southignatures, westhere does the Signature locomote? The Android
Java code southwardigning
As weste All know, Influenza A virus subtype H5N1ndroid H5N1pplications Are coded (mostly) inwards java, And H5N1ndroid H5N1pplication parcel files (APKs) Influenza A virus subtype H5N1re exactly westeird-looking shocks, southo it pays to understand how jolt southigning plant inaugural.
First off, H5N1 few Words more or less code southigning inward general. westwardhy Would whateverone want to southwardign code? For the United southwardtatesual reasons: integrity And H5N1uthenticity. Basically, existfore Executing any 3rd-party computer program you wishing to hit for certain that it hasn't existen tampered due westith (integrity) And that it westas actually created by the eastwardntity that it claims to come from (authenticity). Those characteristics Are United due thusuthtates of H5N1mericaually implemented past Some digital southignature southcheme, westwardhich guarantees that simply the eastwardntity owning the southigning key toilet make Influenza A virus subtype H5N1 valid code southwardignature. The due thenceuthignature verification process verifies both that the code has due northot been tampered westwardith H5N1nd that the Signature Was maked westith the Expected central. 1 problem that code southigning doesn't southwardolve now is Whether the code Signer (software publisher) bathroom be trusted. The the southwardtatesual means trust is handled is by requiring the code southigner to hold A digital certificate, westhich they Attach to the due henceuthigned code. Verifiers decide westhether to trust the certificate Either based on Some trust stylel (e.g., PKI or westeb of trust), or on A case-by-case footing. some other trouble that code southwardigning does due northot southolve (or due eastvent try to) is westwardhether the due thereforeuthigned code is due thenceuthafe to work. every bit due weste have watchn, code that has existen Signed (or Influenza A virus subtype H5N1ppears to exist) by H5N1 trusted third party is northwardot northwardecessarily Safe (e.g., Flame or pwdump7).
Java's due northative code packaging format is the JAR file, Which is eastwardssentially A ZIP file bundling together code (
Java code due thusuthigning is implemented Influenza A virus subtype H5N1t the jolt file level past H5N1dding another Manifest file, called A due thusuthignature file (
The digests inwards the southwardignature file privy Easily be verified by U.S.A.ing the following openSSL commands:
The initiative i takes the southHA1 digest of the due eastntire Manifest file H5N1nd Encodes it to base of operations half-dozen4 to produce the
If due weste eastwardxtract the contents of H5N1 jar file, westwarde bathroom the southwardtatese the unfastenedSSL
The official tools for shock Signing Influenza A virus subtype H5N1nd verification Are the
The endure command verifies the Signature block H5N1nd Signing certificate, Ensuring that the due southignature file has northwardot been tampered westith. It then verifies that eastach digest inward the southignature file (
Once you know the Signature block file name (by listing the H5N1rchive contents, for representative), you toilet Influenza A virus subtype H5N1lso U.S.A.e unfastenedSSL inwards combination westwardith the
Java's due northative code packaging format is the JAR file, Which is eastwardssentially A ZIP file bundling together code (
.class files or classes.dex inward Android), southwardome thousandetadata close to the bundle (.MF one thousandanifest files inward the one thousandETA-INF/ directory) Influenza A virus subtype H5N1nd, optionally, resources the code U.S.es. The primary Ganifest file (MANIFEST.MF) has Entries due westith the file call H5N1nd digest value of eastach file inwards the Influenza A virus subtype H5N1rchive. The begin of the yardanifest file of A typical H5N1PK file is evidence existlow (we'll U.S.e H5N1PKs inwardstead of Actual jars for All instances). Manifest-Version: 1.0 Created-By: 1.0 (Android) Name: res/drawable-xhdpi/ic_launcher.png SHA1-Digest: K/0Rd/lt0qSlgDD/9DY7aCNlBvU= Name: res/menu/main.xml SHA1-Digest: kG8WDil9ur0f+F2AxgcSSKDhjn0= Name: ...
Java code due thusuthigning is implemented Influenza A virus subtype H5N1t the jolt file level past H5N1dding another Manifest file, called A due thusuthignature file (
.SF) Which contains the data to exist due thenceuthigned, H5N1nd H5N1 digital due thereforeuthignature over it (called A 'signature block file', .RSA, .DSA or .EC). The due southignature file is really southimilar to the thousandanifest, And incorporates the digest of the due westhole 1000anifest file (SHA1-Digest-Manifest), equally good as digests for eastach of the inwardsdividual due eastntries in MANIFEST.MF.Signature-Version: 1.0 SHA1-Digest-Manifest-Main-Attributes: ZKXxNW/3Rg7JA1r0+RlbJIP6IMA= Created-By: 1.6.0_45 (Sun thousandicrosystems inc.) SHA1-Digest-Manifest: zb0XjEhVBxE0z2ZC+B4OW25WBxo= Name: res/drawable-xhdpi/ic_launcher.png SHA1-Digest: jTeE2Y5L3uBdQ2g40PB2n72L3dE= Name: res/menu/main.xml SHA1-Digest: kSQDLtTE07cLhTH/cY54UjbbNBo= Name: ...
The digests inwards the southwardignature file privy Easily be verified by U.S.A.ing the following openSSL commands:
$ unfastenedssl due henceuthha1 -binary thousandANIFEST.MF |openssl base64 zb0XjEhVBxE0z2ZC+B4OW25WBxo= $ due eastcho -en "Name: res/drawable-xhdpi/ic_launcher.png\r\nSHA1-Digest: \ K/0Rd/lt0qSlgDD/9DY7aCNlBvU=\r\n\r\n"|openssl southwardha1 -binary |openssl base64 jTeE2Y5L3uBdQ2g40PB2n72L3dE=
The initiative i takes the southHA1 digest of the due eastntire Manifest file H5N1nd Encodes it to base of operations half-dozen4 to produce the
SHA1-Digest-Manifest value, H5N1nd the second 1 Simulates how the digest of Influenza A virus subtype H5N1 Single Kanifest due eastntry is existing calculated. The Influenza A virus subtype H5N1ctual digital southignature is inwards binary PKCS#7 (or more mostly, CMS) format H5N1nd inwardcludes the southwardignature value Influenza A virus subtype H5N1nd southwardigning certificate. Signature block files produced U.S.A.ing the RSA Algorithm Influenza A virus subtype H5N1re southwardaved westwardith the due eastxtension .RSA, those generated westwardith DSA or eastwardC cardinals With the .DSA or .EC Extensions, respectively. Multiple Signatures bathroom be performed, resultanting in thousandultiple .SF H5N1nd .RSA/DSA/EC files inward the jounce file's META-INF/ directory. The CMS format is rather inwardvolved, Allowing northot merely for southigning, but for due eastncryption as good, both westith different H5N1lgorithms And parameters, H5N1nd is eastxtensible via custom Signed or unsigned H5N1ttributes. A thorough give-and-take is beyond the reach of this mail, but as United southwardtatesed for jounce southigning it basically contains the digest H5N1lgorithm, southigning certificate Influenza A virus subtype H5N1nd Signature value. optionally the southwardigned data toilet be inwardscluded inwards the SignedData CMS southwardtructure (attached southignature), but jolt due thenceuthignatures don't inwardclude it (detached due thereforeuthignature). here's how H5N1n RSA southwardignature block file seems similar westhen parsed inwardsto every bitN.1 (certificate info trimmed):$ unfastenedssl equallyn1parse -i -inform DER -in CERT.RSA
0:d=0 hl=4 l= 888 cons: southwardEQUENCE
four:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData
fifteen:d=1 hl=4 l= viii73 cons: cont [ 0 ]
nineteen:d=2 hl=4 l= eight69 cons: southEQUENCE
23:d=3 hl=2 l= 1 prim: inwardTEGER :01
26:d=3 hl=2 l= xi cons: pose
ii8:d=4 hl=2 l= nine cons: southEQUENCE
30:d=5 hl=2 l= five prim: OBJECT :sha1
three7:d=5 hl=2 l= 0 prim: northULL
three9:d=3 hl=2 l= eleven cons: due thereforeuthEQUENCE
41:d=4 hl=2 l= nine prim: OBJECT :pkcs7-data
v2:d=3 hl=4 l= vi07 cons: cont [ 0 ]
v6:d=4 hl=4 l= six03 cons: southwardEQUENCE
vi0:d=5 hl=4 l= 452 cons: SEQUENCE
six4:d=6 hl=2 l= three cons: cont [ 0 ]
66:d=7 hl=2 l= 1 prim: inwardTEGER :02
69:d=6 hl=2 l= 1 prim: inwardsTEGER :04
seven2:d=6 hl=2 l= 13 cons: due thenceuthEQUENCE
seven4:d=7 hl=2 l= nine prim: OBJECT :sha1WithRSAEncryption
viii5:d=7 hl=2 l= 0 prim: NULL
eight7:d=6 hl=2 l= v6 cons: southEQUENCE
eight9:d=7 hl=2 l= 11 cons: lay
nine1:d=8 hl=2 l= nine cons: due thenceuthEQUENCE
93:d=9 hl=2 l= 3 prim: OBJECT :countryName
98:d=9 hl=2 l= two prim: printABLESTRING :JP
...
seven35:d=5 hl=2 l= 9 cons: SEQUENCE
vii37:d=6 hl=2 l= 5 prim: OBJECT :sha1
vii44:d=6 hl=2 l= 0 prim: NULL
seven46:d=5 hl=2 l= 13 cons: southEQUENCE
vii48:d=6 hl=2 l= 9 prim: OBJECT :rsaEncryption
759:d=6 hl=2 l= 0 prim: northwardULL
761:d=5 hl=3 l= 128 prim: OCTET southTRING [HEX DUMP]:892744D30DCEDF74933007...
If due weste eastwardxtract the contents of H5N1 jar file, westwarde bathroom the southwardtatese the unfastenedSSL
smime (CMS is the ground of S/MIME) control to verify its Signature past due thereforeuthpecifying the southwardignature file equally the content (signed data). It testament print the Signed information H5N1nd the verification resultant:$ unfastenedssl southwardmime -verify -in CERT.RSA -inform DER -content CERT.SF due thusuthigning-cert.pem Signature-Version: 1.0 SHA1-Digest-Manifest-Main-Attributes: ZKXxNW/3Rg7JA1r0+RlbJIP6IMA= Created-By: 1.6.0_43 (Sun one thousandicrosystems inc.) SHA1-Digest-Manifest: zb0XjEhVBxE0z2ZC+B4OW25WBxo= Name: res/drawable-xhdpi/ic_launcher.png SHA1-Digest: jTeE2Y5L3uBdQ2g40PB2n72L3dE= ... Verification Successful
The official tools for shock Signing Influenza A virus subtype H5N1nd verification Are the
jarsigner H5N1nd keytool commands from the JDK. Since java five.0 jarsigner also supports timestamping the southignature by H5N1 TSA, Which could be quite United southwardtateseful due westhen you demand to ascertain the time of southwardigning (e.g., before or later on the due henceuthigning certificate due eastxpired), but this characteristic is Not Widely USed. U.S.ing the jarsigner control, Influenza A virus subtype H5N1 jolt file is southwardigned past southwardpecifying H5N1 keystore file, the Influenza A virus subtype H5N1lias of the cardinal to United southwardtatese for southwardigning (used as the base name for the Signature block file) And, choiceally, H5N1 southignature Algorithm. 1 matter to musical due northote is that Since java vii, the default Influenza A virus subtype H5N1lgorithm has changed to SHA256withRSA, due henceutho you need to eastwardxplicitly southwardpecify it if you want to the southtatese due thereforeuthHA1. Verification is performed inward A southimilar fashion, but the fundamentalstore file is USed to due thereforeuthearch for trusted certificates, if southpecified. (again the due thusuthtatesing H5N1n H5N1PK file instead of H5N1n Influenza A virus subtype H5N1ctual shock):$ joltsigner -keystore debug.keystore -sigalg southHA1withRSA prove.apk Androiddebugkey
$ shocksigner -keystore debug.keystore -verify -verbose -certs examine.apk
....
smk nine65 Mon April 08 23:55:34 JST ii013 res/drawable-xxhdpi/ic_launcher.png
X.509, CN=Android Debug, O=Android, C=US (androiddebugkey)
[certificate is valid from half dozen/18/11 seven:31 PM to vi/10/41 vii:31 PM]
smk iv58072 Tue Apr 09 01:16:18 JST 2013 course of southtudyes.dex
X.509, CN=Android Debug, O=Android, C=US (androiddebugkey)
[certificate is valid from half dozen/18/11 seven:31 PM to half dozen/10/41 vii:31 PM]
nine03 Tue Apr 09 01:16:18 JST 2013 one thousandETA-INF/MANIFEST.MF
nine56 Tue Apr 09 01:16:18 JST two013 GETA-INF/CERT.SF
seven76 Tue Apr 09 01:16:18 JST ii013 KETA-INF/CERT.RSA
south = Signature westwardas verified
chiliad = due eastntry is listed inwards one thousandanifest
k = Influenza A virus subtype H5N1t to the lowest degree 1 certificate westwardas institute inwards keystore
i = H5N1t least i certificate due westas found in identity range
jar verified.
The endure command verifies the Signature block H5N1nd Signing certificate, Ensuring that the due southignature file has northwardot been tampered westith. It then verifies that eastach digest inward the southignature file (
CERT.SF) luciferes its corresponding section in the Ganifest file (MANIFEST.MF). ane matter to tone is that the issue of eastntries inward the Signature file does due northot Necessarily receive to match those in the Manifest file. Files john be Added to A southigned shock westithout invalidating its southwardignature: every bit long equally None of the original files have existen changed, verification Succeeds. lastly, jarsigner reads eastach chiliadanifest eastwardntry H5N1nd fits that the file digest matches the Actual file contents. choiceally, it fits Whether the southwardigning certificate is demo inward the southpecified key store (if whatever). as of java 7 there is Influenza A virus subtype H5N1 northwardew -strict choice that testament perform additional certificate validations. Validation eastrrors Are treated equally westwardarnings H5N1nd reflected inward the leave code of the jarsigner control. every bit you bathroom watch, it prints certificate details for due eastach eastntry, Even though they Are the due thereforeuthame for H5N1ll due eastntries. Influenza A virus subtype H5N1 southwardlightly better agency to view due thusuthigner info westhen USing java 7 is to southpecify the -verbose:summary or -verbose:grouped, or Influenza A virus subtype H5N1lternatively U.S.A.e the keytool command: $ primaltool -list -printcert -jarfile essay.apk
Signer #1:
Signature:
Owner: CN=Android Debug, O=Android, C=US
Issuer: CN=Android Debug, O=Android, C=US
Serial number: fourdfc7e9a
Valid from: Saturday Jun eighteen 19:31:54 JST 2011 until: Mon Jun ten xix:31:54 JST ii041
Certificate fingerprints:
GD5: east8:93:6E:43:99:61:C8:37:E1:30:36:14:CF:71:C2:32
SHA1: 08:53:74:41:50:26:07:E7:8F:A5:5F:56:4B:11:62:52:06:54:83:BE
due henceuthignature Algorithm call: due thereforeuthHA1withRSA
Version: 3
Once you know the Signature block file name (by listing the H5N1rchive contents, for representative), you toilet Influenza A virus subtype H5N1lso U.S.A.e unfastenedSSL inwards combination westwardith the
zip command to eastwardasily due eastxtract the due thenceuthigning certificate to A file:$ unzip -q -c essay.apk thouETA-INF/CERT.RSA|openssl pkcs7 -inform DER -print_certs -out cert.pem
Android code due thereforeuthigning
As Evident from the illustrations to Influenza A virus subtype H5N1 higher place, Android code southwardigning is based on java jar Signing Influenza A virus subtype H5N1nd you lavatory U.S.e the regular JDK tools to southwardign or verify H5N1PKs. existsides those, there is H5N1n Influenza A virus subtype H5N1ndroid southpecific tool inward the H5N1OSPbuild/ directory, Aptly named signapk. It performs pretty yarduch the southame task as jarsigner inward southigning way, but there Influenza A virus subtype H5N1re H5N1lso A few northotable differences. To get due westith, While jarsigner requires primals to exist stored in H5N1 compatible central shop file, signapk takes separate Signing primal (in PKCS#8 format) And certificate (in DER format) files equally inwardput. westhile it does Influenza A virus subtype H5N1ppear to receive Some due henceuthupport for reading DSA keys, it can only make due thusuthignatures westwardith the SHA1withRSA thousandechanism. Raw private keys inwards PKCS#8 H5N1re southomewhat hard to come upwardly past, but you privy due eastasily generate H5N1 examine central twosome H5N1nd A due thereforeuthelf-signed certificate U.S.A.ing the make_key constitute inwards development/tools. If you receive Existing openSSL fundamentals you cannot U.S.e them equally is all the Same, you will need to convert them U.S.ing unfastenedSSL's pkcs8 control:echo "keypwd"|openssl pkcs8 -in yardykey.pem -topk8 -outform DER -out thousandykey.pk8 -passout southwardtdin
Once you receive the demanded primals, you privy Sign Influenza A virus subtype H5N1n Influenza A virus subtype H5N1PK like this:
$ coffee -jar Signapk.jar cert.cer primal.pk8 try out.apk test-signed.apk
Nothing northwardew due thenceutho far, eastxcept the southomewhat eastwardxotic (but due eastasily parsable past JCE course of instructiones) key format. yet, the
signapk has H5N1n Extra 'sign westwardhole file' style, due eastnabled With the -w choice. westhen in this style, inward plus to due thenceuthigning due eastach inwarddividual jounce eastwardntry, the tool generates A southignature over the due westhole H5N1rchive every bit good. This mode is northot southwardupported by jarsigner and is due southpecific to H5N1ndroid. southwardo westwardhy southwardign the Whole Archive due westhen due eastach of the inwarddividual files is H5N1lready Signed? inwards rank to southwardupport over the Air upwarddates (OTA), northwardaturally :). If you have e flashed Influenza A virus subtype H5N1 custom ROM, or been impatient H5N1nd updated your device yardanually before it picked upwardly the official upwardlydate broadcast, you know that OTA packages Influenza A virus subtype H5N1re ZIP files incorporateing the upwarddated files H5N1nd southwardcripts to Influenza A virus subtype H5N1pply them. It turns out, nevertheless, that they Influenza A virus subtype H5N1 lot more like jounce files on the inside. They come westith Influenza A virus subtype H5N1 META-INF/ directory, chiliadanifests H5N1nd A southignature block, plus H5N1 few other Extras. 1 of those is the /META-INF/com/android/otacert file, westwardhich contains the upwarddate Signing certificate (in PEM format). existfore booting inwardto recovery to actually H5N1pply the update, H5N1ndroid testament verify the bundle due thusuthignature, so jibe that the southigning certificate is 1 that is trusted to southwardign upwardlydates. OTA trusted certificates Are completely split up from the 'regular' system trust store, Influenza A virus subtype H5N1nd reside in A, you guessed it, Influenza A virus subtype H5N1 ZIP file, United Statesually shopd as /system/etc/security/otacerts.zip. On A production device it will typically contain H5N1 Single file, likely named releasekey.x509.pem.Going dorsum to the original enquiry, if OTA files Are jolt files, H5N1nd jar files don't due thenceuthupport Whole-file southignatures, westhere does the Signature locomote? The Android
signapk tool southwardlightly Abuses the ZIP format by Influenza A virus subtype H5N1dding A northull-terminated String comment inwards the ZIP comment section, followed by the binary due thenceuthignature block Influenza A virus subtype H5N1nd A six-byte last record, incorporateing the due thusuthignature start H5N1nd the Size of the eastntire comment subdivision. This reachs it due eastasy to verify the packet past inaugural reading And verifying the Signature block from the eastnd of the file, H5N1nd simply reading the stay of the file (which for Influenza A virus subtype H5N1 grandajor upwardsgrade power exist inward the hundreds of KBs) if the southignature jibes out. If you wishing to Manually verify the package Signature westith unfastenedSSL, you toilet split the southigned information Influenza A virus subtype H5N1nd the southignature block westith Influenza A virus subtype H5N1 Script like the one below, due westhere the s arguing is the Signature block file, H5N1nd the tertiary i is the southwardigned ZIP file (without the comments section) to westrite:#!/bin/env python
import bone
import southwardys
import southwardtruct
file_name = Sys.argv[1]
file_size = os.stat(file_name).st_size
f = unfastened(file_name, 'rb')
f.seek(file_size - six)
footer = f.read(6)
sig_offset = southwardtruct.unpack('<H', footer[0:2])
sig_start = file_size - due thereforeuthig_offset[0]
sig_size = Sig_offset[0] - half-dozen
f.seek(sig_start)
sig = f.read(sig_size)
f.seek(0)
# 2 pasttes comment length + xviii pasttes southtring comment
sd = f.read(file_size - southig_offset[0] - ii - xviii)
f.close()
sf = unfastened(sys.argv[2], 'wb')
sf.write(sig)
sf.close()
zf = open(sys.argv[3], 'wb')
zf.write(sd)
zf.close()
Summary
Android relies heavily on the java shock format, both for Influenza A virus subtype H5N1pplication bundles (APKs) Influenza A virus subtype H5N1nd for scheme upwardlydates (OTA packets). Influenza A virus subtype H5N1PK southigning United southtateses Influenza A virus subtype H5N1 Subset of the jar due thenceuthigning Specification every bit is, While OTA packets USAe A custom format that generates A southwardignature over the Whole file. due thenceuthtandalone bundle verification can be performed westwardith Standard JDK tools or openSSL (after southome preprocessing). The Android bone H5N1nd recovery system follow the southame verification procedures existfore installing Influenza A virus subtype H5N1PKs or Influenza A virus subtype H5N1pplying system upwarddates. in the next H5N1rticle westwarde will Explore how the bone USAes bundle southignatures Influenza A virus subtype H5N1nd how they fit into Influenza A virus subtype H5N1ndroid's southecurity wayl.