12
May
2023
11:28

How to check the electronic signature of the APK file?

12 May 2023 11:28

Programs for Android smartphones are distributed as APK files not only through applications stores, but also from various sites. To ensure integrity and authorship, the developer signs the APK files of his EDS. How to manually check the electron-digital signature of the APK file in Linux?

1) Download the Command Tools Only archive from the Android Studio package

https://developer.android.com/studio - downloads

On the page search, we are looking for the "Command Line Tools Only" .

In it we are interested in the archive with the SDK Tools package for the Linux command line:

  • CommandLinetools-linux ... Latest.zip

2) remove the archive with ways, for example, to the ~ android folder

Go to the CMDLINE-TOOLS/BIN folder:

cd ~/android/cmdline-tools/bin

3) Launch the terminal. In it using the utility sdkmanager We find out the latest version of the command line programs for building packages (it contains an ACP check program.

./sdkmanager --list --sdk_root='' | grep build

где --list - команда вывода списка доступных версий SDK, --sdk_root='' - путь к Android Studio пустой, т.к. у меня Андроид Студия не установлена.

4) Read the latest version of the Build-Tools package from the screen, for example, 33. Copy a line into the exchange buffer.

5) Based on paragraph 4, form and execute the command:

./sdkmanager "build-tools;33.0.2" --sdk_root=''

Take the terms of the license.

Build-Tools programs will be installed in the Build-Tools/ version number of the version,
for example: Build-Tools/33.0.2.

6) Go to the "Build-Tools / version number" folder.

cd build-tools/33.0.2

or by the full path

cd ~/android/cmdline-tools/bin/build-tools/33.0.2

7) using the script apksigner Check the electronic-digital signature of the APK file:

./apksigner verify -v --print-certs ~/folder/file.apk

Where ~/folder/file.apk is the path to the APK file, from which we want to check the EDS.

For the convenience of reading from the file, not from the screen, you can display the result of the check to the file on the disk, by redirecting the console output.

./apksigner verify -v --print-certs ~/folder/file.apk > ~/signs.txt

Source:

*How to Manully Verify APK Signatures and Compare Signing Keys



Related publications

Languages

Theme

RSS feeds

Atom 1.0 RSS

Popular tags

Random post

I'll be lucky!

Archive of posts

Search on Site

Weather forecast