Android的开发工具：Keytool，创建密钥库？

问题描述

我想prepare我的应用程序在谷歌电子市场，但它证明了很多更具挑战性超过预期。我似乎无法把握签署应用程序的整个概念，但更具体的我的问题是，我已经安装了密钥工具的Eclipse插件，但是当我想创建一个证书，它要求我选择一个密钥库（输入文件名和密钥库密码），我不明白我应该进入一个文件，因为它实际上希望我通过浏览以及如何进行文件的导出选择文件，谷歌已经黯然不拿出非常好的或明确的答案

I am trying to prepare my app for the google market, but it is proving a lot more challenging than expected. I cannot seem to grasp the whole concept of signing the app, but to be more specific my problem is that I have installed the keytool plugin for eclipse, but when I want to create a certificate it asks me to select a keystore (Enter the filename and keystore password), I don't understand what I am supposed to enter as a file, because it actually wants me to select the file through browse and how do I proceed with the exporting of the file, Google has sadly not come up with very good or clear answers

推荐答案

您需要为您创建一个新的情况下，新的密钥存储文件提供位置和文件名。另外，您也可以选择使用现有密钥库，并浏览到现有的密钥存储文件的位置。照片

You need to provide location and filename for your new keystore file in case you are creating a new one. Alternatively, you could choose "use existing keystore" and browse to existing keystore file location.

修改：我想我会提供详细的回答。希望这个信息将是有益的。

Edit: I thought I would provide elaborate answer. Hope this info would be useful.

使用Android上的APK签名机制就是一个例子使用数字签名的的应用字节code和应用程序的资源，以确保：

The apk signature mechanism used by android is an example usage of digital signature applied to bytecode and resources of the application to ensure :

要更好地理解数字签名我建议你也可以通过的公钥加密。

To better understand digital signature I suggest you also skim through public-key cryptography.

Android使用用于标准的Java应用程序签名/验证相同的标准JDK工具：

Android uses same standard JDK tools used for signature/verification of standard java apps:

在与的jarsigner 或导出手动登录应用程序中使用你的IDE（使用密钥工具并签名的申请的jarsigner 引擎盖反正）下，然后你可以找到放置在你签订META-INF 目录。 APK存档：

After you sign your application manually with jarsigner or export signed application using your IDE (which uses keytool and jarsigner under the hood anyway), you can then locate signature-related files placed in META-INF directory of your signed .apk archive :

本文很好的介绍您需要按照步骤

This article very well describes steps you need to follow.

注意：请考虑，然后再开始签署重要pre释放步骤：登录/关键字符串去除，用混淆的 ProGuard的等。

Note: Please consider important pre-release steps before you proceed with signing : logs/ critical string literals removal, obfuscation with proguard, etc.

下面我将提供一些关键点的过程：

Below I will provide some key points for the process :

这可能需要创建密钥库首先，如果你没有一个。当创建密钥库你需要创建密钥存储密码，用于确保的完整性密钥库数据（也就是你会被警告，你的密钥库后，有人篡改了 - 你不都具有一个添加新的证书的话）。实际上，如果你把你的密钥库文件安全这个密码是不是超级至关重要。你可以脱身，如果你忘记的一天。

This may require creating keystore first if you don't have one. When creating keystore you need to create Keystore password, that is used to ensure integrity of keystore data (i.e. you will be warned that your keystore is tampered with after someone - not you -has added new certificate to it). Practically, this password is not super crucial if you keep your keystore file safe. You can get away if you forget it some day.

在生成私钥，你也将被要求创建 PrivateKey密码将用于加密您密钥库里面的私钥。 这是你需要保持，因为它确保了非常重要的密码

When generating private key, you will be also asked to create PrivateKey password that will be used to encrypt your private key inside the keystore. This is the very important password you need to keep as it ensures

当您生成在Eclipse中新的私钥，你也将被要求提供用于创建自签名证书身份信息。

When you generate your new private key in Eclipse, you will also be asked to provide identity information that is used to create your self-signed certificate.

作为下一步的私钥从指定的密钥库文件将被用来签署应用程序和 .apk文件将与签名相关的文件进行更新上面的解释。

As the next step your private key from specified keystore file will be used to sign the application and your .apk will be updated with signature-related files explained above.

密钥库只是一个单一的二进制文件保存在一个特定的格式，你的私钥/证书列表。它是通过编程访问使用由 KeyStore.java 。你的密钥库可以包含多个密钥条目，每个条目确定其别名。 在大多数情况下，你的密钥库将与单个自签名证书匹配该私钥单独一个私有密钥。

Keystore is simply a single binary file keeping list of your private keys / certificates in a specific format. It is programmatically accessible using API provided by KeyStore.java. Your keystore can contain multiple private key entries, each identified by its alias. In majority of cases your keystore will have single private key with single self-signed certificate matching this private key.

密钥存储密码用于密钥存储内容的完整性检查。 如果您丢失此密码，但你仍然有密码的私钥存放在里面，你可以克隆密钥库，并通过运行以下CMD提供了新的密钥库密码：

Keystore password is used for integrity check of the keystore content. If you loose this password, but you still have password for private key stored inside, you can "clone" your keystore and provide new keystore password by running the following cmd:

密钥工具-importkeystore -srckeystore   路径/到/密钥库/带/忘记/ PW -destkeystore   路径/要/我的/新/密钥库

keytool -importkeystore -srckeystore path/to/keystore/with/forgotten/pw -destkeystore path/to/my/new/keystore

提供新的密码，并保留旧密钥库密码为空 - 你只会得到警告。然后，您可以使用新的密钥库和摆脱旧的。 还有，你可以检索你不使用存储密码的私钥等方式。

provide new password, and leave old keystore password blank - you will only get warning. You can then use your new keystore and get rid of old one. There are other ways you can retrieve your private key without using keystore password.

私钥密码 - 保护（通过加密）私钥 密钥存储在。这是非常重要的，因为它可以让你访问你的私钥，除其他事项外，请为您的应用程序更新。它通常是很难恢复的。

Private key password - protects(by encrypting) private key inside keystore. It is extremely important as it allows you to access your private key to, among other things, sign updates for your application. It is generally very hard to recover it.

自签名ceritificate - 很简单的证明您的身份（姓名/组织/电子邮件）绑定到你的公钥。签约操作，将被用于用户的设备上，以验证过程中，此证书被添加到 .apk文件文件 .apk文件安装前

Self-signed ceritificate - very simple certificate binding your identity(name/organization/email) to your public key. This certificate is added to .apk file during signing operation and will be used on user's device to verify .apk before installation.