apkverifier icon indicating copy to clipboard operation
apkverifier copied to clipboard

Published 20 hours ago verified publisher icon avast

APK Signature Scheme v4 Support

Open giladreich opened this issue 3 years ago • 0 comments

Hi and thanks for the excellent library!

Are there any future plans adding support for Signature v4 scheme? It's a file based signature that can be bundled within an XAPK archive before release.

Here are some simple steps to reproduce V4 signed APK:

  1. Compile an APK with compileSdk 31 and targetSdk 31 and minSdk 21
  2. Sign the APK with the following command:
apksigner sign -v --ks /path/to/release.keystore --ks-pass pass:123456 --v4-signing-enabled true --v3-signing-enabled true --v2-signing-enabled true --v1-signing-enabled true --out v4-signed.apk app-release-unsigned.apk
  1. The previous command will generate two files; v4-signed.apk and v4-signed.apk.idsig. To verify that signature is correct, use apksigner with the following command:
apksigner verify -v -print-certs -v4-signature-file v4-signed.apk.idsig v4-signed.apk

The output of [3] should be:

Verifies
Verified using v1 scheme (JAR signing): true
Verified using v2 scheme (APK Signature Scheme v2): true
Verified using v3 scheme (APK Signature Scheme v3): true
Verified using v4 scheme (APK Signature Scheme v4): true

Happy to help if there are any questions.

Kind regards, Gilad

giladreich avatar Oct 28 '21 13:10 giladreich