我试图用apksigner验证最新的Gmail应用程序(版本8.11.25.224)的签名,但失败了。
我用了:apksigner verifiy --verbose --print-certs <apk.file>
结果是:
DOES NOT VERIFY
ERROR: APK Signature Scheme v2 signer #1 Malformed additional attribute #1
我正在寻找一个解释为什么会发生这种情况,但找不到解决此问题的任何方法。我做了一些实验,如果将
--min-sdk-version 28添加到apksigner命令的选项中,则结果为:Verified using v1 scheme (JAR signing): false
Verified using v2 scheme (APK Signature Scheme v2): false
Number of signers: 1
Signer #1 certificate DN: CN=Android, OU=Android, O=Google Inc., L=Mountain View, ST=California, C=US
Signer #1 certificate SHA-256 digest: f0fd...
Signer #1 certificate SHA-1 digest: 3891...
Signer #1 certificate MD5 digest: cde9...
Signer #1 key algorithm: RSA
Signer #1 key size (bits): 2048
Signer #1 public key SHA-256 digest: 2b06...
Signer #1 public key SHA-1 digest: b2da...
Signer #1 public key MD5 digest: a90c...
而且,如果您使用jarsigner工具,则结果为:
WARNING:
This jar contains entries whoes certificate chain is invalid.
Reason: PKIX path bulding failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signers certificate's expiration date (2036-01-08) or after any future revocation date.
使用
-verbose和-certs选项重新运行以获取更多详细信息。我上传了我的Gmail APK文件。 最佳答案
在验证使用v3签名方案签名的APK的签名时,apksigner中存在两个错误。下一版本的apksigner应该修复了这两个问题。