CN117077090B - Application signature method, device, equipment and storage medium - Google Patents
Application signature method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN117077090B CN117077090B CN202311347086.0A CN202311347086A CN117077090B CN 117077090 B CN117077090 B CN 117077090B CN 202311347086 A CN202311347086 A CN 202311347086A CN 117077090 B CN117077090 B CN 117077090B
- Authority
- CN
- China
- Prior art keywords
- key
- application
- signature
- installation package
- change
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 48
- 238000009434 installation Methods 0.000 claims abstract description 114
- 230000008859 change Effects 0.000 claims abstract description 99
- 238000013507 mapping Methods 0.000 claims description 14
- 238000012790 confirmation Methods 0.000 claims description 11
- 238000004590 computer program Methods 0.000 claims description 9
- 230000008569 process Effects 0.000 description 7
- 230000004048 modification Effects 0.000 description 6
- 238000012986 modification Methods 0.000 description 6
- 238000012545 processing Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 101100264195 Caenorhabditis elegans app-1 gene Proteins 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/123—Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/61—Installation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Remote Sensing (AREA)
- Radar, Positioning & Navigation (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Stored Programmes (AREA)
Abstract
The present disclosure relates to an application signature method, apparatus, device, and storage medium, the method comprising: pairing the first key with the second key; signing an installation package of an application signed by the first key with the second key for the first time; pushing the installation package after the first change signature of the application to user equipment so that the user equipment updates the application based on the installation package after the first change signature; pairing the second key with the third key; carrying out second-time change signature on the installation package subjected to the first-time change signature of the application by using the third key; pushing the installation package after the second change signature of the application to the user equipment, so that the user equipment updates the application again based on the installation package after the second change signature. The method and the device can realize safe update of the application signature under the condition of not unloading the old application by setting the shared secret key and performing twice re-signing.
Description
Technical Field
The disclosure relates to the technical field of application programs, and in particular relates to an application signature method, an application signature device, application signature equipment and a storage medium.
Background
The terminal equipment is provided with a plurality of preset system applications, wherein one part of the system applications are developed and maintained by terminal manufacturers, and the other part of the system applications are outsourced to third-party suppliers for charge, but when leaving the factory, all the system applications adopt system signatures and have the highest-level system authority. In order to ensure the running safety of the terminal, for the system application responsible for the third party provider, the system signature needs to be replaced by the third party provider signature to realize rights recovery and control, but because the protection level of the signing keys used by the terminal manufacturer and the third party provider is very high, the other party cannot be informed to directly complete re-signing, the application signature is required to be changed, only the old version application using the system signature can be unloaded first, and then the new version application using the third party provider signature is installed, so that the user operation is very inconvenient. Therefore, how to implement secure updates to application signatures without uninstalling old applications is a technical problem that needs to be solved.
Disclosure of Invention
In order to solve the technical problems, the present disclosure provides an application signature method, an application signature device and a storage medium.
A first aspect of an embodiment of the present disclosure provides an application signing method, which is applicable to an application management system, including:
pairing the first key with the second key;
signing an installation package of an application signed by the first key with the second key for the first time;
pushing the installation package after the first change signature of the application to user equipment so that the user equipment updates the application based on the installation package after the first change signature;
pairing the second key with the third key;
carrying out second-time change signature on the installation package subjected to the first-time change signature of the application by using the third key;
pushing the installation package after the second change signature of the application to the user equipment, so that the user equipment updates the application again based on the installation package after the second change signature.
Optionally, the pairing the first key and the second key includes:
a first party generates a first relationship chain based on the first key and the second key;
said pairing said second key and third key comprising:
the second party generates a second relationship chain based on the second key, the third key, and the first relationship chain.
Optionally, the first relation chain is a binary file for storing a mapping relationship between the first key and the second key, and the second relation chain is a binary file for storing a mapping relationship between the second key and the third key.
Optionally, the first party generates a first relationship chain based on the first key and the second key, including:
the first party generates the first relation chain based on the first key and the second key according to a signature rotation instruction;
the second party generates a second relationship chain based on the second key, the third key, and the first relationship chain, including:
the second party generates the second relation chain based on the second key, the third key and the first relation chain according to a signature rotation instruction.
Optionally, pushing the installation package after the first change signature of the application to the user equipment includes:
determining that a confirmation update instruction fed back by the application in the user equipment is received;
pushing the installation package after the first signature change of the application to the user equipment;
and/or:
pushing the installation package after the first change signature of the application to an application installation program in the user equipment.
Optionally, the first key is owned by the first party, the third key is owned by the second party, and the second key is shared by the first party and the second party.
Optionally, the first party is one of a terminal manufacturer and an application provider, and the second party is a party different from the first party among the terminal manufacturer and the application provider.
A second aspect of the embodiments of the present disclosure provides an application signing device, which is applicable to an application management system, including:
the first pairing module is used for pairing the first key and the second key;
a first re-signing module, configured to perform a first modification signature on an installation package of an application signed by the first key with the second key;
the first pushing module is used for pushing the installation package after the first change signature of the application to the user equipment so that the user equipment updates the application based on the installation package after the first change signature;
a second pairing module for pairing the second key and the third key;
the second re-signing module is used for carrying out second-time change signing on the installation package subjected to the first-time change signing of the application by using the third key;
and the second pushing module is used for pushing the installation package after the second change signature of the application to the user equipment so that the user equipment updates the application again based on the installation package after the second change signature.
A third aspect of the disclosed embodiments provides a computer device comprising a memory and a processor, and a computer program, wherein the memory stores the computer program, which when executed by the processor, implements an application signing method as in the first aspect described above.
A fourth aspect of the embodiments of the present disclosure provides a computer-readable storage medium having a computer program stored therein, which when executed by a processor, implements an application signing method as in the first aspect described above.
Compared with the prior art, the technical scheme provided by the embodiment of the disclosure has the following advantages:
in the application signing method, the device, the equipment and the storage medium provided by the embodiment of the disclosure, by pairing the first key with the second key, the installation package of one application signed by the first key is signed by the second key, and the installation package of the application after the first change is pushed to the user equipment, so that the user equipment updates the application based on the installation package after the first change, pairs the second key with the third key, carries out the second change on the installation package of the application after the first change is signed by the third key, and pushes the installation package of the application after the second change is signed to the user equipment, so that the user equipment can update the application again based on the installation package after the second change is signed, and can update the application signature without unloading the old application when the application signature needs to be updated from one private key to another private key, so that the user operation is more convenient, and meanwhile, the application data can be kept, and the user experience is improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the principles of the disclosure.
In order to more clearly illustrate the embodiments of the present disclosure or the solutions in the prior art, the drawings that are required for the description of the embodiments or the prior art will be briefly described below, and it will be obvious to those skilled in the art that other drawings can be obtained from these drawings without inventive effort.
FIG. 1 is a flow chart of an application signature method provided by an embodiment of the present disclosure;
FIG. 2 is a flow chart of another application signature method provided by an embodiment of the present disclosure;
fig. 3 is a schematic structural diagram of an application signature device according to an embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of a computer device according to an embodiment of the present disclosure.
Detailed Description
In order that the above objects, features and advantages of the present disclosure may be more clearly understood, a further description of aspects of the present disclosure will be provided below. It should be noted that, without conflict, the embodiments of the present disclosure and features in the embodiments may be combined with each other.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present disclosure, but the present disclosure may be practiced otherwise than as described herein; it will be apparent that the embodiments in the specification are only some, but not all, embodiments of the disclosure.
It should be understood that the various steps recited in the method embodiments of the present disclosure may be performed in a different order and/or performed in parallel. Furthermore, method embodiments may include additional steps and/or omit performing the illustrated steps. The scope of the present disclosure is not limited in this respect.
Fig. 1 is a flowchart of an application signing method provided in an embodiment of the present disclosure, which is applicable to an application management system and may be executed by an application signing device. As shown in fig. 1, the application signing method provided in this embodiment includes the following steps:
s101, pairing the first key and the second key.
The key in the embodiment of the present disclosure may be understood as a key used for signing an installation package of an application, and by way of example, the type of the key may be jks format, keyore format, peme format, etc., without limitation, and the first key and the second key are different signing keys, where the first key may be a signing key originally used by the installation package of the application, and the second key may be a key previously generated and used after signing the first change.
In the embodiment of the disclosure, the application signing device may pair the first key and the second key, and establish a correspondence between the first key and the second key.
In an exemplary implementation manner of the disclosed embodiment, the application signing device may obtain a signature key originally used by an installation package of an application, determine the signature key as a first key, and regenerate a second key used after the signature is changed for the first time, where the second key may be generated according to a preset key information item, such as an algorithm type, a key validity period, a password, an organizer name, organization information, a city, and the like, according to a key generation standard, a generating tool may be an Android Studio, a make_key, an opensl, and the like, and after obtaining the first key and the second key, pair the first key and the second key.
In another exemplary implementation of the embodiment of the present disclosure, the application signing device may establish a mapping relationship between the first key and the second key after obtaining the first key and the second key, and store the mapping relationship in a file.
In yet another exemplary implementation of the disclosed embodiments, the application signing device may pair the first key with the second key using an apksigner tool after obtaining the first key and the second key.
S102, carrying out first-time change signature on an installation package of one application signed by the first key by using the second key.
In this embodiment of the present disclosure, after the pairing of the first key and the second key is completed, the application signing device may perform a first change signing process on the installation package of the application based on the mapping relationship between the first key and the second key, and the first key used by the installation package of the application and the second key used by the target, so that the signing key used by the installation package of the application is changed from the first key to the second key.
In an exemplary implementation manner of the disclosed embodiment, the application signing device may perform, after completing pairing of the first key and the second key, a first change signature on an installation package of the application by using an apksigner tool, and specifically may use a sign command in the apksigner tool to perform a change signature process on the installation package signed by using the first key based on the first key, the second key, and a mapping relationship between the first key and the second key generated after pairing, to obtain the installation package signed by using the second key.
And S103, pushing the installation package after the first change signature of the application to the user equipment so that the user equipment updates the application based on the installation package after the first change signature.
The user device in the embodiments of the present disclosure may be understood as a user device in which the application requiring signature modification is installed, and by way of example, the user device may include a mobile phone, an electronic computer, a smart watch, a media player, etc., which is not limited herein.
In the embodiment of the disclosure, the application signing device may push the installation package after the first change signing to the user equipment installed with the application after the first change signing is completed on the installation package of the application, so that the user equipment updates the corresponding application after receiving the installation package after the first change signing.
In an exemplary implementation manner of The embodiment of The present disclosure, after The application signing device completes The first change signing processing on The installation package of The application, the installation package of The application that has been put on shelf in The application store is replaced with The installation package signed by The second key after The first change signing, and for The user equipment that has installed The application, the installation package after The first change signing may be pushed by an Over The Air (OTA) technology, so that after The user equipment receives The installation package after The first change signing, the user equipment performs coverage update that is not perceived by The user.
S104, pairing the second key and the third key.
The third key in the embodiments of the present disclosure may be understood as a signing key that is ultimately to be used by the installation package of the application.
In the embodiment of the present disclosure, the application signing device may pair the second key and the third key, and establish a mapping relationship between the second key and the third key, and the specific pairing method is similar to S101 and will not be described herein.
In an exemplary implementation manner of the embodiment of the present disclosure, the application signing device may generate the third key, and the specific generating method is similar to S101, which is not described herein.
S105, carrying out second-time modification signature on the installation package subjected to the first-time modification signature on the application by using the third key.
In this embodiment of the present disclosure, after the pairing of the second key and the third key is completed, the application signing device may perform a second signature changing operation on the installation package based on the mapping relationship between the second key and the third key, the second key used by the installation package of the application after the first signature changing and the third key used by the target, so that the signing key used by the installation package of the application is changed from the second key to the third key, and a specific signature changing manner is similar to S102 and will not be repeated herein.
S106, pushing the installation package after the second change signature of the application to the user equipment, so that the user equipment updates the application again based on the installation package after the second change signature.
In the embodiment of the present disclosure, after the second change signature processing is completed on the installation package of the application, the application signature device may push the installation package after the second change signature to the user equipment installed with the application, so that the user equipment updates the application again after receiving the installation package after the second change signature, where the specific pushing and updating methods are similar to S103 and are not repeated herein.
According to the method, the device and the system, the first key and the second key are paired, the installation package of one application signed by the first key is subjected to first change signature by the second key, the installation package of the application after the first change signature is pushed to the user equipment, so that the user equipment can update the application on the basis of the installation package after the first change signature, the second key is paired with the third key, the installation package of the application after the first change signature is subjected to second change signature by the third key, the installation package of the application after the second change signature is pushed to the user equipment, the user equipment can update the application again on the basis of the installation package after the second change signature, the old application does not need to be unloaded when the signature of the application is required to be updated to the other private key, the application signature can be safely changed without exposing the private key, the user operation is more convenient, and meanwhile, the application data can be reserved, and the user experience is improved.
In some embodiments of the present disclosure, a first party in an application signing device generates a first relationship chain based on the first key and the second key, and a second party generates a second relationship chain based on the second key, the third key, and the first relationship chain.
Specifically, when the first party in the application signing device performs pairing processing on the first key and the second key, a first relation chain from the first key to the second key can be generated according to the first key and the second key, and when the second party performs pairing processing on the second key and the third key, a second relation chain from the second key to the third key can be generated according to the second key, the third key and the first relation chain.
The first relation chain is a binary file for storing the mapping relation between the first key and the second key, and the second relation chain is a binary file for storing the mapping relation between the second key and the third key.
In some embodiments of the disclosure, the first party in the application signing device generates the first relationship chain based on the first key and the second key according to a signature rotation instruction, and the second party generates the second relationship chain based on the second key, the third key, and the first relationship chain according to a signature rotation instruction.
Specifically, the first party in the application signing device may execute an apksigner rotation-out line 1-old-sign-ner-ks-key 1. Jks-new-sign-ks-key 2.Jks command using a rotation command in the apksigner tool after obtaining the first key and the second key, wherein line 1 is a first relationship chain, key1 is a first key, key2 is a second key, the first party in the application signing device may execute an apksigner rotation-in line 1-out line 2-old-ner-ks-key 2. Jks-new-ks-key 3.Jks command using a rotation command in the apksigner tool after obtaining the second key, the third key and the first relationship chain, and y3 is a third relationship chain, thereby generating the second relationship key by the first party.
Alternatively, the application signing device may execute an apksigner sign-ks key1. Jks-next-signer-ks key2. Jks-linear 1 app. Apk command after the first relation chain is generated, wherein app is the original name of the installation package of the application, and execute an apksigner sign-ks key2. Jks-next-signer-ks key3. Jks-linear 2 app1.Apk command after the second relation chain is generated, wherein app1 is the name of the installation package after the signature is changed for the first time.
In one embodiment, the first key is owned by the first party, the third key is owned by the second party, and the second key is shared by the first party and the second party.
Specifically, the first secret key is owned by the first party, is only stored in the first party, only the first party has authority control, the third secret key is owned by the second party, is only stored in the second party, only the second party has authority control, neither the first secret key nor the second secret key can be leaked, the second secret key is shared by the first party and the second party, can be generated by any one of the first party or the second party, and is sent to the other party after being generated.
Optionally, since the first key is owned by the first party and the third key is owned by the second party, the operations of generating the first relation chain according to the signature rotation instruction and performing the first change signature on the installation package of the application can only be performed in the first party, the operations of generating the second relation chain according to the signature rotation instruction and performing the second change signature on the installation package of the application can only be performed in the second party.
The first party is one of a terminal manufacturer and an application provider, the second party is a party different from the first party in the terminal manufacturer and the application provider, namely, the first party is the terminal manufacturer, the second party is the application provider, or the first party is the application provider, and the second party is the terminal manufacturer.
According to the method and the device for the signature change of the installation package, the second secret key shared by the terminal manufacturer and the application provider is set, the two parties respectively generate the relationship chain between the secret key owned by the terminal manufacturer and the shared second secret key, and the signature change of the installation package is completed twice, so that the signature change from one private secret key to the other private key can be completed under the condition that the terminal manufacturer and the application provider do not reveal the own signature secret key, the purpose of safety control is achieved, and the safety in the process of changing the application management authority is guaranteed.
In some embodiments of the present disclosure, an application signing device may determine that a confirmation update instruction of the application feedback in the user equipment is received; pushing the installation package after the first signature change of the application to the user equipment; and/or: pushing the installation package after the first change signature of the application to an application installation program in the user equipment.
Optionally, the application signing device may first determine, when pushing the installation package after the first change signature of the application to the user device, to receive a confirmation update instruction fed back by the application in the user device, where the confirmation update instruction may be a confirmation update instruction fed back by the application in response to an update request sent by the application signing device when the application has an automatic update right, or may push, when the application does not have the automatic update right, an update request sent by the application signing device to a user, and after the user agrees to update, the confirmation update instruction fed back to the application signing device, and after receiving the confirmation update instruction, the application signing device pushes the installation package after the first change signature of the application to the user device, so that the user device updates the application based on the installation package after the first change signature.
Optionally, the application signing device may push the installation package after the first change signature to the preset application installation program in the user equipment, so that the application installation program in the user equipment updates the application based on the installation package after the first change signature.
Optionally, the application signing device may determine which mode is adopted to update the application according to the application authority, if the application authority is higher, push the installation package after the signature is changed for the first time to the preset application installation program in the user equipment, and if the application authority is lower, push the installation package after the signature is changed for the first time to the user equipment in response to the confirmation update instruction fed back by the application in the user equipment.
For example, the manner of pushing the installation package after the second change signature of the application to the user device may be the same as the manner of pushing the installation package after the first change signature, or may directly adopt the manner of pushing the installation package after the second change signature to the application installer when pushing the installation package after the second change signature, which is not limited herein.
The embodiment of the disclosure pushes the installation package after the first change signature of the application to the user equipment by determining that a confirmation update instruction of the application feedback in the user equipment is received, and/or: the installation package after the signature is changed for the first time is pushed to the application installation program in the user equipment, so that silent update of the application can be realized, operations which are required to be completed by a user in the update process are reduced, and user experience is further improved.
Fig. 2 is a flowchart of another method for applying a signature according to an embodiment of the present disclosure, and as shown in fig. 2, on the basis of the above embodiment, the application signature may be performed by the following method.
As shown in fig. 2, the first party is a terminal manufacturer, the second party is an application provider, the user equipment is provided with an installation package apk1 of an application, the terminal manufacturer is provided with a first key1, the third party provider is provided with a third key3, the terminal manufacturer and the application provider share a second key2, the key2 can be generated by any one of the terminal manufacturer and the application provider and sent to the other party after generation, so that the terminal manufacturer and the application provider can share the second key2, the terminal manufacturer can generate a first relation chain link 1 according to the key1 and the key2, the installation package apk1 of the application signed by the key1 is changed by using the key1, the key2 and the link 1, the installation package apk2 of the application signed by the key2 after the first change is obtained, the user equipment is pushed with the key2, the application provider can cover and upgrade the application based on the key2, the application provider can generate a second relation link 2 according to the key2, the key1 and the link 3, the signature of the application is changed by using the link 3, and the private key3 is obtained, and the signature of the application is changed by using the link 3, and the private key3 is changed by the user equipment, and the private key3 is changed, and the signature is changed by the link 3.
Fig. 3 is a schematic structural diagram of an application signature device according to an embodiment of the present disclosure. As shown in fig. 3, the application signing device 300 includes: the device comprises a first pairing module 310, a first re-signing module 320, a first pushing module 330, a second pairing module 340, a second re-signing module 350 and a second pushing module 360, wherein the first pairing module 310 is used for pairing a first key and a second key; a first re-signing module 320, configured to sign an installation package of an application signed by the first key with the second key for a first modification; a first pushing module 330, configured to push, to a user device, an installation package after the first change signature of the application, so that the user device updates the application based on the installation package after the first change signature; a second pairing module 340, configured to pair the second key and the third key; a second re-signing module 350, configured to perform a second change signature on the installation package after the first change signature of the application with the third key; and the second pushing module 360 is configured to push the installation package after the second change signature of the application to the user equipment, so that the user equipment updates the application again based on the installation package after the second change signature.
Optionally, the first pairing module 310 is specifically configured to generate a first relationship chain by the first party based on the first key and the second key; the second pairing module 340 is specifically configured to generate a second relationship chain by the second party based on the second key, the third key, and the first relationship chain.
Optionally, the first relation chain is a binary file for storing a mapping relationship between the first key and the second key, and the second relation chain is a binary file for storing a mapping relationship between the second key and the third key.
Optionally, the first pairing module 310 is specifically configured to generate, by the first party, the first relationship chain based on the first key and the second key according to a signature rotation instruction; the second pairing module 340 is specifically configured to generate, according to a signature rotation instruction, the second relationship chain based on the second key, the third key, and the first relationship chain by the second party.
Optionally, the first pushing module 330 includes: a determining unit, configured to determine that a confirmation update instruction of the application feedback in the user equipment is received; a first pushing unit, configured to push, to the user equipment, an installation package after the first change signature of the application; and the second pushing unit is used for pushing the installation package after the first change signature of the application to the application installation program in the user equipment.
Optionally, the first key is owned by the first party, the third key is owned by the second party, and the second key is shared by the first party and the second party.
Optionally, the first party is one of a terminal manufacturer and an application provider, and the second party is a party different from the first party among the terminal manufacturer and the application provider.
The application signing device provided in this embodiment can execute the method described in any of the above embodiments, and the execution manner and the beneficial effects thereof are similar, and are not described herein again.
Fig. 4 is a schematic structural diagram of a computer device according to an embodiment of the present disclosure.
As shown in fig. 4, the computer device may include a processor 410 and a memory 420 storing computer program instructions.
In particular, the processor 410 may include a Central Processing Unit (CPU), or an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), or may be configured to implement one or more integrated circuits of embodiments of the present application.
Memory 420 may include mass storage for information or instructions. By way of example, and not limitation, memory 420 may include a Hard Disk Drive (HDD), floppy Disk Drive, flash memory, optical Disk, magneto-optical Disk, magnetic tape, or universal serial bus (Universal Serial Bus, USB) Drive, or a combination of two or more of these. Memory 420 may include removable or non-removable (or fixed) media, where appropriate. Memory 420 may be internal or external to the integrated gateway device, where appropriate. In a particular embodiment, the memory 420 is a non-volatile solid state memory. In a particular embodiment, the Memory 420 includes Read-Only Memory (ROM). The ROM may be mask-programmed ROM, programmable ROM (PROM), erasable PROM (Electrical Programmable ROM, EPROM), electrically erasable PROM (Electrically Erasable Programmable ROM, EEPROM), electrically rewritable ROM (Electrically Alterable ROM, EAROM), or flash memory, or a combination of two or more of these, where appropriate.
The processor 410 reads and executes the computer program instructions stored in the memory 420 to perform the steps of the application signature method provided by the embodiments of the present disclosure.
In one example, the computer device may also include a transceiver 430 and a bus 440. As shown in fig. 4, the processor 410, the memory 420 and the transceiver 430 are connected to each other through a bus 440 and perform communication with each other.
Bus 440 includes hardware, software, or both. By way of example, and not limitation, the buses may include an accelerated graphics port (Accelerated Graphics Port, AGP) or other graphics BUS, an enhanced industry standard architecture (Extended Industry Standard Architecture, EISA) BUS, a Front Side BUS (FSB), a HyperTransport (HT) interconnect, an industry standard architecture (Industrial Standard Architecture, ISA) BUS, an InfiniBand interconnect, a Low Pin Count (LPC) BUS, a memory BUS, a micro channel architecture (Micro Channel Architecture, MCa) BUS, a peripheral control interconnect (Peripheral Component Interconnect, PCI) BUS, a PCI-Express (PCI-X) BUS, a serial advanced technology attachment (Serial Advanced Technology Attachment, SATA) BUS, a video electronics standards association local (Video Electronics Standards Association Local Bus, VLB) BUS, or other suitable BUS, or a combination of two or more of these. Bus 440 may include one or more buses, where appropriate. Although embodiments of the present application describe and illustrate a particular bus, the present application contemplates any suitable bus or interconnect.
The present disclosure also provides a non-transitory computer readable storage medium, which may store a computer program, which when executed by a processor, causes the processor to implement the application signature method provided by the embodiments of the present disclosure.
The storage medium described above may, for example, include a memory 420 of computer program instructions executable by the processor 410 of the application signing device to perform the application signing method provided by the embodiments of the present disclosure. Alternatively, the storage medium may be a non-transitory computer readable storage medium, for example, a ROM, compact Disc ROM (CD-ROM), a magnetic tape, a floppy disk, an optical data storage device, and the like. The computer programs described above may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server.
It should be noted that in this document, relational terms such as "first" and "second" and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The foregoing is merely a specific embodiment of the disclosure to enable one skilled in the art to understand or practice the disclosure. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown and described herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. An application signing method, the method being applicable to an application management system, comprising:
acquiring a second key for the first change signature;
pairing a first key with the second key to generate first pairing information, wherein the first key is a signature key originally used by an installation package of an application;
performing a first change signature on the installation package of the application by using the second key and the first pairing information;
pushing the installation package after the first change signature of the application to user equipment so that the user equipment updates the application based on the installation package after the first change signature;
pairing the second key with a third key to generate second pairing information, wherein the third key is used for changing the signature for the second time;
carrying out second-time change signature on the installation package subjected to the first-time change signature of the application by using the third key and the second pairing information;
pushing the installation package after the second change signature of the application to the user equipment, so that the user equipment updates the application updated by the installation package after the first change signature based on the installation package after the second change signature.
2. The method of claim 1, wherein the pairing the first key and the second key generates first pairing information, comprising:
a first party generates a first relationship chain based on the first key and the second key;
said pairing said second key and third key to generate second pairing information comprising:
the second party generates a second relationship chain based on the second key, the third key, and the first relationship chain.
3. The method of claim 2, wherein the first relationship chain is a binary file for storing a mapping relationship between the first key and the second key, and the second relationship chain is a binary file for storing a mapping relationship between the second key and the third key.
4. The method of claim 2, wherein the first party generates a first relationship chain based on the first key and the second key, comprising:
the first party generates the first relation chain based on the first key and the second key according to a signature rotation instruction;
the second party generates a second relationship chain based on the second key, the third key, and the first relationship chain, including:
the second party generates the second relation chain based on the second key, the third key and the first relation chain according to a signature rotation instruction.
5. The method of claim 1, wherein pushing the signed installation package of the first change of the application to the user device comprises:
determining that a confirmation update instruction fed back by the application in the user equipment is received;
pushing the installation package after the first signature change of the application to the user equipment;
and/or:
pushing the installation package after the first change signature of the application to an application installation program in the user equipment.
6. The method of claim 2, wherein the first key is owned by the first party, the third key is owned by the second party, and the second key is shared by the first party and the second party.
7. The method of claim 6, wherein the first party is one of a terminal manufacturer and an application provider, and the second party is a different party from the first party among the terminal manufacturer and the application provider.
8. An application signing device, said device being adapted for use in an application management system comprising:
the acquisition module is used for acquiring a second key for changing the signature for the first time;
the first pairing module is used for pairing a first key and the second key to generate first pairing information, wherein the first key is a signature key originally used by an installation package of an application;
the first re-signing module is used for carrying out first-time change signing on the installation package of the application by using the second key and the first pairing information;
the first pushing module is used for pushing the installation package after the first change signature of the application to the user equipment so that the user equipment updates the application based on the installation package after the first change signature;
the second pairing module is used for pairing the second key with a third key to generate second pairing information, and the third key is used for changing the signature for the second time;
the second re-signing module is used for carrying out second-time change signing on the installation package subjected to the first-time change signing of the application by using the third key and the second pairing information;
and the second pushing module is used for pushing the installation package after the second change signature of the application to the user equipment so that the user equipment updates the application after the installation package after the first change signature is updated again based on the installation package after the second change signature.
9. A computer device, comprising:
a processor;
a memory for storing executable instructions;
wherein the processor is configured to read the executable instructions from the memory and execute the executable instructions to implement the method of any of the preceding claims 1-7.
10. A non-transitory computer readable storage medium, characterized in that the storage medium stores a computer program, which when executed by a processor causes the processor to implement the method of any of the preceding claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311347086.0A CN117077090B (en) | 2023-10-16 | 2023-10-16 | Application signature method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311347086.0A CN117077090B (en) | 2023-10-16 | 2023-10-16 | Application signature method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117077090A CN117077090A (en) | 2023-11-17 |
| CN117077090B true CN117077090B (en) | 2024-01-23 |
Family
ID=88715762
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311347086.0A Active CN117077090B (en) | 2023-10-16 | 2023-10-16 | Application signature method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117077090B (en) |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20130093847A (en) * | 2012-01-27 | 2013-08-23 | 한국인터넷진흥원 | Security system and method for applications |
| CN103595530A (en) * | 2012-08-17 | 2014-02-19 | 华为技术有限公司 | Software secret key updating method and device |
| CN106209377A (en) * | 2016-07-01 | 2016-12-07 | 陕西师范大学 | A kind of based on multivariable can anti-conspiracy attack agency weight endorsement method |
| CN109740305A (en) * | 2018-12-26 | 2019-05-10 | 深圳市优博讯科技股份有限公司 | A kind of application program installation kit endorsement method, installation method and electronic equipment |
| CN110414190A (en) * | 2019-07-30 | 2019-11-05 | 宇龙计算机通信科技(深圳)有限公司 | Endorsement method, relevant apparatus, storage medium and the electronic equipment of application installation package |
| CN112364340A (en) * | 2020-11-27 | 2021-02-12 | 深圳市慧为智能科技股份有限公司 | Authority management method, device, equipment and computer readable storage medium |
| CN113541966A (en) * | 2021-07-23 | 2021-10-22 | 湖北亿咖通科技有限公司 | Authority management method, device, electronic equipment and storage medium |
| CN114329358A (en) * | 2021-12-28 | 2022-04-12 | 深圳市兆珑科技有限公司 | Application signature method and system, transaction terminal and service platform |
| CN114462101A (en) * | 2022-01-29 | 2022-05-10 | 麒麟合盛网络技术股份有限公司 | Processing system, method and device for application apk packet |
| CN114969720A (en) * | 2022-05-31 | 2022-08-30 | 东集技术股份有限公司 | Installation method and device of android application, storage medium and computer equipment |
| WO2023058860A1 (en) * | 2021-10-06 | 2023-04-13 | 삼성전자주식회사 | Electronic device for processing multi-signed apk file, and operating method therefor |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070277038A1 (en) * | 2006-05-25 | 2007-11-29 | General Dynamics C4 Systems, Inc. | Method for authentication of software within a product |
| KR20150084221A (en) * | 2014-01-13 | 2015-07-22 | 삼성전자주식회사 | Apparatus and Method for Resigning of Application Package and Terminal Apparatus for Running of the Application Package |
-
2023
- 2023-10-16 CN CN202311347086.0A patent/CN117077090B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20130093847A (en) * | 2012-01-27 | 2013-08-23 | 한국인터넷진흥원 | Security system and method for applications |
| CN103595530A (en) * | 2012-08-17 | 2014-02-19 | 华为技术有限公司 | Software secret key updating method and device |
| CN106209377A (en) * | 2016-07-01 | 2016-12-07 | 陕西师范大学 | A kind of based on multivariable can anti-conspiracy attack agency weight endorsement method |
| CN109740305A (en) * | 2018-12-26 | 2019-05-10 | 深圳市优博讯科技股份有限公司 | A kind of application program installation kit endorsement method, installation method and electronic equipment |
| CN110414190A (en) * | 2019-07-30 | 2019-11-05 | 宇龙计算机通信科技(深圳)有限公司 | Endorsement method, relevant apparatus, storage medium and the electronic equipment of application installation package |
| CN112364340A (en) * | 2020-11-27 | 2021-02-12 | 深圳市慧为智能科技股份有限公司 | Authority management method, device, equipment and computer readable storage medium |
| CN113541966A (en) * | 2021-07-23 | 2021-10-22 | 湖北亿咖通科技有限公司 | Authority management method, device, electronic equipment and storage medium |
| WO2023058860A1 (en) * | 2021-10-06 | 2023-04-13 | 삼성전자주식회사 | Electronic device for processing multi-signed apk file, and operating method therefor |
| CN114329358A (en) * | 2021-12-28 | 2022-04-12 | 深圳市兆珑科技有限公司 | Application signature method and system, transaction terminal and service platform |
| CN114462101A (en) * | 2022-01-29 | 2022-05-10 | 麒麟合盛网络技术股份有限公司 | Processing system, method and device for application apk packet |
| CN114969720A (en) * | 2022-05-31 | 2022-08-30 | 东集技术股份有限公司 | Installation method and device of android application, storage medium and computer equipment |
Non-Patent Citations (1)
| Title |
|---|
| 基于信任链传递的APK重签名算法设计;于成丽等;《电视技术》;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117077090A (en) | 2023-11-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11617073B2 (en) | Method enabling migration of a subscription | |
| KR101067615B1 (en) | Loading data onto an electronic device | |
| CN1653460B (en) | Method for loading an application in a device, device and smart card therefor | |
| CN101194461B (en) | Method and apparatus for certificate roll-over | |
| CN103858130A (en) | Method, apparatus and terminal for administration of permission | |
| JP2018533282A (en) | Techniques for managing certificates on computing devices | |
| JP2010003235A (en) | Secure boot with optional component method | |
| US10582383B2 (en) | Method of managing a profile stored in a secure element, and corresponding secure element | |
| CN103744686A (en) | Control method and system for installing application in intelligent terminal | |
| JP6793667B2 (en) | Application download method and equipment | |
| CN107122212A (en) | Firmware encrypting method | |
| CN108229144B (en) | Verification method of application program, terminal equipment and storage medium | |
| CN105574414A (en) | Method for loading a file into ram in an electronic apparatus and associated electronic apparatus | |
| US10263980B2 (en) | Network node, device and methods for providing an authentication module | |
| CN110688648A (en) | Security chip firmware updating method and device | |
| KR100660641B1 (en) | Secure booting method for mobile terminal and mobile terminal for adopting the same | |
| CN117077090B (en) | Application signature method, device, equipment and storage medium | |
| CN106576239B (en) | Method and device for managing content in security unit | |
| EP4150444A1 (en) | Controlled scope of authentication key for software update | |
| CN111935302A (en) | Key management device, method and equipment | |
| CN111211898A (en) | Method for setting control authority of electronic equipment, electronic equipment and readable storage medium | |
| CN113672264B (en) | System upgrading method and device of embedded universal integrated circuit card and electronic equipment | |
| CN114629658A (en) | Application signature method, device, equipment and storage medium | |
| CN110851161B (en) | Firmware updating method for intelligent household equipment | |
| US11443022B2 (en) | Method for controlling access to a security module |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |