CN109740305B - Application program installation package signature method, installation method and electronic equipment - Google Patents
Application program installation package signature method, installation method and electronic equipment Download PDFInfo
- Publication number
- CN109740305B CN109740305B CN201811603967.3A CN201811603967A CN109740305B CN 109740305 B CN109740305 B CN 109740305B CN 201811603967 A CN201811603967 A CN 201811603967A CN 109740305 B CN109740305 B CN 109740305B
- Authority
- CN
- China
- Prior art keywords
- signature
- installation package
- signature information
- application program
- storage area
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Stored Programmes (AREA)
Abstract
The invention relates to an application program installation package signature method, an application program installation package signature method and electronic equipment. The method comprises the steps that a signature storage area is arranged in an application program installation package, the application program installation package comprises a data area, a central directory area and a central directory tail area, the signature storage area is arranged between the data area and the central directory area, and the signature storage area is used for recording signature information; writing first signature information in a signature storage area; and writing second signature information in the signature storage area to generate a signature application program installation package. By implementing the method and the device, multiple signatures of the android application program are realized, the safety of the android application program is ensured, different user signatures are allowed to exist simultaneously, and the signature efficiency and integrity are improved.
Description
Technical Field
The invention relates to the field of application program safety, in particular to an application program installation package signature method, an application program installation package signature method and electronic equipment.
Background
When an application installation package (APK) application is installed, an Android (Android) device needs to verify whether signature information of the APK is consistent with system signature information. An APK may contain multiple sets of signature information, and in practice, an APK is often required to have both vendor and customer signatures for installation. Usually, signature keys of a manufacturer and a customer are kept secret, so that a signature method needs to be designed to realize that the manufacturer and the customer respectively carry out signature operation on the same APK, and the signature keys are not on the same hand of the user and can also complete double signature operation.
Android 7.0 introduced a V2 signature scheme that performs signatures based on ZIP file blocks. Compared with a V1 signature scheme used before Android 7.0, the V2 signature scheme improves the signature efficiency and strengthens the integrity guarantee of data. The V2 signature scheme supports multiple signatures, but requires that multiple signing keys be input simultaneously while performing the signing task, and each signature covers the existing signature data. Therefore, V2 signing requires that the user performing the signing operation can obtain all keys to complete the signing task at once. Many times the vendor and customer keys are kept secret so that the user cannot obtain all keys to perform the signing task at once. Therefore, the current Android V2 signature scheme can support simultaneous signature of multiple keys, but does not support additional signature when the keys cannot be obtained simultaneously.
Disclosure of Invention
The invention aims to solve the technical problem of providing an application program installation package signing method, an application program installation package signing method and electronic equipment aiming at the defect that the user cannot acquire all keys to execute a signing task at one time in the prior art.
The technical scheme adopted by the invention for solving the technical problems is as follows: the application program installation package signature method is constructed and comprises the following steps:
setting a signature storage area in the application program installation package, wherein the signature storage area is used for recording signature information;
writing first signature information in the signature storage area;
writing second signature information in the signature storage area;
a signed application installation package is generated.
Further, the method for signing an application installation package according to the present invention, wherein the setting of a signature storage area in the application installation package comprises:
the application program installation package comprises a data area, a central directory area and a central directory tail area, and the signature storage area is arranged between the data area and the central directory area.
Further, the signature method for the application installation package according to the present invention, wherein the setting of the signature storage area between the data area and the central directory area includes:
the signature storage area is arranged between the data area and the central directory area, and the offset of the central directory area and the offset of the tail area of the central directory are adjusted according to the size of the signature storage area.
Further, in the application program installation package signature method of the present invention, the signature storage area includes a first partition size, a signature key value pair, a second partition size, and a flag value, where the first partition size, the second partition size, and the flag value are used to locate a position of a block, and the signature key value pair is used to record signature information.
Further, in the method for signing the application program installation package, each signature key value pair comprises a signature sequence, and the signature sequence is obtained by a group of application program files signed by keys.
Further, in the application installation package signing method of the present invention, the first signature information is vendor signature information of a manufacturer of the application program, and the second signature information is customer signature information of a user of the application program.
Further, according to the signature method for the application program installation package, the application program installation package is an application program written by using an android programming language.
In addition, the invention also provides an application program installation package installation method, which is used for installing the signature application program installation package generated by using the application program installation package signature method; the method comprises the following steps:
extracting signature information of a signature storage area in the signature application program installation package, wherein the signature information comprises first signature information and second signature information;
verifying whether the first signature information and the second signature information are legal or not;
and if the first signature information and the second signature information are both legal, installing the signature application program installation package.
Further, the method for installing an application program installation package according to the present invention, wherein the extracting signature information of the signature storage area in the signature application program installation package includes:
obtaining the signature storage area according to the offset of the central directory area and the offset of the tail area of the central directory of the signature application program installation package;
extracting the signature key value pair in the signature storage area;
and obtaining the signature information according to the signature key value pair.
In addition, the invention also provides an electronic device, which includes a processor, wherein the processor is used for implementing the signature method for the application program installation package to sign the application program installation package when executing the computer program stored in the memory; or
The processor is configured to implement the application installation package installation method as described above to install the signed application installation package when executing the computer program stored in the memory.
The application program installation package signing method, the application program installation package signing method and the electronic equipment have the following beneficial effects that: the method comprises the steps that a signature storage area is arranged in an application program installation package, the application program installation package comprises a data area, a central directory area and a central directory tail area, the signature storage area is arranged between the data area and the central directory area, and the signature storage area is used for recording signature information; writing first signature information in a signature storage area; and writing second signature information in the signature storage area to generate a signature application program installation package. By implementing the method and the device, multiple signatures of the android application program are realized, the safety of the android application program is ensured, different user signatures are allowed to exist simultaneously, and the signature efficiency and integrity are improved.
Drawings
The invention will be further described with reference to the accompanying drawings and examples, in which:
FIG. 1 is a flowchart of an application installation package signing method according to an embodiment of the present invention;
FIG. 2 is a schematic structural diagram of a signed application installation package according to an embodiment of the present invention;
FIG. 3 is a diagram illustrating a structure of a signature storage area according to an embodiment of the present invention;
FIG. 4 is a flowchart of an application installation package installation method according to an embodiment of the present invention;
fig. 5 is a flowchart of extracting signature information in an installation method provided by an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
For a more clear understanding of the technical features, objects and effects of the present invention, embodiments of the present invention will now be described in detail with reference to the accompanying drawings.
Examples
As shown in fig. 1, the signature method for the application installation package according to the embodiment is used to sign the application installation package, where the application installation package may be an application written by using an Android programming language, and preferably, the Android programming language uses the Android version 7.0. After the application program is written, signing is required to be carried out, namely manufacturer signature information is required to be written by a manufacturer, and customer signature information is required to be written by a subsequent customer. Specifically, the method comprises the following steps:
and S10, setting a signature storage area in the application program installation package, wherein the signature storage area is used for recording signature information.
S11, writing the first signature information in the signature storage area. Preferably, the first signature information is vendor signature information of the manufacturer of the application program.
And S12, writing the second signature information in the signature storage area. The second signature information is the client signature information of the application program user.
And S13, generating a signature application program installation package, wherein the signature application program installation package comprises the first signature information and the second signature information. Alternatively, the second signature information may be plural.
The embodiment stores the first signature information and the second signature information by setting a dedicated signature storage area, so that the application program installation package is provided with the first signature information and the second signature information at the same time. For example, if the first signature information is vendor signature information of the manufacturer of the application program, and the second signature information is customer signature information of the user of the application program, the application program installation package has both vendor signature information and customer signature information. And the signature information of the manufacturer can be written in firstly in the writing process, and then the signature information of the customer can be written in, so that the signature processes of the manufacturer and the customer can be separated, and the manufacturer and the customer respectively maintain the signature keys of the manufacturer and the customer.
Examples
As shown in fig. 2, on the basis of the above embodiment, the setting of the signature storage area in the application installation package signing method of this embodiment includes: the application program installation package comprises a data area, a central directory area and a central directory tail area, and the signature storage area is arranged between the data area and the central directory area. Further, the signature storage area being provided between the data area and the central directory area includes: the signature storage area is arranged between the data area and the central directory area, the offset of the central directory area and the offset of the tail area of the central directory are adjusted according to the size of the signature storage area, and the signature storage area can be determined and read according to the offsets in the subsequent installation process.
Alternatively, the writing process of the first signature information and the second signature information is as follows: and setting a signature storage area between the data area and the central directory area in the application program installation package, wherein the signature storage area is used for recording signature information, and writing first signature information in the signature storage area. Preferably, the first signature information is vendor signature information of the manufacturer of the application program. When the second signature information needs to be written, a signature storage area is arranged between the data area and the central directory area in the application program installation package, the signature storage area is used for recording the signature information, and the second signature information is written in the signature storage area. The second signature information is the client signature information of the application program user. It should be noted that the added signature storage area does not cover the previous signature storage area. And when the second signature information needs to be added subsequently, a signature storage area is arranged between the data area and the central directory area in the application program installation package, the signature storage area is used for recording the signature information, and the second signature information is written in the signature storage area. Therefore, the writing of the plurality of second signature information is realized, namely the writing of the plurality of client signature information is realized. In the writing mode, each time the signature storage area is added, the offset of the central directory area and the offset of the tail area of the central directory need to be adjusted according to the size of the signature storage area, and the signature storage area can be determined and read according to the offsets in the subsequent installation process.
Alternatively, the writing process of the first signature information and the second signature information is as follows: and a signature storage area is arranged between the data area and the central directory area in the application program installation package, the signature information can be continuously written in the signature storage area, and the signature information written in the subsequent process cannot cover the signature information written in the prior process. That is, after the first signature information is written in the signature storage area, the second signature information can be continuously written. Alternatively, a plurality of second signature information may be sniffed.
In this embodiment, the offset of the central directory area and the offset of the tail area of the central directory are adjusted according to the size of the signature storage area, so that the second signature information can be newly added without overwriting the previous signature information, and independent writing of the signature information is realized.
Examples
As shown in fig. 3, based on the above embodiment, in the signature method for an application installation package of the present embodiment, the signature storage area includes a first partition size, a signature key value pair, a second partition size, and a flag value, where the first partition size, the second partition size, and the flag value are used to locate the location of the block, and the signature key value pair is used to record signature information.
Further, each signature key-value pair contains a signature sequence derived from an application file signed by a set of keys.
Examples
As shown in fig. 4, the application installation package installation method of the present embodiment is used for installing a signed application installation package generated by using the application installation package signing method as described above, and the signed application installation package includes first signature information and second signature information. The mounting method comprises the following steps:
and S20, extracting the signature information of the signature storage area in the signature application program installation package, wherein the signature information comprises first signature information and second signature information.
Specifically, the storage mode of the signature information in the signature storage area is as follows: the application program installation package comprises a data area, a central directory area and a central directory tail area, and the signature storage area is arranged between the data area and the central directory area. Further, the signature storage area being provided between the data area and the central directory area includes: the signature storage area is arranged between the data area and the central directory area, and the offset of the central directory area and the offset of the tail area of the central directory are adjusted according to the size of the signature storage area. The signature storage area comprises a first block size, a signature key value pair, a second block size and a mark value, wherein the first block size, the second block size and the mark value are used for positioning the position of the block, and the signature key value pair is used for recording signature information. Each signature key-value pair contains a signature sequence derived from an application file signed by a set of keys.
Preferably, the first signature information is vendor signature information of an application program manufacturer; the second signature information is the client signature information of the application program user. Alternatively, the second signature information may be plural.
And S21, verifying whether the first signature information and the second signature information are legal. Verifying whether the first signature information and the second signature information are legitimate includes: and verifying whether the first signature information is matched with the preset first signature information or not, and verifying whether the second signature information is matched with the preset second signature information or not. Preferably, a verification sequence may be set, and first it is verified whether the first signature information matches with preset first signature information, and if so, it is verified whether the second signature information matches with preset second signature information; and if the first signature information is not matched with the preset first signature information, the second signature information is not verified.
And S22, if the first signature information and the second signature information are both legal, installing the signature application program installation package.
In the installation process, the signature information of the signature storage area in the signature application program installation package is firstly read, and whether installation is carried out is judged by verifying the first signature information and the second signature information.
Examples
As shown in fig. 5, on the basis of the foregoing embodiment, the extracting signature information of the signature storage area in the signed application installation package in the application installation package installation method of the present embodiment includes:
s201, obtaining a signature storage area according to the offset of the central directory area and the offset of the tail area of the central directory of the signature application program installation package;
s202, extracting a signature key value pair in a signature storage area; each signature key-value pair contains a signature sequence derived from an application file signed by a set of keys.
And S203, obtaining signature information according to the signature key value pair. The signature information includes first signature information and second signature information. Alternatively, the second signature information may be plural.
Examples
As shown in fig. 6, the present embodiment provides an electronic device, which includes a processor, and the processor is configured to implement the application installation package signing method as described above to sign an application installation package when executing a computer program stored in a memory.
Examples
As shown in fig. 6, the present embodiment provides an electronic device, which is installed with an android operating system. The electronic device comprises a processor for implementing the application installation package installation method as described above when executing the computer program stored in the memory to install the signed application installation package.
By implementing the method and the device, multiple signatures of the android application program are realized, the safety of the android application program is ensured, different user signatures are allowed to exist simultaneously, and the signature efficiency and integrity are improved.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The above embodiments are merely illustrative of the technical ideas and features of the present invention, and are intended to enable those skilled in the art to understand the contents of the present invention and implement the present invention, and not to limit the scope of the present invention. All equivalent changes and modifications made within the scope of the claims of the present invention should be covered by the claims of the present invention.
Claims (4)
1. An application installation package signing method is characterized by comprising the following steps:
setting a signature storage area in the application program installation package, wherein the signature storage area is used for recording signature information; the setting of the signature storage area in the application program installation package comprises: the application program installation package comprises a data area, a central directory area and a central directory tail area, wherein the signature storage area is arranged between the data area and the central directory area, and the offset of the central directory area and the offset of the central directory tail area are adjusted according to the size of the signature storage area;
writing first signature information in the signature storage area; the first signature information is manufacturer signature information of the application program manufacturer;
writing second signature information in the signature storage area; the second signature information is the client signature information of the application program user; when the second signature information is written in, a signature storage area is added between the data area and the central directory area, and the offset of the central directory area and the offset of the tail area of the central directory are adjusted according to the size of the added signature storage area;
generating a signature application program installation package; the signature storage area comprises a first block size, a signature key value pair, a second block size and a mark value, wherein the first block size, the second block size and the mark value are used for positioning the position of a block, and the signature key value pair is used for recording signature information; each of the signature key-value pairs comprises a signature sequence derived from an application file signed by a set of keys.
2. The method of claim 1, wherein the application installation package is an application written using the android programming language.
3. An application installation package installation method for installing a signed application installation package generated using the application installation package signing method of any one of claims 1-2; the method comprises the following steps:
extracting signature information of a signature storage area in the signature application program installation package, wherein the signature information comprises first signature information and second signature information; the extracting signature information of the signature storage area in the signature application program installation package comprises: obtaining the signature storage area according to the offset of the central directory area and the offset of the tail area of the central directory of the signature application program installation package, extracting the signature key value pair in the signature storage area, and obtaining the signature information according to the signature key value pair; the first signature information is manufacturer signature information of the application program manufacturer, and the second signature information is customer signature information of the application program user;
verifying whether the first signature information and the second signature information are legal or not;
and if the first signature information and the second signature information are both legal, installing the signature application program installation package.
4. An electronic device, comprising a processor configured to implement the application installation package signing method of any one of claims 1-2 to sign an application installation package when executing a computer program stored in a memory; or
The processor is configured to implement the application installation package installation method of claim 3 to install the signed application installation package when executing the computer program stored in the memory.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811603967.3A CN109740305B (en) | 2018-12-26 | 2018-12-26 | Application program installation package signature method, installation method and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811603967.3A CN109740305B (en) | 2018-12-26 | 2018-12-26 | Application program installation package signature method, installation method and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109740305A CN109740305A (en) | 2019-05-10 |
| CN109740305B true CN109740305B (en) | 2022-03-18 |
Family
ID=66360018
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811603967.3A Active CN109740305B (en) | 2018-12-26 | 2018-12-26 | Application program installation package signature method, installation method and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109740305B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110224841A (en) * | 2019-06-26 | 2019-09-10 | 北京小米移动软件有限公司 | Using the method for down loading of packet, device, equipment and readable storage medium storing program for executing |
| CN117077090B (en) * | 2023-10-16 | 2024-01-23 | 武汉星纪魅族科技有限公司 | Application signature method, device, equipment and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103886260A (en) * | 2014-04-16 | 2014-06-25 | 中国科学院信息工程研究所 | Application program control method based on two-time signature verification technology |
| CN104933366A (en) * | 2015-07-17 | 2015-09-23 | 成都布林特信息技术有限公司 | Mobile terminal application program processing method |
| CN107301343A (en) * | 2017-06-19 | 2017-10-27 | 大连中科创达软件有限公司 | Secure data processing method, device and electronic equipment |
| CN107463806A (en) * | 2017-06-20 | 2017-12-12 | 国家计算机网络与信息安全管理中心 | The signature and sign test method of a kind of Android application programs installation kit |
| CN108683502A (en) * | 2018-03-30 | 2018-10-19 | 上海连尚网络科技有限公司 | A kind of digital signature authentication method, medium and equipment |
| CN108768662A (en) * | 2018-05-30 | 2018-11-06 | 格尔软件股份有限公司 | A method of self-defined signature is increased to Android APK |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8370936B2 (en) * | 2002-02-08 | 2013-02-05 | Juniper Networks, Inc. | Multi-method gateway-based network security systems and methods |
| CN102024107A (en) * | 2010-11-17 | 2011-04-20 | 中国联合网络通信集团有限公司 | Application software control platform, developer terminal as well as application software distribution system and method |
| CN107977553B (en) * | 2017-12-25 | 2020-07-10 | 中国电子产品可靠性与环境试验研究所 | Method and device for security reinforcement of mobile application program |
-
2018
- 2018-12-26 CN CN201811603967.3A patent/CN109740305B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103886260A (en) * | 2014-04-16 | 2014-06-25 | 中国科学院信息工程研究所 | Application program control method based on two-time signature verification technology |
| CN104933366A (en) * | 2015-07-17 | 2015-09-23 | 成都布林特信息技术有限公司 | Mobile terminal application program processing method |
| CN107301343A (en) * | 2017-06-19 | 2017-10-27 | 大连中科创达软件有限公司 | Secure data processing method, device and electronic equipment |
| CN107463806A (en) * | 2017-06-20 | 2017-12-12 | 国家计算机网络与信息安全管理中心 | The signature and sign test method of a kind of Android application programs installation kit |
| CN108683502A (en) * | 2018-03-30 | 2018-10-19 | 上海连尚网络科技有限公司 | A kind of digital signature authentication method, medium and equipment |
| CN108768662A (en) * | 2018-05-30 | 2018-11-06 | 格尔软件股份有限公司 | A method of self-defined signature is increased to Android APK |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109740305A (en) | 2019-05-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9614834B2 (en) | Permission management method, apparatus, and terminal | |
| US10885201B2 (en) | Apparatus for quantifying security of open-source software package, and apparatus and method for optimizing open-source software package | |
| CN109787774A (en) | Upgrading method for down loading, device, server and terminal based on digital signature verification | |
| AU2020260153B2 (en) | Version history management using a blockchain | |
| CN109862099B (en) | Upgrade checking method, device, terminal and system | |
| US8868924B1 (en) | System and method for modifying a software distribution package | |
| CN108229144B (en) | Verification method of application program, terminal equipment and storage medium | |
| CN109740305B (en) | Application program installation package signature method, installation method and electronic equipment | |
| CN102473223A (en) | Information processing device and information processing method | |
| CN109756340B (en) | Digital signature verification method, device and storage medium | |
| CN105704296B (en) | Application environment cloning method and device | |
| CN110830256A (en) | File signature method and device, electronic equipment and readable storage medium | |
| US10466997B2 (en) | Apparatus and method for modifying application | |
| US20050125659A1 (en) | Method and device for authenticating digital data by means of an authentication extension module | |
| CN114237642A (en) | Security data deployment method, device, terminal, server and storage medium | |
| US11379215B1 (en) | Application-update techniques | |
| US20230214491A1 (en) | Firmware verification system and firmware verification method | |
| US11507367B2 (en) | Firmware update method and firmware update system thereof | |
| CN106294020B (en) | Android system application partition file protection method and terminal | |
| US20200319899A1 (en) | Electronic device and method for operating an electronic device | |
| CN112395594B (en) | Method, device and equipment for processing instruction execution sequence | |
| JP2022553498A (en) | Event log tamper resistance | |
| US20200183675A1 (en) | Image file packaging method and image file packaging system | |
| CN114969765B (en) | Internet of things equipment non-inductive security vulnerability repairing method, device and equipment | |
| CN110162488A (en) | Buffer consistency method of calibration, device, server and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |