自拍偷在线精品自拍偷,亚洲欧美中文日韩v在线观看不卡

OpenHarmony應用簽名— 廠商私有簽名

作者:TiZizzz
系統(tǒng) OpenHarmony
OpenHarmony系統(tǒng)中有一套默認簽名信息,用于應用的開發(fā)和調試。當系統(tǒng)廠商正式發(fā)布系統(tǒng)時,需要新增或替換私有簽名信息,本篇文檔將介紹如何生成私有簽名并在系統(tǒng)中進行配置。本文檔需準備Java和Gradle編譯環(huán)境。

想了解更多關于開源的內容,請訪問:

51CTO 開源基礎軟件社區(qū)

https://ost.51cto.com

概述

文檔環(huán)境

  • 開發(fā)環(huán)境:Windows 11
  • DevEco Studio 版本:DevEco Studio 3.1 Release(3.1.0.500)
  • SDK 版本:3.2.12.5(Full SDK)
  • 開發(fā)板型號:DAYU 200
  • 系統(tǒng)版本:OpenHarmony 3.2 Release
  • 涉及倉庫:Hap包簽名工具[developtools_hapsigner]

功能簡介

為了保證OpenHarmony應用的完整性和來源可靠,在應用構建時需要對應用進行簽名。經過簽名的應用才能在真機設備上安裝、運行、和調試。developtools_hapsigner倉提供了簽名工具的源碼,包含密鑰對生成、CSR文件生成、證書生成、Profile文件簽名、Hap包簽名等功能。

OpenHarmony系統(tǒng)中有一套默認簽名信息,用于應用的開發(fā)和調試。當系統(tǒng)廠商正式發(fā)布系統(tǒng)時,需要新增或替換私有簽名信息,本篇文檔將介紹如何生成私有簽名并在系統(tǒng)中進行配置。本文檔需準備Java和Gradle編譯環(huán)境。

基本概念

  • 非對稱密鑰對:數(shù)據簽名/驗簽的基礎,應用簽名工具實現(xiàn)了標準的非對稱密鑰對生成功能(支持的密鑰對類型包括ECC P384/256、RSA2048/3072/4096)
  • CSR:Certificate Signing Request 證書簽發(fā)請求是生成證書的前提,他包括證書的公鑰、證書主題和私鑰簽名,在申請證書之前,需要先基于密鑰對生成CSR,然后提交給CA簽發(fā)證書。
  • 證書:OpenHarmony采用RFC5280標準構建X509證書信任體系。用于應用簽名的OpenHarmony證書共有三級,分為:根CA證書、中間CA證書、最終實體證書,其中最終實體證書分為應用簽名證書和profile簽名證書。應用簽名證書表示應用開發(fā)者的身份,可保證系統(tǒng)上安裝的應用來源可追溯,profile簽名證書實現(xiàn)對profile文件的簽名進行驗簽,保證profile文件的完整性。
  • HAP:OpenHarmony Ability Package 是Ability的部署包,OpenHarmony應用代碼圍繞Ability組件展開,它是由一個或者多個Ability組成。
  • Profile文件:HarmonyAppProvision 配置文件,hap包中的描述文件,該描述文件描述了已授權的證書權限和設備ID信息等信息。

Profile簽名場景:

OpenHarmony應用簽名 - 廠商私有簽名-開源基礎軟件社區(qū)

應用簽名場景:

OpenHarmony應用簽名 - 廠商私有簽名-開源基礎軟件社區(qū)


如何生成私有簽名

準備簽名工具

  1. 克隆developtools_hapsigner倉庫

git clone https://gitee.com/openharmony/developtools_hapsigner.git。

  1. 命令行打開文件目錄至developtools_hapsigner/hapsigntool,執(zhí)行命令進行編譯打包。

gradle build 或者 gradle jar。

OpenHarmony應用簽名 - 廠商私有簽名-開源基礎軟件社區(qū)

  1. 編譯后得到二進制文件,目錄為:

developtools_hapsigner/hapsigntool/hap_sign_tool/build/libs/hap-sign-tool.jar。

OpenHarmony應用簽名 - 廠商私有簽名-開源基礎軟件社區(qū)

簽名工具說明

  • 生成密鑰對
generate-keypair : 
     ├── -keyAlias          # 密鑰別名,必填項
     ├── -keyPwd            # 密鑰口令,可選項
     ├── -keyAlg            # 密鑰算法,必填項,包括RSA/ECC
     ├── -keySize           # 密鑰長度,必填項,RSA算法的長度為2048/3072/4096,ECC算法的長度NIST-P-256/NIST-P-384
     ├── -keystoreFile      # 密鑰庫文件,必填項,JKS或P12格式
     ├── -keystorePwd       # 密鑰庫口令,可選項
  • 生成證書簽名請求
generate-csr :
     ├── -keyAlias          # 密鑰別名,必填項
     ├── -keyPwd            # 密鑰口令,可選項
     ├── -subject           # 證書主題,必填項
     ├── -signAlg           # 簽名算法,必填項,包括SHA256withRSA / SHA384withRSA / SHA256withECDSA / SHA384withECDSA
     ├── -keystoreFile      # 密鑰庫文件,必填項,JKS或P12格式
     ├── -keystorePwd       # 密鑰庫口令,可選項
     ├── -outFile           # 輸出文件,可選項,如果不填,則直接輸出到控制臺
  • 生成根CA/中間CA證書,如果密鑰不存在,一起生成密鑰
generate-ca : 
     ├── -keyAlias                        # 密鑰別名,必填項
     ├── -keyPwd                          # 密鑰口令,可選項
     ├── -keyAlg                          # 密鑰算法,必填項,包括RSA/ECC
     ├── -keySize                         # 密鑰長度,必填項,RSA算法的長度為2048/3072/4096,ECC算法的長度NIST-P-256/NIST-P-384
     ├── -issuer                          # 頒發(fā)者的主題,可選項,如果不填,表示根CA
     ├── -issuerKeyAlias                  # 頒發(fā)者的密鑰別名,可選項,如果不填,表示根CA
     ├── -issuerKeyPwd                    # 頒發(fā)者的密鑰口令,可選項
     ├── -subject                         # 證書主題,必填項
     ├── -validity                        # 證書有效期,可選項,默認為3650天
     ├── -signAlg                         # 簽名算法,必填項,包括SHA256withRSA / SHA384withRSA / SHA256withECDSA / SHA384withECDSA
     ├── -basicConstraintsPathLen         # 路徑長度,可選項,默認為0
     ├── -issuerKeystoreFile              # 簽發(fā)者密鑰庫文件,可選項,JKS或P12格式
     ├── -issuerKeystorePwd               # 簽發(fā)者密鑰庫口令,可選項
     ├── -keystoreFile                    # 密鑰庫文件,必填項,JKS或P12格式
     ├── -keystorePwd                     # 密鑰庫口令,可選項
     ├── -outFile                         # 輸出文件,可選項,如果不填,則直接輸出到控制臺
  • 生成應用調試/發(fā)布證書
generate-app-cert : 
     ├── -keyAlias                        # 密鑰別名,必填項
     ├── -keyPwd                          # 密鑰口令,可選項
     ├── -issuer                          # 頒發(fā)者的主題,必填項
     ├── -issuerKeyAlias                  # 頒發(fā)者的密鑰別名,必填項
     ├── -issuerKeyPwd                    # 頒發(fā)者的密鑰口令,可選項
     ├── -subject                         # 證書主題,必填項
     ├── -validity                        # 證書有效期,可選項,默認為3650天
     ├── -signAlg                         # 簽名算法,必填項,包括SHA256withECDSA / SHA384withECDSA;
     ├── -keystoreFile                    # 密鑰庫文件,必填項,JKS或P12格式
     ├── -keystorePwd                     # 密鑰庫口令,可選項
     ├── -issuerKeystoreFile              # 簽發(fā)者密鑰庫文件,可選項,JKS或P12格式
     ├── -issuerKeystorePwd               # 簽發(fā)者密鑰庫口令,可選項
     ├── -outForm                         # 輸出證書文件的格式,包括 cert / certChain,可選項,默認為certChain
     ├── -rootCaCertFile                  #  outForm為certChain時必填,根CA證書文件
     ├── -subCaCertFile                   #  outForm為certChain時必填,中間CA證書文件
     ├── -outFile                         #  輸出證書文件(證書或證書鏈),可選項,如果不填,則直接輸出到控制臺
  • 生成profile調試/發(fā)布證書
generate-profile-cert : 
     ├── -keyAlias                        # 密鑰別名,必填項
     ├── -keyPwd                          # 密鑰口令,可選項
     ├── -issuer                          # 頒發(fā)者的主題,必填項
     ├── -issuerKeyAlias                  # 頒發(fā)者的密鑰別名,必填項
     ├── -issuerKeyPwd                    # 頒發(fā)者的密鑰口令,可選項
     ├── -subject                         # 證書主題,必填項
     ├── -validity                        # 證書有效期,可選項,默認為3650天
     ├── -signAlg                         # 簽名算法,必填項,包括SHA256withECDSA / SHA384withECDSA;
     ├── -keystoreFile                    # 密鑰庫文件,必填項,JKS或P12格式
     ├── -keystorePwd                     # 密鑰庫口令,可選項
     ├── -issuerKeystoreFile              # 簽發(fā)者密鑰庫文件,可選項,JKS或P12格式
     ├── -issuerKeystorePwd               # 簽發(fā)者密鑰庫口令,可選項
     ├── -outForm                         # 輸出證書文件的格式,包括 cert / certChain,可選項,默認為certChain
     ├── -rootCaCertFile                  #  outForm為certChain時必填,根CA證書文件
     ├── -subCaCertFile                   #  outForm為certChain時必填,中間CA證書文件
     ├── -outFile                         #  輸出證書文件(證書或證書鏈),可選項,如果不填,則直接輸出到控制臺
  • 通用證書生成,可以生成自定義證書
generate-cert : 
      ├── -keyAlias                          # 密鑰別名,必填項
      ├── -keyPwd                            # 密鑰口令,可選項
      ├── -issuer                            # 頒發(fā)者的主題,必填項
      ├── -issuerKeyAlias                    # 頒發(fā)者的密鑰別名,必填項
      ├── -issuerKeyPwd                      # 頒發(fā)者的密鑰口令,可選項
      ├── -subject                           # 證書主題,必填項
      ├── -validity                          # 證書有效期,可選項,默認為1095天
      ├── -keyUsage                          # 密鑰用法,必選項,包括digitalSignature, nonRepudiation, keyEncipherment,
      ├                                        dataEncipherment, keyAgreement, certificateSignature, crlSignature,
      ├                                        encipherOnly和decipherOnly,如果證書包括多個密鑰用法,用逗號分隔
      ├── -keyUsageCritical                  # keyUsage是否為關鍵項,可選項,默認為是
      ├── -extKeyUsage                       # 擴展密鑰用法,可選項,包括clientAuthentication,serverAuthentication,
      ├                                        codeSignature,emailProtection,smartCardLogin,timestamp,ocspSignature
      ├── -extKeyUsageCritical               # extKeyUsage是否為關鍵項,可選項,默認為否
      ├── -signAlg                           # 簽名算法,必填項,包括SHA256withRSA/SHA384withRSA/SHA256withECDSA/SHA384withECDSA 
      ├── -basicConstraints                  # 是否包含basicConstraints,可選項,默認為否
      ├── -basicConstraintsCritical          # basicConstraints是否包含為關鍵項,可選項,默認為否
      ├── -basicConstraintsCa                # 是否為CA,可選項,默認為否
      ├── -basicConstraintsPathLen           # 路徑長度,可選項,默認為0
      ├── -issuerKeystoreFile                # 簽發(fā)者密鑰庫文件,可選項,JKS或P12格式
      ├── -issuerKeystorePwd                 # 簽發(fā)者密鑰庫口令,可選項
      ├── -keystoreFile                      # 密鑰庫文件,必填項,JKS或P12格式
      ├── -keystorePwd                       # 密鑰庫口令,可選項
      ├── -outFile                           # 輸出證書文件,可選項,如果不填,則直接輸出到控制臺
  • ProvisionProfile文件簽名
sign-profile : 
      ├── -mode            # 簽名模式,必填項,包括localSign,remoteSign
      ├── -keyAlias        # 密鑰別名,必填項
      ├── -keyPwd          # 密鑰口令,可選項
      ├── -profileCertFile # Profile簽名證書(證書鏈,順序為最終實體證書-中間CA證書-根證書),必填項
      ├── -inFile          # 輸入的原始Provision Profile文件,必填項
      ├── -signAlg         # 簽名算法,必填項,包括SHA256withECDSA / SHA384withECDSA
      ├── -keystoreFile    # 密鑰庫文件,localSign模式時為必填項,JKS或P12格式
      ├── -keystorePwd     # 密鑰庫口令,可選項
      ├── -outFile         # 輸出簽名后的Provision Profile文件,p7b格式,必填項
  • ProvisionProfile文件驗簽
verify-profile : 
       ├── -inFile       # 已簽名的Provision Profile文件,p7b格式,必填項
       ├── -outFile       # 驗證結果文件(包含驗證結果和profile內容),json格式,可選項;如果不填,則直接輸出到控制臺
  • hap應用包簽名
sign-app : 
      ├── -mode          # 簽名模式,必填項,包括localSign,remoteSign,remoteResign
      ├── -keyAlias      # 密鑰別名,必填項
      ├── -keyPwd        # 密鑰口令,可選項
      ├── -appCertFile   # 應用簽名證書文件(證書鏈,順序為最終實體證書-中間CA證書-根證書),必填項
      ├── -profileFile   # 簽名后的Provision Profile文件名,profileSigned為1時為p7b格式,profileSigned為0時為json格式,必填項
      ├── -profileSigned # 指示profile文件是否帶有簽名,1表示有簽名,0表示沒有簽名,默認為1??蛇x項
      ├── -inForm        # 輸入的原始文件的格式,zip格式或bin格式,默認zip格式,可選項
      ├── -inFile        # 輸入的原始APP包文件,zip格式或bin格式,必填項
      ├── -signAlg       # 簽名算法,必填項,包括SHA256withECDSA / SHA384withECDSA
      ├── -keystoreFile  # 密鑰庫文件,localSign模式時為必填項,JKS或P12格式
      ├── -keystorePwd   # 密鑰庫口令,可選項
      ├── -outFile       # 輸出簽名后的包文件,必填項
  • hap應用包文件驗簽
verify-app : 
     ├── -inFile          # 已簽名的應用包文件,zip格式或bin格式,必填項
     ├── -outCertChain    # 簽名的證書鏈文件,必填項
     ├── -outProfile      # 應用包中的profile文件,必填項

生成簽名文件

  1. 生成密鑰對,keystorePwd為密鑰庫口令。

java -jar hap-sign-tool.jar generate-keypair -keyAlias "OpenHarmony-Tizi" -keyAlg "ECC" -keySize "NIST-P-256" -keystoreFile "OpenHarmony-Tizi.p12" -keyPwd "Pwd-Tizi-1" -keystorePwd "Pwd-Tizi-2"

  1. 生成RootCA證書,subject為RootCA的證書主題,用于配置trusted_root_ca.json。

java -jar hap-sign-tool.jar generate-ca -keyAlias "OpenHarmony-Tizi-rootCA" -signAlg "SHA256withECDSA" -keyAlg "ECC" -keySize "NIST-P-256" -subject "C=CN, O=OpenHarmony-Tizi-rootCA, OU=OpenHarmony-Tizi-rootCA Community, CN=OpenHarmony Application Root CA" -keystoreFile "OpenHarmony-Tizi.p12" -outFile "OpenHarmony-Tizi-rootCA.cer" -keyPwd "Pwd-Tizi-3" -keystorePwd "Pwd-Tizi-2" -validity "365"

  1. 生成SubCA證書。

java -jar hap-sign-tool.jar generate-ca -keyAlias "OpenHarmony-Tizi-subCA" -signAlg "SHA256withECDSA" -keyAlg "ECC" -keySize "NIST-P-256" -subject "C=CN, O=OpenHarmony-Tizi-subCA, OU=OpenHarmony-Tizi-subCA Community, CN=OpenHarmony Application Sub CA" -keystoreFile "OpenHarmony-Tizi.p12" -outFile "OpenHarmony-Tizi-subCA.cer" -keyPwd "Pwd-Tizi-4" -keystorePwd "Pwd-Tizi-2" -issuer "C=CN, O=OpenHarmony-Tizi-rootCA, OU=OpenHarmony-Tizi-rootCA Community, CN=OpenHarmony Application Root CA" -issuerKeyAlias "OpenHarmony-Tizi-rootCA" -issuerKeyPwd "Pwd-Tizi-3" -validity "365"

  1. 生成應用調試/發(fā)布證書,subject用于配置trusted_apps_sources.json中的app-signing-cert項。

java -jar hap-sign-tool.jar generate-app-cert -keyAlias "OpenHarmony-Tizi-subCA" -signAlg "SHA256withECDSA" -subject "C=CN, O=OpenHarmony-Tizi-app-cert, OU=OpenHarmony-Tizi-app-cert Community, CN=OpenHarmony Application Release" -keystoreFile "OpenHarmony-Tizi.p12" -subCaCertFile "OpenHarmony-Tizi-subCA.cer" -rootCaCertFile "OpenHarmony-Tizi-rootCA.cer" -outForm "certChain" -outFile "OpenHarmony-Tizi-app-cert.pem" -keyPwd "Pwd-Tizi-4" -keystorePwd "Pwd-Tizi-2" -issuer "C=CN, O=OpenHarmony-Tizi-subCA, OU=OpenHarmony-Tizi-subCA Community, CN=OpenHarmony Application Sub CA" -issuerKeyAlias "OpenHarmony-Tizi-subCA" -issuerKeyPwd "Pwd-Tizi-4" -validity "365"

  1. 生成ProfileCA證書,subject用于配置trusted_apps_sources.json中的issuer-ca項。

java -jar hap-sign-tool.jar generate-ca -keyAlias "OpenHarmony-Tizi-profileCA" -signAlg "SHA256withECDSA" -keyAlg "ECC" -keySize "NIST-P-256" -subject "C=CN, O=OpenHarmony-Tizi-subCA, OU=OpenHarmony-Tizi-subCA Community, CN=OpenHarmony Application CA" -keystoreFile "OpenHarmony-Tizi.p12" -outFile "OpenHarmony-Tizi-profileCA.cer" -keyPwd "Pwd-Tizi-5" -keystorePwd "Pwd-Tizi-2" -issuer "C=CN, O=OpenHarmony-Tizi-rootCA, OU=OpenHarmony-Tizi-rootCA Community, CN=OpenHarmony Application Root CA" -issuerKeyAlias "OpenHarmony-Tizi-rootCA" -issuerKeyPwd "Pwd-Tizi-3" -validity "365"

  1. 生成應用Release版profile調試/發(fā)布證書,subject用于配置trusted_apps_sources.json中的profile-signing-certificate項。

java -jar hap-sign-tool.jar generate-profile-cert -keyAlias "OpenHarmony-Tizi-profileCA" -signAlg "SHA256withECDSA" -subject "C=CN, O=OpenHarmony-Tizi-profile-cert, OU=OpenHarmony-Tizi-profile-cert Community, CN=OpenHarmony Application Profile Release" -keystoreFile "OpenHarmony-Tizi.p12" -subCaCertFile "OpenHarmony-Tizi-profileCA.cer" -rootCaCertFile "OpenHarmony-Tizi-rootCA.cer" -outForm "certChain" -outFile "OpenHarmony-Tizi-profile-cert-release.pem" -keyPwd "Pwd-Tizi-5" -keystorePwd "Pwd-Tizi-2" -issuer "C=CN, O=OpenHarmony-Tizi-subCA, OU=OpenHarmony-Tizi-subCA Community, CN=OpenHarmony Application CA" -issuerKeyAlias "OpenHarmony-Tizi-profileCA" -issuerKeyPwd "Pwd-Tizi-5" -validity "365"

  1. 生成應用Debug版profile調試/發(fā)布證書,subject用于配置trusted_apps_sources.json中的profile-debug-signing-certificate項。

java -jar hap-sign-tool.jar generate-profile-cert -keyAlias "OpenHarmony-Tizi-profileCA" -signAlg "SHA256withECDSA" -subject "C=CN, O=OpenHarmony-Tizi-profile-cert, OU=OpenHarmony-Tizi-profile-cert Community, CN=OpenHarmony Application Profile Debug" -keystoreFile "OpenHarmony-Tizi.p12" -subCaCertFile "OpenHarmony-Tizi-profileCA.cer" -rootCaCertFile "OpenHarmony-Tizi-rootCA.cer" -outForm "certChain" -outFile "OpenHarmony-Tizi-profile-cert-debug.pem" -keyPwd "Pwd-Tizi-5" -keystorePwd "Pwd-Tizi-2" -issuer "C=CN, O=OpenHarmony-Tizi-subCA, OU=OpenHarmony-Tizi-subCA Community, CN=OpenHarmony Application CA" -issuerKeyAlias "OpenHarmony-Tizi-profileCA" -issuerKeyPwd "Pwd-Tizi-5" -validity "365"

  1. 將OpenHarmony-Tizi-app-cert.pem中第一部分的密鑰,把回車轉換為\n字符,放入UnsgnedReleasedProfileTemplate.json的distribution-certificate中。例如:

轉換前:

-----BEGIN CERTIFICATE-----
MIICazCCAhGgAwIBAgIFAPERF2IwCgYIKoZIzj0EAwIwgYIxCzAJBgNVBAYTAkNO
MR8wHQYDVQQKDBZPcGVuSGFybW9ueS1UaXppLXN1YkNBMSkwJwYDVQQLDCBPcGVu
SGFybW9ueS1UaXppLXN1YkNBIENvbW11bml0eTEnMCUGA1UEAwweT3Blbkhhcm1v
bnkgQXBwbGljYXRpb24gU3ViIENBMB4XDTIzMDUyMTE0MDU0M1oXDTI0MDUyMDE0
MDU0M1owgYkxCzAJBgNVBAYTAkNOMSIwIAYDVQQKDBlPcGVuSGFybW9ueS1UaXpp
LWFwcC1jZXJ0MSwwKgYDVQQLDCNPcGVuSGFybW9ueS1UaXppLWFwcC1jZXJ0IENv
bW11bml0eTEoMCYGA1UEAwwfT3Blbkhhcm1vbnkgQXBwbGljYXRpb24gUmVsZWFz
ZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABN0OL1RqzWXQWCXpT0tt54aFR0Ul
7pqZYBJaCKT049xUYcfwCHLd0q0IzktNo9nqKIjE5BxOk76w7kHhxwowI2qjazBp
MB0GA1UdDgQWBBQAW6LlxgLrPko7kHS/jbcsqnh4WTAJBgNVHRMEAjAAMA4GA1Ud
DwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAYBgwrBgEEAY9bAoJ4AQME
CDAGAgEBCgEAMAoGCCqGSM49BAMCA0gAMEUCIQDHIWx4AELONvCoKaQnHQAW0bay
gjR168gmlnGfnFGowAIgfMV5/nIvmRAbpapqO3a2pBKeHFfeU5zel/T1Bgty198=
-----END CERTIFICATE-----

轉換后:

-----BEGIN CERTIFICATE-----\nMIICazCCAhGgAwIBAgIFAPERF2IwCgYIKoZIzj0EAwIwgYIxCzAJBgNVBAYTAkNO\nMR8wHQYDVQQKDBZPcGVuSGFybW9ueS1UaXppLXN1YkNBMSkwJwYDVQQLDCBPcGVu\nSGFybW9ueS1UaXppLXN1YkNBIENvbW11bml0eTEnMCUGA1UEAwweT3Blbkhhcm1v\nbnkgQXBwbGljYXRpb24gU3ViIENBMB4XDTIzMDUyMTE0MDU0M1oXDTI0MDUyMDE0\nMDU0M1owgYkxCzAJBgNVBAYTAkNOMSIwIAYDVQQKDBlPcGVuSGFybW9ueS1UaXpp\nLWFwcC1jZXJ0MSwwKgYDVQQLDCNPcGVuSGFybW9ueS1UaXppLWFwcC1jZXJ0IENv\nbW11bml0eTEoMCYGA1UEAwwfT3Blbkhhcm1vbnkgQXBwbGljYXRpb24gUmVsZWFz\nZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABN0OL1RqzWXQWCXpT0tt54aFR0Ul\n7pqZYBJaCKT049xUYcfwCHLd0q0IzktNo9nqKIjE5BxOk76w7kHhxwowI2qjazBp\nMB0GA1UdDgQWBBQAW6LlxgLrPko7kHS/jbcsqnh4WTAJBgNVHRMEAjAAMA4GA1Ud\nDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAYBgwrBgEEAY9bAoJ4AQME\nCDAGAgEBCgEAMAoGCCqGSM49BAMCA0gAMEUCIQDHIWx4AELONvCoKaQnHQAW0bay\ngjR168gmlnGfnFGowAIgfMV5/nIvmRAbpapqO3a2pBKeHFfeU5zel/T1Bgty198=\n-----END CERTIFICATE-----\n
  1. ProvisionProfile文件簽名。

java -jar hap-sign-tool.jar sign-profile -keyAlias "OpenHarmony-Tizi-profileCA" -signAlg "SHA256withECDSA" -mode "localSign" -profileCertFile "OpenHarmony-Tizi-profile-cert-release.pem" -inFile "UnsgnedReleasedProfileTemplate.json" -keystoreFile "OpenHarmony-Tizi.p12" -outFile "com.openharmony.signtest.p7b" -keyPwd "Pwd-Tizi-5" -keystorePwd "Pwd-Tizi-2"

  1. hap應用包簽名。

java -jar hap-sign-tool.jar sign-app -keyAlias "OpenHarmony-Tizi-subCA" -signAlg "SHA256withECDSA" -mode "localSign" -appCertFile "OpenHarmony-Tizi-app-cert.pem" -profileFile "com.openharmony.signtest.p7b" -inFile "entry-default-unsigned.hap" -keystoreFile "OpenHarmony-Tizi.p12" -outFile "entry-default-signed.hap" -keyPwd "Pwd-Tizi-4" -keystorePwd "Pwd-Tizi-2"

配置系統(tǒng)證書

  1. 系統(tǒng)中證書配置文件位于/etc/security/中。

OpenHarmony應用簽名 - 廠商私有簽名-開源基礎軟件社區(qū)

  1. 配置 trusted_apps_sources.json 文件。注意“,”符號后面需要加入空格才可正常匹配。
{
    "name":"OpenHarmony-Tizi apps",
    "app-signing-cert":"C=CN, O=OpenHarmony-Tizi-app-cert, OU=OpenHarmony-Tizi-app-cert Community, CN=OpenHarmony Application Release",
    "profile-signing-certificate":"C=CN, O=OpenHarmony-Tizi-profile-cert, OU=OpenHarmony-Tizi-profile-cert Community, CN=OpenHarmony Application Profile Release",
    "profile-debug-signing-certificate":"C=CN, O=OpenHarmony-Tizi-profile-cert, OU=OpenHarmony-Tizi-profile-cert Community, CN=OpenHarmony Application Profile Debug",
    "issuer-ca":"C=CN, O=OpenHarmony-Tizi-subCA, OU=OpenHarmony-Tizi-subCA Community, CN=OpenHarmony Application CA",
    "max-certs-path":3,
    "critialcal-cert-extension":["keyusage"]
}
  1. 配置 trusted_root_ca.json 文件,將 OpenHarmony-Tizi-rootCA.cer 密鑰信息處理后加入到文件中。
"C=CN, O=OpenHarmony-Tizi-rootCA, OU=OpenHarmony-Tizi-rootCA Community, CN=OpenHarmony Application Root CA":"-----BEGIN CERTIFICATE-----\nMIICQzCCAemgAwIBAgIEUwKY8TAKBggqhkjOPQQDAjCBhTELMAkGA1UEBhMCQ04x\nIDAeBgNVBAoMF09wZW5IYXJtb255LVRpemktcm9vdENBMSowKAYDVQQLDCFPcGVu\nSGFybW9ueS1UaXppLXJvb3RDQSBDb21tdW5pdHkxKDAmBgNVBAMMH09wZW5IYXJt\nb255IEFwcGxpY2F0aW9uIFJvb3QgQ0EwHhcNMjMwNTIxMTQwNTI2WhcNMjQwNTIw\nMTQwNTI2WjCBhTELMAkGA1UEBhMCQ04xIDAeBgNVBAoMF09wZW5IYXJtb255LVRp\nemktcm9vdENBMSowKAYDVQQLDCFPcGVuSGFybW9ueS1UaXppLXJvb3RDQSBDb21t\ndW5pdHkxKDAmBgNVBAMMH09wZW5IYXJtb255IEFwcGxpY2F0aW9uIFJvb3QgQ0Ew\nWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARoC3C5WijOQkLq/AjmtEWkZ+Ooso1p\nRl34qPpEPH0b6iun5wpAlDe20bcCvsiFda2RNXFsqHIl+cj59bnLh83Ro0UwQzAd\nBgNVHQ4EFgQUAIpcSDCk3q3hZ+qwobekzT9vLHAwEgYDVR0TAQH/BAgwBgEB/wIB\nADAOBgNVHQ8BAf8EBAMCAQYwCgYIKoZIzj0EAwIDSAAwRQIhANKbxPqFT5PwURVf\n1Oxa8cf1udcgO0ntULei/GhaQIobAiBH787oVyJtKxMuPw9K6zzhJjBNjZzW0DrK\n/NOyuKLetw==\n-----END CERTIFICATE-----\n"
  1. 將文件推送回系統(tǒng)中并重啟。
hdc shell "mount -o remount,rw /"
hdc file send D:\trusted_apps_sources.json /etc/security/trusted_apps_sources.json
hdc file send D:\trusted_root_ca.json /etc/security/trusted_root_ca.json
hdc shell reboot

OpenHarmony應用簽名 - 廠商私有簽名-開源基礎軟件社區(qū)

  1. 安裝簽名應用。

OpenHarmony應用簽名 - 廠商私有簽名-開源基礎軟件社區(qū)

想了解更多關于開源的內容,請訪問:

51CTO 開源基礎軟件社區(qū)

https://ost.51cto.com

責任編輯:jianghua 來源: 51CTO 開源基礎軟件社區(qū)
鴻蒙應用開發(fā)
相關推薦

2023-07-11 14:37:20

私有簽名密鑰

2023-03-01 14:55:09

2023-02-22 15:11:51

鴻蒙應用簽名

2022-09-21 14:58:11

OH應用簽名鴻蒙

2022-03-02 16:08:31

Harmony應用開發(fā)鴻蒙

2017-09-07 16:00:20

2009-08-14 13:40:17

數(shù)字簽名電子簽名安全體系結構

2011-05-27 10:13:39

Android 簽名

2014-07-28 10:09:30

Android

2010-07-19 10:58:33

2022-07-28 14:31:04

canvas鴻蒙

2025-03-25 08:10:00

惡意軟件網絡安全網絡攻擊

2010-09-02 21:10:13

2017-02-24 09:30:17

iOS簽名代碼

2021-12-27 16:20:45

鴻蒙HarmonyOS應用

2011-05-27 09:33:31

Android 程序 簽名

2012-08-08 17:41:49

防火墻防火墻規(guī)則應用程序簽名

2011-08-29 10:27:38

IT技術數(shù)字簽名數(shù)字證書

2011-11-03 09:41:35

Android簽名安全性

2018-10-23 14:24:10

點贊
收藏

51CTO技術棧公眾號