diff --git a/doc/Android_code_signing.adoc b/doc/Android_code_signing.adoc index 067cf29..80fefbb 100644 --- a/doc/Android_code_signing.adoc +++ b/doc/Android_code_signing.adoc @@ -17,45 +17,57 @@ Steps 1. Import the key and cert, do one of the below: a. Import the key and cert (PEM format) in slot 9a: - ++ +---- $ yubico-piv-tool -s 9a -a import-key -i key.pem $ yubico-piv-tool -s 9a -a import-certificate -i cert.pem +---- b. Import the key and cert (PKCS12 format) in slot 9a: - ++ +---- $ yubico-piv-tool -s 9a -a import-key -a import-cert -i key.p12 -K PKCS12 +---- 2. Create a java pkcs11 configuration file: - ++ +---- cat > /tmp/pkcs11_java.cfg name = OpenSC-PKCS11 description = SunPKCS11 via OpenSC library = /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so slotListIndex = 1 +---- 3. Check that keytool can see the key: - ++ +---- $ keytool -providerClass sun.security.pkcs11.SunPKCS11 -providerArg /tmp/pkcs11_java.cfg \ -keystore NONE -storetype PKCS11 -list Enter keystore password: -+ + Keystore type: PKCS11 Keystore provider: SunPKCS11-OpenSC-PKCS11 -+ + Your keystore contains 1 entry -+ + Certificate for PIV Authentication, PrivateKeyEntry, Certificate fingerprint (SHA1): 26:D7:CB:71:6D:42:3C:AB:58:69:E0:9D:F0:16:DF:84:7E:1C:5A:9A +---- + Password here is the PIN of the key (default 123456). 4. Sign the apk with jarsigner: - ++ +---- $ jarsigner -providerClass sun.security.pkcs11.SunPKCS11 -providerArg /tmp/pkcs11_java.cfg \ -keystore NONE -storetype PKCS11 app.apk "Certificate for PIV Authentication" Enter Passphrase for keystore: jar signed. +---- 5. Verify the signature with jarsigner: - ++ +---- $ jarsigner -verify app.apk +----