All geek questions in one place

How to sign apk with private key I made with GPG?

Is it possible? I have a key pair that I already made with GPG, but I just can't find a way to sign it with that key. I really don't want to create a new key with keytool or anything else for this; I would prefer to use the key that I have now. Does anyone know how I can do this? Thanks in advance.

+6
source share
2 answers

I highly doubt that GPG generates keys that can be used by jarsigner. It may be possible to write a converter to do this, but it would be much less work to just bite a bullet and create a new key. Team make it easy

keytool -genkey -alias mynickname -validity 20000 -keystore ~/.android/my-keystore

(ps make a backup of the key and make sure that you have not forgotten the key store password or the key password. There are too many sad stories about people who put applications on the market and then forgot or lost the password.)

+4
source

You need to sign up with Jarsigner. But Jarsigner is actually a little more flexible than you think. If you already have a signature key that you want to use, you can export it from gpg and import it into the Java keystore, and then sign it. If you want to try to do this, you can try keytool, but it is much easier to get Keytool Explorer, because keytool has many options.

Jarsigner is actually quite flexible. This document describes the process by which you can create your own providers. I am surprised that there is no longer anyone who already uses GPG key stores. There is a way to do this with Yubikey, and this is the only reason I know all this - my signature keys are securely locked in my yubikey, where even I can’t get them (yes, I have a reliable backup somewhere)

0
source

Source: https://habr.com/ru/post/919086/

More articles:


All Articles