我正在使用cordova构建一个Android应用程序。现在我想释放它,因此我使用https://developer.android.com/tools/publishing/app-signing.html
生成了密钥等正在运行
jarsigner -verify -verbose -certs my_application.apk
我收到以下错误
在此输出的开头我得
[certificate is valid from 9/11/15 3:29 PM to 27/3/43 3:29 PM]
[CertPath not validated: Path does not chain with any of the trust anchors]
在输出结尾
jar verified.
Warning:
This jar contains entries whose certificate chain is not validated.
This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2043-03-27) or after any future revocation date.
我在这做什么?
答案 0 :(得分:0)
要包含时间戳,您必须使用您的私钥对此应用进行签名
jarsigner -verbose -tsa http://timestamp.digicert.com -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore my.apk my_alias
您必须添加密钥库的路径才能使用正确的条目。
jarsigner -verify -keystore /path_to_my/key.keystore my_application.apk