OpenHarmony应用签名 - 厂商私有签名
概述
文档环境
开发环境:Windows 11
DevEco Studio 版本:DevEco Studio 3.1 Release(3.1.0.500)
SDK 版本:3.2.12.5(Full SDK)
开发板型号:DAYU 200
系统版本:OpenHarmony 3.2 Release
涉及仓库:Hap包签名工具[developtools_hapsigner]
功能简介
为了保证OpenHarmony应用的完整性和来源可靠,在应用构建时需要对应用进行签名。经过签名的应用才能在真机设备上安装、运行、和调试。developtools_hapsigner仓提供了签名工具的源码,包含密钥对生成、CSR文件生成、证书生成、Profile文件签名、Hap包签名等功能。
OpenHarmony系统中有一套默认签名信息,用于应用的开发和调试。当系统厂商正式发布系统时,需要新增或替换私有签名信息,本篇文档将介绍如何生成私有签名并在系统中进行配置。本文档需准备Java和Gradle编译环境。
基本概念
- 非对称密钥对:数据签名/验签的基础,应用签名工具实现了标准的非对称密钥对生成功能(支持的密钥对类型包括ECC P384/256、RSA2048/3072/4096)
- CSR:Certificate Signing Request 证书签发请求是生成证书的前提,他包括证书的公钥、证书主题和私钥签名,在申请证书之前,需要先基于密钥对生成CSR,然后提交给CA签发证书。
- 证书:OpenHarmony采用RFC5280标准构建X509证书信任体系。用于应用签名的OpenHarmony证书共有三级,分为:根CA证书、中间CA证书、最终实体证书,其中最终实体证书分为应用签名证书和profile签名证书。应用签名证书表示应用开发者的身份,可保证系统上安装的应用来源可追溯,profile签名证书实现对profile文件的签名进行验签,保证profile文件的完整性。
- HAP:OpenHarmony Ability Package 是Ability的部署包,OpenHarmony应用代码围绕Ability组件展开,它是由一个或者多个Ability组成。
- Profile文件:HarmonyAppProvision 配置文件,hap包中的描述文件,该描述文件描述了已授权的证书权限和设备ID信息等信息。
Profile签名场景:
应用签名场景:
如何生成私有签名
准备签名工具
1. 克隆developtools_hapsigner仓库
git clone https://gitee.com/openharmony/developtools_hapsigner.git
2. 命令行打开文件目录至developtools_hapsigner/hapsigntool,执行命令进行编译打包
gradle build 或者 gradle jar
3. 编译后得到二进制文件,目录为:
developtools_hapsigner/hapsigntool/hap_sign_tool/build/libs/hap-sign-tool.jar
签名工具说明
- 生成密钥对
generate-keypair : ├── -keyAlias # 密钥别名,必填项├── -keyPwd # 密钥口令,可选项├── -keyAlg # 密钥算法,必填项,包括RSA/ECC├── -keySize # 密钥长度,必填项,RSA算法的长度为2048/3072/4096,ECC算法的长度NIST-P-256/NIST-P-384├── -keystoreFile # 密钥库文件,必填项,JKS或P12格式├── -keystorePwd # 密钥库口令,可选项- 生成证书签名请求
generate-csr :├── -keyAlias # 密钥别名,必填项├── -keyPwd # 密钥口令,可选项├── -subject # 证书主题,必填项├── -signAlg # 签名算法,必填项,包括SHA256withRSA / SHA384withRSA / SHA256withECDSA / SHA384withECDSA├── -keystoreFile # 密钥库文件,必填项,JKS或P12格式├── -keystorePwd # 密钥库口令,可选项├── -outFile # 输出文件,可选项,如果不填,则直接输出到控制台- 生成根CA/中间CA证书,如果密钥不存在,一起生成密钥
generate-ca : ├── -keyAlias # 密钥别名,必填项├── -keyPwd # 密钥口令,可选项├── -keyAlg # 密钥算法,必填项,包括RSA/ECC├── -keySize # 密钥长度,必填项,RSA算法的长度为2048/3072/4096,ECC算法的长度NIST-P-256/NIST-P-384├── -issuer # 颁发者的主题,可选项,如果不填,表示根CA├── -issuerKeyAlias # 颁发者的密钥别名,可选项,如果不填,表示根CA├── -issuerKeyPwd # 颁发者的密钥口令,可选项├── -subject # 证书主题,必填项├── -validity # 证书有效期,可选项,默认为3650天├── -signAlg # 签名算法,必填项,包括SHA256withRSA / SHA384withRSA / SHA256withECDSA / SHA384withECDSA├── -basicConstraintsPathLen # 路径长度,可选项,默认为0├── -issuerKeystoreFile # 签发者密钥库文件,可选项,JKS或P12格式├── -issuerKeystorePwd # 签发者密钥库口令,可选项├── -keystoreFile # 密钥库文件,必填项,JKS或P12格式├── -keystorePwd # 密钥库口令,可选项├── -outFile # 输出文件,可选项,如果不填,则直接输出到控制台- 生成应用调试/发布证书
generate-app-cert : ├── -keyAlias # 密钥别名,必填项├── -keyPwd # 密钥口令,可选项├── -issuer # 颁发者的主题,必填项├── -issuerKeyAlias # 颁发者的密钥别名,必填项├── -issuerKeyPwd # 颁发者的密钥口令,可选项├── -subject # 证书主题,必填项├── -validity # 证书有效期,可选项,默认为3650天├── -signAlg # 签名算法,必填项,包括SHA256withECDSA / SHA384withECDSA;├── -keystoreFile # 密钥库文件,必填项,JKS或P12格式├── -keystorePwd # 密钥库口令,可选项├── -issuerKeystoreFile # 签发者密钥库文件,可选项,JKS或P12格式├── -issuerKeystorePwd # 签发者密钥库口令,可选项├── -outForm # 输出证书文件的格式,包括 cert / certChain,可选项,默认为certChain├── -rootCaCertFile # outForm为certChain时必填,根CA证书文件├── -subCaCertFile # outForm为certChain时必填,中间CA证书文件├── -outFile # 输出证书文件(证书或证书链),可选项,如果不填,则直接输出到控制台- 生成profile调试/发布证书
generate-profile-cert : ├── -keyAlias # 密钥别名,必填项├── -keyPwd # 密钥口令,可选项├── -issuer # 颁发者的主题,必填项├── -issuerKeyAlias # 颁发者的密钥别名,必填项├── -issuerKeyPwd # 颁发者的密钥口令,可选项├── -subject # 证书主题,必填项├── -validity # 证书有效期,可选项,默认为3650天├── -signAlg # 签名算法,必填项,包括SHA256withECDSA / SHA384withECDSA;├── -keystoreFile # 密钥库文件,必填项,JKS或P12格式├── -keystorePwd # 密钥库口令,可选项├── -issuerKeystoreFile # 签发者密钥库文件,可选项,JKS或P12格式├── -issuerKeystorePwd # 签发者密钥库口令,可选项├── -outForm # 输出证书文件的格式,包括 cert / certChain,可选项,默认为certChain├── -rootCaCertFile # outForm为certChain时必填,根CA证书文件├── -subCaCertFile # outForm为certChain时必填,中间CA证书文件├── -outFile # 输出证书文件(证书或证书链),可选项,如果不填,则直接输出到控制台- 通用证书生成,可以生成自定义证书
generate-cert : ├── -keyAlias # 密钥别名,必填项├── -keyPwd # 密钥口令,可选项├── -issuer # 颁发者的主题,必填项├── -issuerKeyAlias # 颁发者的密钥别名,必填项├── -issuerKeyPwd # 颁发者的密钥口令,可选项├── -subject # 证书主题,必填项├── -validity # 证书有效期,可选项,默认为1095天├── -keyUsage # 密钥用法,必选项,包括digitalSignature, nonRepudiation, keyEncipherment,├ dataEncipherment, keyAgreement, certificateSignature, crlSignature,├ encipherOnly和decipherOnly,如果证书包括多个密钥用法,用逗号分隔├── -keyUsageCritical # keyUsage是否为关键项,可选项,默认为是├── -extKeyUsage # 扩展密钥用法,可选项,包括clientAuthentication,serverAuthentication,├ codeSignature,emailProtection,smartCardLogin,timestamp,ocspSignature├── -extKeyUsageCritical # extKeyUsage是否为关键项,可选项,默认为否├── -signAlg # 签名算法,必填项,包括SHA256withRSA/SHA384withRSA/SHA256withECDSA/SHA384withECDSA ├── -basicConstraints # 是否包含basicConstraints,可选项,默认为否├── -basicConstraintsCritical # basicConstraints是否包含为关键项,可选项,默认为否├── -basicConstraintsCa # 是否为CA,可选项,默认为否├── -basicConstraintsPathLen # 路径长度,可选项,默认为0├── -issuerKeystoreFile # 签发者密钥库文件,可选项,JKS或P12格式├── -issuerKeystorePwd # 签发者密钥库口令,可选项├── -keystoreFile # 密钥库文件,必填项,JKS或P12格式├── -keystorePwd # 密钥库口令,可选项├── -outFile # 输出证书文件,可选项,如果不填,则直接输出到控制台- ProvisionProfile文件签名
sign-profile : ├── -mode # 签名模式,必填项,包括localSign,remoteSign├── -keyAlias # 密钥别名,必填项├── -keyPwd # 密钥口令,可选项├── -profileCertFile # Profile签名证书(证书链,顺序为最终实体证书-中间CA证书-根证书),必填项├── -inFile # 输入的原始Provision Profile文件,必填项├── -signAlg # 签名算法,必填项,包括SHA256withECDSA / SHA384withECDSA├── -keystoreFile # 密钥库文件,localSign模式时为必填项,JKS或P12格式├── -keystorePwd # 密钥库口令,可选项├── -outFile # 输出签名后的Provision Profile文件,p7b格式,必填项- ProvisionProfile文件验签
verify-profile : ├── -inFile # 已签名的Provision Profile文件,p7b格式,必填项├── -outFile # 验证结果文件(包含验证结果和profile内容),json格式,可选项;如果不填,则直接输出到控制台- hap应用包签名
sign-app : ├── -mode # 签名模式,必填项,包括localSign,remoteSign,remoteResign├── -keyAlias # 密钥别名,必填项├── -keyPwd # 密钥口令,可选项├── -appCertFile # 应用签名证书文件(证书链,顺序为最终实体证书-中间CA证书-根证书),必填项├── -profileFile # 签名后的Provision Profile文件名,profileSigned为1时为p7b格式,profileSigned为0时为json格式,必填项├── -profileSigned # 指示profile文件是否带有签名,1表示有签名,0表示没有签名,默认为1。可选项├── -inForm # 输入的原始文件的格式,zip格式或bin格式,默认zip格式,可选项├── -inFile # 输入的原始APP包文件,zip格式或bin格式,必填项├── -signAlg # 签名算法,必填项,包括SHA256withECDSA / SHA384withECDSA├── -keystoreFile # 密钥库文件,localSign模式时为必填项,JKS或P12格式├── -keystorePwd # 密钥库口令,可选项├── -outFile # 输出签名后的包文件,必填项- hap应用包文件验签
verify-app : ├── -inFile # 已签名的应用包文件,zip格式或bin格式,必填项├── -outCertChain # 签名的证书链文件,必填项├── -outProfile # 应用包中的profile文件,必填项生成签名文件
1. 生成密钥对,keystorePwd为密钥库口令。
java -jar hap-sign-tool.jar generate-keypair -keyAlias "OpenHarmony-Tizi" -keyAlg "ECC" -keySize "NIST-P-256" -keystoreFile "OpenHarmony-Tizi.p12" -keyPwd "Pwd-Tizi-1" -keystorePwd "Pwd-Tizi-2"
2. 生成RootCA证书,subject为RootCA的证书主题,用于配置trusted_root_ca.json。
java -jar hap-sign-tool.jar generate-ca -keyAlias "OpenHarmony-Tizi-rootCA" -signAlg "SHA256withECDSA" -keyAlg "ECC" -keySize "NIST-P-256" -subject "C=CN, O=OpenHarmony-Tizi-rootCA, OU=OpenHarmony-Tizi-rootCA Community, CN=OpenHarmony Application Root CA" -keystoreFile "OpenHarmony-Tizi.p12" -outFile "OpenHarmony-Tizi-rootCA.cer" -keyPwd "Pwd-Tizi-3" -keystorePwd "Pwd-Tizi-2" -validity "365"
3. 生成SubCA证书。
java -jar hap-sign-tool.jar generate-ca -keyAlias "OpenHarmony-Tizi-subCA" -signAlg "SHA256withECDSA" -keyAlg "ECC" -keySize "NIST-P-256" -subject "C=CN, O=OpenHarmony-Tizi-subCA, OU=OpenHarmony-Tizi-subCA Community, CN=OpenHarmony Application Sub CA" -keystoreFile "OpenHarmony-Tizi.p12" -outFile "OpenHarmony-Tizi-subCA.cer" -keyPwd "Pwd-Tizi-4" -keystorePwd "Pwd-Tizi-2" -issuer "C=CN, O=OpenHarmony-Tizi-rootCA, OU=OpenHarmony-Tizi-rootCA Community, CN=OpenHarmony Application Root CA" -issuerKeyAlias "OpenHarmony-Tizi-rootCA" -issuerKeyPwd "Pwd-Tizi-3" -validity "365"
4. 生成应用调试/发布证书,subject用于配置trusted_apps_sources.json中的app-signing-cert项。
java -jar hap-sign-tool.jar generate-app-cert -keyAlias "OpenHarmony-Tizi-subCA" -signAlg "SHA256withECDSA" -subject "C=CN, O=OpenHarmony-Tizi-app-cert, OU=OpenHarmony-Tizi-app-cert Community, CN=OpenHarmony Application Release" -keystoreFile "OpenHarmony-Tizi.p12" -subCaCertFile "OpenHarmony-Tizi-subCA.cer" -rootCaCertFile "OpenHarmony-Tizi-rootCA.cer" -outForm "certChain" -outFile "OpenHarmony-Tizi-app-cert.pem" -keyPwd "Pwd-Tizi-4" -keystorePwd "Pwd-Tizi-2" -issuer "C=CN, O=OpenHarmony-Tizi-subCA, OU=OpenHarmony-Tizi-subCA Community, CN=OpenHarmony Application Sub CA" -issuerKeyAlias "OpenHarmony-Tizi-subCA" -issuerKeyPwd "Pwd-Tizi-4" -validity "365"
5. 生成ProfileCA证书,subject用于配置trusted_apps_sources.json中的issuer-ca项。
java -jar hap-sign-tool.jar generate-ca -keyAlias "OpenHarmony-Tizi-profileCA" -signAlg "SHA256withECDSA" -keyAlg "ECC" -keySize "NIST-P-256" -subject "C=CN, O=OpenHarmony-Tizi-subCA, OU=OpenHarmony-Tizi-subCA Community, CN=OpenHarmony Application CA" -keystoreFile "OpenHarmony-Tizi.p12" -outFile "OpenHarmony-Tizi-profileCA.cer" -keyPwd "Pwd-Tizi-5" -keystorePwd "Pwd-Tizi-2" -issuer "C=CN, O=OpenHarmony-Tizi-rootCA, OU=OpenHarmony-Tizi-rootCA Community, CN=OpenHarmony Application Root CA" -issuerKeyAlias "OpenHarmony-Tizi-rootCA" -issuerKeyPwd "Pwd-Tizi-3" -validity "365"
6. 生成应用Release版profile调试/发布证书,subject用于配置trusted_apps_sources.json中的profile-signing-certificate项。
java -jar hap-sign-tool.jar generate-profile-cert -keyAlias "OpenHarmony-Tizi-profileCA" -signAlg "SHA256withECDSA" -subject "C=CN, O=OpenHarmony-Tizi-profile-cert, OU=OpenHarmony-Tizi-profile-cert Community, CN=OpenHarmony Application Profile Release" -keystoreFile "OpenHarmony-Tizi.p12" -subCaCertFile "OpenHarmony-Tizi-profileCA.cer" -rootCaCertFile "OpenHarmony-Tizi-rootCA.cer" -outForm "certChain" -outFile "OpenHarmony-Tizi-profile-cert-release.pem" -keyPwd "Pwd-Tizi-5" -keystorePwd "Pwd-Tizi-2" -issuer "C=CN, O=OpenHarmony-Tizi-subCA, OU=OpenHarmony-Tizi-subCA Community, CN=OpenHarmony Application CA" -issuerKeyAlias "OpenHarmony-Tizi-profileCA" -issuerKeyPwd "Pwd-Tizi-5" -validity "365"
7. 生成应用Debug版profile调试/发布证书,subject用于配置trusted_apps_sources.json中的profile-debug-signing-certificate项。
java -jar hap-sign-tool.jar generate-profile-cert -keyAlias "OpenHarmony-Tizi-profileCA" -signAlg "SHA256withECDSA" -subject "C=CN, O=OpenHarmony-Tizi-profile-cert, OU=OpenHarmony-Tizi-profile-cert Community, CN=OpenHarmony Application Profile Debug" -keystoreFile "OpenHarmony-Tizi.p12" -subCaCertFile "OpenHarmony-Tizi-profileCA.cer" -rootCaCertFile "OpenHarmony-Tizi-rootCA.cer" -outForm "certChain" -outFile "OpenHarmony-Tizi-profile-cert-debug.pem" -keyPwd "Pwd-Tizi-5" -keystorePwd "Pwd-Tizi-2" -issuer "C=CN, O=OpenHarmony-Tizi-subCA, OU=OpenHarmony-Tizi-subCA Community, CN=OpenHarmony Application CA" -issuerKeyAlias "OpenHarmony-Tizi-profileCA" -issuerKeyPwd "Pwd-Tizi-5" -validity "365"
8. 将OpenHarmony-Tizi-app-cert.pem中第一部分的密钥,把回车转换为\n字符,放入UnsgnedReleasedProfileTemplate.json的distribution-certificate中。例如:
转换前:
-----BEGIN CERTIFICATE-----
MIICazCCAhGgAwIBAgIFAPERF2IwCgYIKoZIzj0EAwIwgYIxCzAJBgNVBAYTAkNO
MR8wHQYDVQQKDBZPcGVuSGFybW9ueS1UaXppLXN1YkNBMSkwJwYDVQQLDCBPcGVu
SGFybW9ueS1UaXppLXN1YkNBIENvbW11bml0eTEnMCUGA1UEAwweT3Blbkhhcm1v
bnkgQXBwbGljYXRpb24gU3ViIENBMB4XDTIzMDUyMTE0MDU0M1oXDTI0MDUyMDE0
MDU0M1owgYkxCzAJBgNVBAYTAkNOMSIwIAYDVQQKDBlPcGVuSGFybW9ueS1UaXpp
LWFwcC1jZXJ0MSwwKgYDVQQLDCNPcGVuSGFybW9ueS1UaXppLWFwcC1jZXJ0IENv
bW11bml0eTEoMCYGA1UEAwwfT3Blbkhhcm1vbnkgQXBwbGljYXRpb24gUmVsZWFz
ZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABN0OL1RqzWXQWCXpT0tt54aFR0Ul
7pqZYBJaCKT049xUYcfwCHLd0q0IzktNo9nqKIjE5BxOk76w7kHhxwowI2qjazBp
MB0GA1UdDgQWBBQAW6LlxgLrPko7kHS/jbcsqnh4WTAJBgNVHRMEAjAAMA4GA1Ud
DwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAYBgwrBgEEAY9bAoJ4AQME
CDAGAgEBCgEAMAoGCCqGSM49BAMCA0gAMEUCIQDHIWx4AELONvCoKaQnHQAW0bay
gjR168gmlnGfnFGowAIgfMV5/nIvmRAbpapqO3a2pBKeHFfeU5zel/T1Bgty198=
-----END CERTIFICATE-----转换后:
-----BEGIN CERTIFICATE-----\nMIICazCCAhGgAwIBAgIFAPERF2IwCgYIKoZIzj0EAwIwgYIxCzAJBgNVBAYTAkNO\nMR8wHQYDVQQKDBZPcGVuSGFybW9ueS1UaXppLXN1YkNBMSkwJwYDVQQLDCBPcGVu\nSGFybW9ueS1UaXppLXN1YkNBIENvbW11bml0eTEnMCUGA1UEAwweT3Blbkhhcm1v\nbnkgQXBwbGljYXRpb24gU3ViIENBMB4XDTIzMDUyMTE0MDU0M1oXDTI0MDUyMDE0\nMDU0M1owgYkxCzAJBgNVBAYTAkNOMSIwIAYDVQQKDBlPcGVuSGFybW9ueS1UaXpp\nLWFwcC1jZXJ0MSwwKgYDVQQLDCNPcGVuSGFybW9ueS1UaXppLWFwcC1jZXJ0IENv\nbW11bml0eTEoMCYGA1UEAwwfT3Blbkhhcm1vbnkgQXBwbGljYXRpb24gUmVsZWFz\nZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABN0OL1RqzWXQWCXpT0tt54aFR0Ul\n7pqZYBJaCKT049xUYcfwCHLd0q0IzktNo9nqKIjE5BxOk76w7kHhxwowI2qjazBp\nMB0GA1UdDgQWBBQAW6LlxgLrPko7kHS/jbcsqnh4WTAJBgNVHRMEAjAAMA4GA1Ud\nDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAYBgwrBgEEAY9bAoJ4AQME\nCDAGAgEBCgEAMAoGCCqGSM49BAMCA0gAMEUCIQDHIWx4AELONvCoKaQnHQAW0bay\ngjR168gmlnGfnFGowAIgfMV5/nIvmRAbpapqO3a2pBKeHFfeU5zel/T1Bgty198=\n-----END CERTIFICATE-----\n9. ProvisionProfile文件签名
java -jar hap-sign-tool.jar sign-profile -keyAlias "OpenHarmony-Tizi-profileCA" -signAlg "SHA256withECDSA" -mode "localSign" -profileCertFile "OpenHarmony-Tizi-profile-cert-release.pem" -inFile "UnsgnedReleasedProfileTemplate.json" -keystoreFile "OpenHarmony-Tizi.p12" -outFile "com.openharmony.signtest.p7b" -keyPwd "Pwd-Tizi-5" -keystorePwd "Pwd-Tizi-2"
10. hap应用包签名
java -jar hap-sign-tool.jar sign-app -keyAlias "OpenHarmony-Tizi-subCA" -signAlg "SHA256withECDSA" -mode "localSign" -appCertFile "OpenHarmony-Tizi-app-cert.pem" -profileFile "com.openharmony.signtest.p7b" -inFile "entry-default-unsigned.hap" -keystoreFile "OpenHarmony-Tizi.p12" -outFile "entry-default-signed.hap" -keyPwd "Pwd-Tizi-4" -keystorePwd "Pwd-Tizi-2"
配置系统证书
1. 系统中证书配置文件位于/etc/security/中
2. 配置 trusted_apps_sources.json 文件。注意“,”符号后面需要加入空格才可正常匹配。
{"name":"OpenHarmony-Tizi apps","app-signing-cert":"C=CN, O=OpenHarmony-Tizi-app-cert, OU=OpenHarmony-Tizi-app-cert Community, CN=OpenHarmony Application Release","profile-signing-certificate":"C=CN, O=OpenHarmony-Tizi-profile-cert, OU=OpenHarmony-Tizi-profile-cert Community, CN=OpenHarmony Application Profile Release","profile-debug-signing-certificate":"C=CN, O=OpenHarmony-Tizi-profile-cert, OU=OpenHarmony-Tizi-profile-cert Community, CN=OpenHarmony Application Profile Debug","issuer-ca":"C=CN, O=OpenHarmony-Tizi-subCA, OU=OpenHarmony-Tizi-subCA Community, CN=OpenHarmony Application CA","max-certs-path":3,"critialcal-cert-extension":["keyusage"]
}3. 配置 trusted_root_ca.json 文件,将 OpenHarmony-Tizi-rootCA.cer 密钥信息处理后加入到文件中。
"C=CN, O=OpenHarmony-Tizi-rootCA, OU=OpenHarmony-Tizi-rootCA Community, CN=OpenHarmony Application Root CA":"-----BEGIN CERTIFICATE-----\nMIICQzCCAemgAwIBAgIEUwKY8TAKBggqhkjOPQQDAjCBhTELMAkGA1UEBhMCQ04x\nIDAeBgNVBAoMF09wZW5IYXJtb255LVRpemktcm9vdENBMSowKAYDVQQLDCFPcGVu\nSGFybW9ueS1UaXppLXJvb3RDQSBDb21tdW5pdHkxKDAmBgNVBAMMH09wZW5IYXJt\nb255IEFwcGxpY2F0aW9uIFJvb3QgQ0EwHhcNMjMwNTIxMTQwNTI2WhcNMjQwNTIw\nMTQwNTI2WjCBhTELMAkGA1UEBhMCQ04xIDAeBgNVBAoMF09wZW5IYXJtb255LVRp\nemktcm9vdENBMSowKAYDVQQLDCFPcGVuSGFybW9ueS1UaXppLXJvb3RDQSBDb21t\ndW5pdHkxKDAmBgNVBAMMH09wZW5IYXJtb255IEFwcGxpY2F0aW9uIFJvb3QgQ0Ew\nWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARoC3C5WijOQkLq/AjmtEWkZ+Ooso1p\nRl34qPpEPH0b6iun5wpAlDe20bcCvsiFda2RNXFsqHIl+cj59bnLh83Ro0UwQzAd\nBgNVHQ4EFgQUAIpcSDCk3q3hZ+qwobekzT9vLHAwEgYDVR0TAQH/BAgwBgEB/wIB\nADAOBgNVHQ8BAf8EBAMCAQYwCgYIKoZIzj0EAwIDSAAwRQIhANKbxPqFT5PwURVf\n1Oxa8cf1udcgO0ntULei/GhaQIobAiBH787oVyJtKxMuPw9K6zzhJjBNjZzW0DrK\n/NOyuKLetw==\n-----END CERTIFICATE-----\n"4. 将文件推送回系统中并重启。
hdc shell "mount -o remount,rw /"
hdc file send D:\trusted_apps_sources.json /etc/security/trusted_apps_sources.json
hdc file send D:\trusted_root_ca.json /etc/security/trusted_root_ca.json
hdc shell reboot
5. 安装签名应用。
参考文档
OpenHarmony Gitee Docs - Hap包签名工具概述
OpenHarmony Gitee Docs - Hap包签名工具指导
OpenHarmony Gitee Docs - HarmonyAppProvision配置文件说明
OpenHarmony应用签名 - 厂商私有签名相关推荐
- 【自签名证书私有CA签名证书】
一.自签名证书 创建私钥 openssl genrsa -out ssl.key 1024 创建证书签名请求(根据私钥生成证书签名请求 一般是生成请求以后发送给CA,然后CA会给你签名并发回证书) o ...
- iOS使用Security.framework进行RSA 加密解密签名和验证签名
iOS 上 Security.framework为我们提供了安全方面相关的api: Security框架提供的RSA在iOS上使用的一些小结 支持的RSA keySize 大小有:512,768,10 ...
- Android APK的签名--笔记版 V1 签名和V2签名总结
1. 工具介绍 jarsigner 是JDK提供的针对jar包签名的通用工具, 位于 JDK/bin/jarsigner apksigner 是Google官方提供的针对Android apk 签名验 ...
- java 1.8签名apk_给Android的APK程序签名和重新签名的方法
签名工具的使用Android源码编译出来的signapk.jar既可给apk签名,也可给rom签名的.使用格式: java –jar signapk.jar [-w] publickey.x509[. ...
- 群签名和环签名的区别_超级签名和TF签名使用个人开发者账号的区别是什么?...
了解过当前ios签名的朋友都知道,目前ios签名共分为企业签名.超级签名和TF签名,其中企业签名作为签名行业的"老大哥",深受各路开发者和App运营商的喜爱.而我们今天的主角却是其 ...
- 超级签名源码_企业签名和超级签名有哪些区别?
我们知道iOS系统对于非App Store中的应用是有安装限制的,而App Store严格的审核机制又将许多APP拒之门外,这令不少开发者们郁闷不已. 所以很多开发者们会选择苹果签名的方式,让自己的i ...
- 群签名和环签名的区别_环签名方案的研究
摘要: 信息时代虽然带给我们无限商机与方便,但也充斥着隐患与危险.由于网络容易受到攻击,导致机密信息的泄密,数据被篡改,轻则引发企业,部门工作陷入瘫痪,个人利益受损,重则危及国家安全和社会稳定,因此保 ...
- RSA加密、解密、签名、校验签名
先说下RSA概率: 公钥和私钥是通过本地openssl软件生成. 正常: 公钥加密=>私钥解密: 私钥签名=>公钥校验签名 最近做一个项目,对方用java公钥去校验签名,这边java的De ...
- 解决postman环境切换,自动获取api签名时间及签名
postman调试api接口时,常遇到两个问题: 1.环境分为开发环境,测试环境,正式环境,如何只写一个接口,通过切换postman环境来实现不同环境的接口调用? 2. api接口请求时往往会添加,来 ...
最新文章
- 【iOS与EV3混合机器人编程系列之中的一个】iOS要干嘛?EV3能够更酷!
- ProjectEuler 005题
- 关于方法论的对话之二敏捷与方法论
- b/s结构中ajax技术浅析,B/S架构WEB程序中AJAX异步传输技术的应用研究
- Boost:组合异步操作的简单示例
- 安装oracle-java,并覆盖原先的OpenJDK
- ArcGIS实验教程——实验八:矢量数据拼接
- 前端学习(1340):mongoose验证规则
- 网络资源-深入剖析Binding2(学习)
- 基于生成对抗网络的医学数据域适应研究
- kmp算法 php,漫画KMP算法-程序员小灰
- Windows 10 S 已死,S 模式长存!
- 插槽作用域渲染按钮开关 ~ 满满的干货哦
- python删除过期文件_python 删除过期文件的方法+源码
- 数据结构课程设计———迷宫和哈夫曼编/译码器
- matlab常用函数
- EMC 双活数据中心实战
- 电流输入放大器的设计
- QQ经典语句→思念之词
- P1217 回文质数