Titanium JIRA Archive
Titanium SDK/CLI (TIMOB)

[TIMOB-18441] Android: Add CLI option to override keystore signature algorithm

GitHub Issuen/a
TypeImprovement
PriorityMedium
StatusClosed
ResolutionFixed
Resolution Date2017-10-09T13:43:54.000+0000
Affected Version/sn/a
Fix Version/sRelease 7.0.0
ComponentsAndroid, Tooling
Labelsn/a
ReporterChris Barber
AssigneeChris Barber
Created2015-01-23T22:50:56.000+0000
Updated2017-11-15T07:13:12.000+0000

Description

There is a need to override the keystore signature algorithm. Today we autodetect the signature algorithm using keytool, however there is a scenario where the SHA256withRSA signature algorithm is detected when it should be SHA1withRSA. A way to deal with this is to simply add a new command line option: \-\-keystore\-sigalg. It does not have a default "value", but the default behavior will be to continue to do what we do today. When the \-\-keystore-sigalg is specified, it would simply override the detected signature algorithm before calling jarsigner. This change would take place here: https://github.com/appcelerator/titanium_mobile/blob/master/android/cli/commands/_build.js#L4096.

Comments

  1. Hans Knöchel 2017-03-06

    Hey Chris! I noticed this is scheduled for 6.1.0. Looking at the source, you already implemented a -sigalg parameter [here](https://github.com/appcelerator/titanium_mobile/blame/master/android/cli/commands/_build.js#L4230). That was in 2014 and this ticket was created in 2015, so I'm a bit curious. Thx!
  2. Chris Barber 2017-03-06

    When Android 4.3 came out and some devices, specifically I believe it was a Sony smartphone, that didn't ship support for apps signed using the "SHA1withRSA". "SHA1withRSA" and "MD5withRSA" are the most common. This Sony device only supported "SHA256withRSA" and maybe "MD5withRSA". I added a warning if I detect the use of "SHA256withRSA": https://github.com/appcelerator/titanium_mobile/blame/master/android/cli/commands/_build.js#L297. We try to determine the sigalg from the keystore, but in the event we can't, we default to "MD5withRSA". By now, I assume all devices support "SHA256withRSA" and perhaps that should be the new default? I'm not sure how relevant this is ticket is anymore. I haven't heard much noise regarding the signing algorithm, however adding a \-\-keystore\-sigalg option is super easy.
  3. Hans Knöchel 2017-03-20

    Putting out ouf SDK 6.1.0, since only Android 4.3 and later do support the SHA256withRSA algorithm. If people want to use it anyway, they can already by passing the -sigalg SHA256withRSA option to the APK signing process.
  4. Dongwoo Gim 2017-09-27

    Hi, guys. I sent a PR. This is a very simple change, therefore this is no reason not to provide. https://github.com/appcelerator/titanium_mobile/pull/9484
  5. Abir Mukherjee 2017-11-15

    Changes are seen in SDK 7.0.0.v20171114203226.

JSON Source