{
	"id": "143468",
	"key": "TIMOB-18441",
	"fields": {
		"issuetype": {
			"id": "4",
			"description": "An improvement or enhancement to an existing feature or task.",
			"name": "Improvement",
			"subtask": false
		},
		"project": {
			"id": "10153",
			"key": "TIMOB",
			"name": "Titanium SDK/CLI",
			"projectCategory": {
				"id": "10100",
				"description": "Titanium and related SDKs used in application development",
				"name": "Client"
			}
		},
		"fixVersions": [
			{
				"id": "17609",
				"description": "",
				"name": "Release 7.0.0",
				"archived": false,
				"released": true,
				"releaseDate": "2017-12-07"
			}
		],
		"resolution": {
			"id": "1",
			"description": "A fix for this issue is checked into the tree and tested.",
			"name": "Fixed"
		},
		"resolutiondate": "2017-10-09T13:43:54.000+0000",
		"created": "2015-01-23T22:50:56.000+0000",
		"priority": {
			"name": "Medium",
			"id": "3"
		},
		"labels": [],
		"versions": [],
		"issuelinks": [],
		"assignee": {
			"name": "cbarber",
			"key": "cbarber",
			"displayName": "Chris Barber",
			"active": true,
			"timeZone": "America/Chicago"
		},
		"updated": "2017-11-15T07:13:12.000+0000",
		"status": {
			"description": "The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.",
			"name": "Closed",
			"id": "6",
			"statusCategory": {
				"id": 3,
				"key": "done",
				"colorName": "green",
				"name": "Done"
			}
		},
		"components": [
			{
				"id": "10202",
				"name": "Android",
				"description": "Android Platform"
			},
			{
				"id": "10207",
				"name": "Tooling"
			}
		],
		"description": "There is a need to override the keystore signature algorithm. Today we autodetect the signature algorithm using keytool, however there is a scenario where the SHA256withRSA signature algorithm is detected when it should be SHA1withRSA.\r\n\r\nA way to deal with this is to simply add a new command line option: {{\\-\\-keystore\\-sigalg}}. It does not have a default \"value\", but the default behavior will be to continue to do what we do today. When the {{\\-\\-keystore-sigalg}} is specified, it would simply override the detected signature algorithm before calling {{jarsigner}}. This change would take place here: https://github.com/appcelerator/titanium_mobile/blob/master/android/cli/commands/_build.js#L4096.",
		"attachment": [],
		"flagged": false,
		"summary": "Android: Add CLI option to override keystore signature algorithm",
		"creator": {
			"name": "cbarber",
			"key": "cbarber",
			"displayName": "Chris Barber",
			"active": true,
			"timeZone": "America/Chicago"
		},
		"subtasks": [],
		"reporter": {
			"name": "cbarber",
			"key": "cbarber",
			"displayName": "Chris Barber",
			"active": true,
			"timeZone": "America/Chicago"
		},
		"environment": null,
		"closedSprints": [
			{
				"id": 960,
				"state": "closed",
				"name": "2017 Sprint 21 Tooling",
				"startDate": "2017-10-08T20:39:50.451Z",
				"endDate": "2017-10-22T20:39:00.000Z",
				"completeDate": "2017-10-24T23:57:13.964Z",
				"originBoardId": 219
			}
		],
		"comment": {
			"comments": [
				{
					"id": "409304",
					"author": {
						"name": "hknoechel",
						"key": "hansknoechel",
						"displayName": "Hans Knöchel",
						"active": true,
						"timeZone": "Europe/Berlin"
					},
					"body": "Hey Chris! I noticed this is scheduled for 6.1.0. Looking at the source, you already implemented a {{-sigalg}} parameter [here|https://github.com/appcelerator/titanium_mobile/blame/master/android/cli/commands/_build.js#L4230]. That was in 2014 and this ticket was created in 2015, so I'm a bit curious. Thx!",
					"updateAuthor": {
						"name": "hknoechel",
						"key": "hansknoechel",
						"displayName": "Hans Knöchel",
						"active": true,
						"timeZone": "Europe/Berlin"
					},
					"created": "2017-03-06T14:30:38.000+0000",
					"updated": "2017-03-06T14:30:38.000+0000"
				},
				{
					"id": "409311",
					"author": {
						"name": "cbarber",
						"key": "cbarber",
						"displayName": "Chris Barber",
						"active": true,
						"timeZone": "America/Chicago"
					},
					"body": "When Android 4.3 came out and some devices, specifically I believe it was a Sony smartphone, that didn't ship support for apps signed using the \"SHA1withRSA\". \"SHA1withRSA\" and \"MD5withRSA\" are the most common. This Sony device only supported \"SHA256withRSA\" and maybe \"MD5withRSA\". I added a warning if I detect the use of \"SHA256withRSA\": https://github.com/appcelerator/titanium_mobile/blame/master/android/cli/commands/_build.js#L297.\r\n\r\nWe try to determine the {{sigalg}} from the keystore, but in the event we can't, we default to \"MD5withRSA\". By now, I assume all devices support \"SHA256withRSA\" and perhaps that should be the new default?\r\n\r\nI'm not sure how relevant this is ticket is anymore. I haven't heard much noise regarding the signing algorithm, however adding a {{\\-\\-keystore\\-sigalg}} option is super easy.",
					"updateAuthor": {
						"name": "cbarber",
						"key": "cbarber",
						"displayName": "Chris Barber",
						"active": true,
						"timeZone": "America/Chicago"
					},
					"created": "2017-03-06T16:09:46.000+0000",
					"updated": "2017-03-06T16:09:46.000+0000"
				},
				{
					"id": "413979",
					"author": {
						"name": "hknoechel",
						"key": "hansknoechel",
						"displayName": "Hans Knöchel",
						"active": true,
						"timeZone": "Europe/Berlin"
					},
					"body": "Putting out ouf SDK 6.1.0, since only Android 4.3 and later do support the {{SHA256withRSA}} algorithm. If people want to use it anyway, they can already by passing the {{-sigalg SHA256withRSA}} option to the APK signing process.",
					"updateAuthor": {
						"name": "hknoechel",
						"key": "hansknoechel",
						"displayName": "Hans Knöchel",
						"active": true,
						"timeZone": "Europe/Berlin"
					},
					"created": "2017-03-20T21:27:07.000+0000",
					"updated": "2017-03-20T21:27:07.000+0000"
				},
				{
					"id": "428528",
					"author": {
						"name": "engross",
						"key": "engross",
						"displayName": "Dongwoo Gim",
						"active": true,
						"timeZone": "Asia/Seoul"
					},
					"body": "Hi, guys.\r\nI sent a PR.\r\nThis is a very simple change, therefore this is no reason not to provide.\r\nhttps://github.com/appcelerator/titanium_mobile/pull/9484",
					"updateAuthor": {
						"name": "engross",
						"key": "engross",
						"displayName": "Dongwoo Gim",
						"active": true,
						"timeZone": "Asia/Seoul"
					},
					"created": "2017-09-27T15:59:46.000+0000",
					"updated": "2017-09-27T15:59:46.000+0000"
				},
				{
					"id": "430681",
					"author": {
						"name": "amukherjee",
						"key": "amukherjee",
						"displayName": "Abir Mukherjee",
						"active": true,
						"timeZone": "America/Los_Angeles"
					},
					"body": "Changes are seen in SDK 7.0.0.v20171114203226.",
					"updateAuthor": {
						"name": "amukherjee",
						"key": "amukherjee",
						"displayName": "Abir Mukherjee",
						"active": true,
						"timeZone": "America/Los_Angeles"
					},
					"created": "2017-11-15T07:13:12.000+0000",
					"updated": "2017-11-15T07:13:12.000+0000"
				}
			],
			"maxResults": 5,
			"total": 5,
			"startAt": 0
		}
	}
}