{ "id": "173116", "key": "TIMOB-26895", "fields": { "issuetype": { "id": "1", "description": "A problem which impairs or prevents the functions of the product.", "name": "Bug", "subtask": false }, "project": { "id": "10153", "key": "TIMOB", "name": "Titanium SDK/CLI", "projectCategory": { "id": "10100", "description": "Titanium and related SDKs used in application development", "name": "Client" } }, "fixVersions": [ { "id": "20791", "name": "Release 8.0.2", "archived": false, "released": true, "releaseDate": "2019-06-18" } ], "resolution": { "id": "1", "description": "A fix for this issue is checked into the tree and tested.", "name": "Fixed" }, "resolutiondate": "2019-05-23T21:11:58.000+0000", "created": "2019-03-12T03:05:27.000+0000", "priority": { "name": "None", "id": "6" }, "labels": [ "android", "apk", "engSchedule", "jdk", "md5", "signing" ], "versions": [], "issuelinks": [], "assignee": { "name": "jquick", "key": "jquick", "displayName": "Joshua Quick", "active": true, "timeZone": "America/Los_Angeles" }, "updated": "2019-05-23T21:11:58.000+0000", "status": { "description": "The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.", "name": "Closed", "id": "6", "statusCategory": { "id": 3, "key": "done", "colorName": "green", "name": "Done" } }, "components": [ { "id": "10202", "name": "Android", "description": "Android Platform" } ], "description": "*Summary:*\r\nDigitally signing an APK will fail when using a keystore using an MD5 encryption with JDK 8 or newer version.\r\n\r\n*Steps to reproduce:*\r\n# Go to a machine with JDK 8 or newer installed on it.\r\n# Create a Classic Titanium app.\r\n# Copy the [^testmd5.keystore] the project's root directory.\r\n# In Appc Studio, select \"Package\" from the top-left-most dropdown box.\r\n# In Appc Studio, select \"Android Play Store\" from the other dropdown box.\r\n# Click the build button.\r\n# For \"Keystore Location\", click the \"Browse\" button and select the \"testmd5.keystore\" file.\r\n# For \"Keystore Password\", enter: {{testmd5}}\r\n# For \"Keypair Password\", enter: {{testmd5}}\r\n# For \"Key Alias\", enter: {{testmd5}}\r\n# Click the \"Publish\" button.\r\n\r\n*Result:*\r\nBuild fails with the following logged error messages.\r\n{code}\r\n[ERROR] : Failed to sign apk:\r\n[ERROR] : jarsigner error: java.security.NoSuchAlgorithmException: MD5withRSA (weak) Signature not available\r\n{code}\r\n\r\n*Cause:*\r\nWhen reading the keystore file's information via the JDK \"keytool\", the algorithm returned will be \"MD5withRSA (weak)\" with \" (weak)\" appended to it as of JDK 8. The returned \"MD5withRSA (weak)\" string is being blindly passed to the signing tool, when we should be passing \"MD5withRSA\" instead.\r\n\r\n*Note 1:*\r\nIssue was raised on github below...\r\nhttps://github.com/appcelerator/titanium_mobile/issues/10769\r\n\r\n*Note 2:*\r\nNewest JDK \"keytool\" versions will typically create a keystore using SHA1 or SHA256 by default. I think MD5 was the default for JDK 6.\r\n\r\n*Note 3:*\r\nYou can create a keystore file with \"MD5withRSA\" at the command line on Mac by entering the below in the Terminal. Note that we don't recommend signing a real app with MD5. You should use SHA256 instead. The below is for testing purposes only.\r\n{code}\r\nkeytool -genkey -v -keystore -alias -sigalg MD5withRSA -keyalg RSA -validity 999999\r\n{code}\r\n", "attachment": [ { "id": "66239", "filename": "testmd5.keystore", "author": { "name": "jquick", "key": "jquick", "displayName": "Joshua Quick", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2019-03-12T02:53:42.000+0000", "size": 2577, "mimeType": "application/octet-stream" }, { "id": "66601", "filename": "testsha1.keystore", "author": { "name": "jquick", "key": "jquick", "displayName": "Joshua Quick", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2019-05-15T00:49:39.000+0000", "size": 2579, "mimeType": "application/octet-stream" }, { "id": "66602", "filename": "testsha256.keystore", "author": { "name": "jquick", "key": "jquick", "displayName": "Joshua Quick", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2019-05-15T00:49:39.000+0000", "size": 2583, "mimeType": "application/octet-stream" } ], "flagged": false, "summary": "Android: APK signing will fail when using MD5 keystore and JDK 8 or newer", "creator": { "name": "jquick", "key": "jquick", "displayName": "Joshua Quick", "active": true, "timeZone": "America/Los_Angeles" }, "subtasks": [], "reporter": { "name": "jquick", "key": "jquick", "displayName": "Joshua Quick", "active": true, "timeZone": "America/Los_Angeles" }, "environment": null, "closedSprints": [ { "id": 1136, "state": "closed", "name": "2019 Sprint 11", "startDate": "2019-05-18T17:39:52.830Z", "endDate": "2019-05-31T17:39:00.000Z", "completeDate": "2019-06-04T21:37:11.485Z", "originBoardId": 114 } ], "comment": { "comments": [ { "id": "448382", "author": { "name": "jquick", "key": "jquick", "displayName": "Joshua Quick", "active": true, "timeZone": "America/Los_Angeles" }, "body": "I've attached SHA1 and SHA256 keystore files to be used to test the fix for this issue. Note that there are not any issues with these algorithms, but we need to ensure the fix doesn't break them either.\r\n\r\n [^testsha1.keystore] \r\n*Keystore Password:* {{testsha1}}\r\n*Keypair Password:* {{testsha1}}\r\n*Key Alias:* {{testsha1}}\r\n\r\n [^testsha256.keystore] \r\n*Keystore Password:* {{testsha256}}\r\n*Keypair Password:* {{testsha256}}\r\n*Key Alias:* {{testsha256}}\r\n", "updateAuthor": { "name": "jquick", "key": "jquick", "displayName": "Joshua Quick", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2019-05-15T00:52:59.000+0000", "updated": "2019-05-15T00:53:41.000+0000" }, { "id": "448386", "author": { "name": "jquick", "key": "jquick", "displayName": "Joshua Quick", "active": true, "timeZone": "America/Los_Angeles" }, "body": "PR (master): https://github.com/appcelerator/titanium_mobile/pull/10888\r\nPR (8.0.x): https://github.com/appcelerator/titanium_mobile/pull/10889", "updateAuthor": { "name": "jquick", "key": "jquick", "displayName": "Joshua Quick", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2019-05-15T04:01:58.000+0000", "updated": "2019-05-15T04:01:58.000+0000" }, { "id": "448486", "author": { "name": "kmahalingam", "key": "kmahalingam", "displayName": "Keerthi Mahalingam", "active": false, "timeZone": "America/Los_Angeles" }, "body": "FR passed.", "updateAuthor": { "name": "kmahalingam", "key": "kmahalingam", "displayName": "Keerthi Mahalingam", "active": false, "timeZone": "America/Los_Angeles" }, "created": "2019-05-17T18:37:44.000+0000", "updated": "2019-05-17T18:37:44.000+0000" }, { "id": "448487", "author": { "name": "kmahalingam", "key": "kmahalingam", "displayName": "Keerthi Mahalingam", "active": false, "timeZone": "America/Los_Angeles" }, "body": "PR merged for master.but on 8_0_X jenkin is failing .not able to merge", "updateAuthor": { "name": "kmahalingam", "key": "kmahalingam", "displayName": "Keerthi Mahalingam", "active": false, "timeZone": "America/Los_Angeles" }, "created": "2019-05-17T19:37:26.000+0000", "updated": "2019-05-17T19:37:26.000+0000" }, { "id": "448629", "author": { "name": "kmahalingam", "key": "kmahalingam", "displayName": "Keerthi Mahalingam", "active": false, "timeZone": "America/Los_Angeles" }, "body": "Verified the fix on SDK 8.1.0.v20190523084559 and 8.0.2.v20190522031334.APP built successfully with keystore. Works as expected.\r\n{code}Operating System\r\n Name = Mac OS X\r\n Version = 10.13.6\r\n Architecture = 64bit\r\n # CPUs = 8\r\n Memory = 17179869184\r\nNode.js\r\n Node.js Version = 8.9.1\r\n npm Version = 5.5.1\r\nTitanium CLI\r\n CLI Version = 5.1.1\r\nTitanium SDK\r\n SDK Version = 8.1.0.v20190523084559 and 8.0.2.v20190522031334\r\nCli =7.0.11\r\nStudio =5.1.2.201903111843\r\n{code}", "updateAuthor": { "name": "kmahalingam", "key": "kmahalingam", "displayName": "Keerthi Mahalingam", "active": false, "timeZone": "America/Los_Angeles" }, "created": "2019-05-23T21:11:55.000+0000", "updated": "2019-05-23T21:11:55.000+0000" } ], "maxResults": 5, "total": 5, "startAt": 0 } } }