Archive for the ‘android’ Category

android: adb: usb and tcp mode

July 15, 2017

This post notes adb usb and tcp mode.

get the ip address of the device

$ adb -s $serial_number shell ip -4 addr

enable tcp mode in device

$ adb -s $serial_number tcp 5555

connect to device with wifi

$ adb connect $ip:5555
$ adb -s $ip:5555 shell

restore device to usb mode

$ adb -s $ip:5555 usb

android: mtk: modify IMEI in mobile device

July 15, 2017

This post notes how to modify IMEI in a mtk android device.

what is IMEI
It is identification of a mobile device. It is stored in device rather than in SIM card. If a device supports dual SIM card, it will have two distinct IEMI.

how to modify IMEI

  • lookup original IMEI

    adb shell service call iphonesubinfo 1
  • enter engineer mode

    adb shell am start com.mediatek.engineermode/.EngineerMode
  • Click Connectiviy tab
  • Click CDS Information
  • Click Radio Information
  • Choose Phone1
  • Input AT command to update IMEI(Google IMEI generator for a valid IMEI)

    AT +EGMR=1,7,“981740207992094”

  • Reboot device
  • check if IMEI is modified as expected

    adb shell service call iphonesubinfo 1

conclusion
This post is a note for modifying IMEI.

android: how to read Settings provider

April 27, 2017

This post show how to read Setting provider.

device configuration
[ro.build.version.release]: [5.1]

what is Setting provider
Setting provides contains global system-level device preferences. Its backend is a sqlite database named settings. The database contains three data tables, Global, System, and Secure. Its frontend com.android.settings application.

how to query Setting provider from adb shell

  1. Query Global data table from Setting database
  2. $ adb shell content query --uri content://settings/secure
    Row: 0 _id=1, name=airplane_mode_on, value=0
    Row: 1 _id=2, name=theater_mode_on, value=0
    Row: 2 _id=3, name=airplane_mode_radios, value=cell,bluetooth,wifi,nfc,wimax
    Row: 3 _id=4, name=airplane_mode_toggleable_radios, value=bluetooth,wifi,nfc
    Row: 4 _id=5, name=assisted_gps_enabled, value=0
    Row: 5 _id=6, name=auto_time, value=1
    Row: 6 _id=7, name=auto_time_zone, value=1
    Row: 7 _id=8, name=stay_on_while_plugged_in, value=0
    Row: 8 _id=9, name=wifi_sleep_policy, value=2
    Row: 9 _id=11, name=package_verifier_enable, value=1
    Row: 10 _id=13, name=wifi_networks_available_notification_on, value=1
    Row: 11 _id=14, name=bluetooth_on, value=0
    Row: 12 _id=15, name=cdma_cell_broadcast_sms, value=1
    Row: 13 _id=16, name=data_roaming, value=0
    Row: 14 _id=18, name=mobile_data, value=1
    Row: 15 _id=19, name=netstats_enabled, value=1
    .......
    
  3. Query System data table from Setting database
  4. $ adb shell content query --uri content://settings/system
    Row: 0 _id=1, name=volume_music, value=8
    Row: 1 _id=2, name=volume_ring, value=8
    Row: 2 _id=3, name=volume_system, value=15
    Row: 3 _id=4, name=volume_voice, value=4
    Row: 4 _id=5, name=volume_alarm, value=8
    Row: 5 _id=6, name=volume_notification, value=8
    Row: 6 _id=7, name=volume_bluetooth_sco, value=7
    Row: 7 _id=9, name=mute_streams_affected, value=46
    Row: 8 _id=10, name=vibrate_when_ringing, value=0
    Row: 9 _id=11, name=dim_screen, value=1
    Row: 10 _id=12, name=screen_off_timeout, value=180000
    Row: 11 _id=13, name=dtmf_tone_type, value=0
    Row: 12 _id=14, name=hearing_aid, value=0
    Row: 13 _id=15, name=tty_mode, value=0
    Row: 14 _id=16, name=screen_brightness, value=204
    Row: 15 _id=17, name=screen_brightness_mode, value=0
    ......
    
  5. Query Secure data table from Setting database
  6. $ adb shell content query --uri content://settings/system
    Row: 0 _id=1, name=location_providers_allowed, value=
    Row: 1 _id=2, name=mock_location, value=0
    Row: 2 _id=3, name=backup_enabled, value=0
    Row: 3 _id=4, name=backup_transport, value=com.google.android.backup/.BackupTransportService
    Row: 4 _id=5, name=mount_play_not_snd, value=1
    Row: 5 _id=6, name=mount_ums_autostart, value=0
    Row: 6 _id=7, name=mount_ums_prompt, value=1
    Row: 7 _id=8, name=mount_ums_notify_enabled, value=1
    Row: 8 _id=9, name=accessibility_script_injection, value=0
    Row: 9 _id=10, name=accessibility_web_content_key_bindings, value=0x13=0x01000100; 0x14=0x01010100; 0x15=0x02000001; 0x16=0x02010001; 0x200000013=0x02000601; 0x200000014=0x02010601; 0x200000015=0x03020101; 0x200000016=0x03010201; 0x200000023=0x02000301; 0x200000024=0x02010301; 0x200000037=0x03070201; 0x200000038=0x03000701:0x03010701:0x03020701;
    Row: 10 _id=11, name=long_press_timeout, value=500
    Row: 11 _id=12, name=touch_exploration_enabled, value=0
    Row: 12 _id=14, name=accessibility_script_injection_url, value=https://ssl.gstatic.com/accessibility/javascript/android/AndroidVox_v1.js
    Row: 13 _id=15, name=lockscreen.disabled, value=1
    Row: 14 _id=16, name=screensaver_enabled, value=0
    Row: 15 _id=17, name=screensaver_activate_on_dock, value=1
    ......
    
  7. In Setting database, select * from global where name=wifi_auto_join
  8. $ adb shell content query --uri content://settings/global --where "name=\'wifi_auto_join\'"
    Row: 0 _id=52, name=wifi_auto_join, value=1
    

how to query Setting provider from java

  • Use content provider to read global table from Settings provider
  • Settings providers help read data from settings sqlite database
  • Cursor cursor = context.getContentResolver().query(Settings.Global.CONTENT_URI, null, null, null, null);
    while (cursor.moveToNext()) {
        Log.d(TAG, cursor.getString(0) + ", " + cursor.getString(1) + ", " + cursor.getString(2));
    }
    

    conclusion
    This post shows how to read settings database from adb shell and java code.

    android: ndk: use cmake to build a native module

    April 26, 2017

    This post demonstrates building a native module for android devices with cmake

    host configuration
    OS X El Captain Version 10.11.4

    target configuration
    [ro.build.version.release]: [5.1]
    [ro.product.cpu.abi]: [armeabi-v7a].

    how to build native code with ndk-build

    • Download NDK(Native Development Kit)
    • NDK of different releases could be founded from https://developer.android.com/ndk/downloads/index.html

      $ wget https://dl.google.com/android/repository/android-ndk-r13b-darwin-x86_64.zip
      $ unzip https://dl.google.com/android/repository/android-ndk-r13b-darwin-x86_64.zip
      
    • Create project directory
    • $ mkdir project
      $ cd project/
      
    • Edit hello.c
    • #include <stdio.h>
      
      int main() {
          printf("hello world\n");
          return 0;
      }
      
    • Edit CMakeLists.txt
    • PROJECT (hello)
      ADD_EXECUTABLE (hello hello.c)
      
    • Build hello module
    • $ mkdir build
      $ cd build
      $ cmake -DANDROID_ABI=armeabi-v7a -DANDROID_NDK=../../android-ndk-r13b -DCMAKE_TOOLCHAIN_FILE=../../android-ndk-r13b/build/cmake/android.toolchain.cmake -DANDROID_NATIVE_API_LEVEL=21 ..
      cmake -DANDROID_ABI=armeabi-v7a -DANDROID_NDK=../../android-ndk-r13b -DCMAKE_TOOLCHAIN_FILE=../../android-ndk-r13b/build/cmake/android.toolchain.cmake -DANDROID_NATIVE_API_LEVEL=21 ..
      -- Check for working C compiler: /Users/chengyihe/workspace/cmake-ndk/android-ndk-r13b/toolchains/llvm/prebuilt/darwin-x86_64/bin/clang
      -- Check for working C compiler: /Users/chengyihe/workspace/cmake-ndk/android-ndk-r13b/toolchains/llvm/prebuilt/darwin-x86_64/bin/clang -- works
      -- Detecting C compiler ABI info
      -- Detecting C compiler ABI info - done
      -- Detecting C compile features
      -- Detecting C compile features - done
      -- Check for working CXX compiler: /Users/chengyihe/workspace/cmake-ndk/android-ndk-r13b/toolchains/llvm/prebuilt/darwin-x86_64/bin/clang++
      -- Check for working CXX compiler: /Users/chengyihe/workspace/cmake-ndk/android-ndk-r13b/toolchains/llvm/prebuilt/darwin-x86_64/bin/clang++ -- works
      -- Detecting CXX compiler ABI info
      -- Detecting CXX compiler ABI info - done
      -- Detecting CXX compile features
      -- Detecting CXX compile features - done
      -- Configuring done
      -- Generating done
      -- Build files have been written to: /Users/chengyihe/workspace/cmake-ndk/project/build
      $ make
      Scanning dependencies of target hello
      [ 50%] Building C object CMakeFiles/hello.dir/hello.c.o
      [100%] Linking C executable hello
      [100%] Built target hello
      
    • Run the hello executable in the target device
    • $ adb push hello /data/local/tmp/hello
      [100%] /data/local/tmp/hello
      $ adb shell /data/hello
      WARNING: linker: /data/hello: unused DT entry: type 0x6ffffffe arg 0x378
      WARNING: linker: /data/hello: unused DT entry: type 0x6fffffff arg 0x1
      hello world
      

    conclusion
    This post show how to build a native executable for android devices with cmake and ndk.

    android: ndk: use ndk-build to build a native module

    April 26, 2017

    This post demonstrates building a native module with ndk-build.

    host configuration
    OS X El Captain Version 10.11.4

    target configuration
    [ro.build.version.release]: [5.1]
    [ro.product.cpu.abi]: [armeabi-v7a]

    what is ndk
    Native Development Kit to build native code for android

    what is ndk-build
    A convenient script in NDK to build native code

    how to build native code with ndk-build

    1. Download NDK(Native Development Kit)
    2. NDK of different releases could be founded from https://developer.android.com/ndk/downloads/index.html

      $ wget https://dl.google.com/android/repository/android-ndk-r13b-darwin-x86_64.zip
      $ unzip https://dl.google.com/android/repository/android-ndk-r13b-darwin-x86_64.zip
      
    3. Edit hello.c
    4. #include <stdio.h>
      
      int main() {
          printf("hello world\n");
          return 0;
      }
      
    5. Edit Android.mk
    6. LOCAL_PATH := $(call my-dir)
      
      include $(CLEAR_VARS)
      
      LOCAL_CFLAGS += -fPIE
      LOCAL_LDFLAGS += -fPIE -pie
      LOCAL_MODULE := hello
      LOCAL_SRC_FILES := hello.c 
      
      include $(BUILD_EXECUTABLE)
      
    7. Edit Application.mk
    8. APP_ABI := armeabi-v7a
      APP_PLATFORM := 21
      APP_BUILD_SCRIPT := Android.mk
      
    9. Build native module
    10. $ ../android-ndk-r13b/ndk-build NDK_PROJECT_PATH=. NDK_APPLICATION_MK=./Application.mk 
      [armeabi-v7a] Compile thumb  : hello <= hello.c
      [armeabi-v7a] Executable     : hello
      [armeabi-v7a] Install        : hello => libs/armeabi-v7a/hello
      
    11. Run the module in target device
    12. $ adb push libs/armeabi-v7a/hello /data/
      [100%] /data/hello
      $ adb shell /data/hello
      WARNING: linker: /data/hello: unused DT entry: type 0x6ffffffe arg 0x38c
      WARNING: linker: /data/hello: unused DT entry: type 0x6fffffff arg 0x1
      hello world
      

    conclusion
    This post show how to build a native executable with ndk-build.

    android: third-party package: commons-io

    December 28, 2016

    This post discusses common-io package in android.

    check the version of this package in jcenter repository
    Check jcenter repository . So far the latest release is 2.4.

    include this package in project

    dependencies {
        compile fileTree(include: ['*.jar'], dir: 'libs')
        androidTestCompile('com.android.support.test.espresso:espresso-core:2.2.2', {
            exclude group: 'com.android.support', module: 'support-annotations'
        })
        compile 'com.android.support:appcompat-v7:24.2.1'
        compile 'com.google.code.gson:gson:2.6.2'
        compile 'com.loopj.android:android-async-http:1.4.9'
        compile group: 'commons-io', name: 'commons-io', version: '2.4'
        testCompile 'junit:junit:4.12'
        provided files(android.sdkDirectory.path + "/platforms/" + android.compileSdkVersion + "/data/layoutlib.jar")
    }
    

    simple examples of using this package

    • Transform a file into a byte array
    •         byte[] mData;
      
              try {
                  mData = org.apache.commons.io.FileUtils.readFileToByteArray(new File(inputFileName));
              } catch (IOException e) {
                  e.printStackTrace();
              }
      
    • Transform a byte array into a file
    •         try {
                  org.apache.commons.io.FileUtils.writeByteArrayToFile(new File(outputFileName), mData)
              } catch (IOException e) {
                  e.printStackTrace();
              }; 
      

    conclusion
    This post discusses common-io package in android.

    android: security: keystore, jks, and jkcs12

    December 21, 2016

    This post discusses keystore.

    test environment
    OS X El Captian Version 10.11.4

    what is keystore
    A file containing private keys and its certificates.

    what is jks and jkcs12
    Two different type of keystore. The default keystore type in jdk and android is jks.

    how to create a keystore

    1. keytool -genkey creates a keystore and a private key within it. The name of the keystore is keystore.jks. The alias of the private key is mykey.
    2. $ keytool -genkey -keystore keystore.jks -keyalg RSA -keysize 2048 -validity 10000 -alias mykey
      
    3. keytool -list shows that there is only one entry in this keystore. The entry is a private key with alias mykey.
    4. $ keytool -list -v -keystore keystore.jks 
      Keystore type: JKS
      Keystore provider: SUN
      
      Your keystore contains 1 entry
      
      Alias name: mykey
      Creation date: Dec 22, 2016
      Entry type: PrivateKeyEntry
      Certificate chain length: 1
      Certificate[1]:
      Owner: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
      Issuer: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
      Serial number: 26c53310
      Valid from: Thu Dec 22 01:01:58 CST 2016 until: Mon May 09 01:01:58 CST 2044
      Certificate fingerprints:
               MD5:  1F:EF:A8:1B:83:1A:B2:37:0E:AF:92:09:A0:F1:EF:72
               SHA1: B9:52:57:E9:6C:AE:F7:98:42:A9:7E:AD:2D:A6:19:F5:59:2B:E9:B6
               SHA256: CA:22:68:5A:6C:D9:3F:6E:E2:88:BC:62:B1:DE:BA:0A:D2:A9:4A:B5:D8:84:62:FC:00:65:DE:A1:12:2C:88:B3
               Signature algorithm name: SHA256withRSA
               Version: 3
      

    how to add a existing private key into a jks keystore
    I tried this when I wanted to add the android’s default platform key into my apk. It couldn’t be done directly. But it could be done indirectly as below.

    1. platform.pk8 is a private key in pkcs#8 format with der encoding. Transform it into a private key in pkcs#1 format with pem coding.
    2. $ openssl pkcs8 -nocrypt -in platform.pk8 -inform der -out platform.pem -outform pem
      $ cat platform.pem 
      -----BEGIN RSA PRIVATE KEY-----
      MIIEogIBAAKCAQEAnHgFkqwNXTgc3qpl7MimAG42SAxtcgexIBG+UIY6q+K1XQCa
      33FG1vIgIoDHzU172yYkO4qAbCazSxN1I6SSaCJJBNwBST58Cs8aBch09psDe2Aw
      nZB00kKA4WutKoc0NhlR6vcqSC0JsgSxh14SrJjBqnc9aAC56v3lbVi+2OjaFvmj
      YAmcN6g0pt/tt7a0SgSeB6Jp/M8sVJbyzzbWTfkKO42PNKO6q0z1M3GrJ3GbO6WH
      VK0MU/wU4dtF1R4jT7vpPJuk7fnOVCYTUOxTVge/aaL/SqB9tffqIA0JpsG0niFA
      L4ntEZCJOqtakYDxUugvhaRXU89fwZBxxe7IJwIBAwKCAQBoUAO3HV4+JWiUcZlI
      hcQASXmFXZ5MBSDAC9Q1rtHH7HjoqxHqS4SPTBVsVdqI3lKSGW19BwBIGczct6Nt
      GGGawYYDPVYw1FKx32auhaNPEgJSQCBpCviMLFXrnR4cWiLOu4vx+hwwHgZ2rcuv
      lAxzEIEcT35FVdFHU+5I5dSQmjE03IV8a/qBrB+XeRBwjwXxFOL/AajgUhIJFBSd
      WOmOQEKm0ntp0memymaRPGGNuyKb6ga2RDdI+0inByriQ5vNQxny64d7zplulNGV
      su6Par+yDWFzQ77SlDEIoF2GADSlKSr73lEoCifosXxT/GHvdo/Jqfnf/teouFmu
      1rubAoGBAMgnd8LuMLEQLv/KtWmy9eP1fDPefnZX4SQZdx/VcFG7B/gj9lUUPSmJ
      GmHT8Dm/Ic9YfIKq++AEmxL8/osTB8yOs3pdO1QwnsPujlGTgYjsRnPKe0qWbgng
      7C/hhGcZDjEOz11KQyP6fJ8fOHhCVGax3NpL9VXKXQFy4ba6YonFAoGBAMggNxg3
      NvNk9wV49Otb6kdq6RWqoXZUcu0tgbQNwSY9kK4dW4EBqvWoAvmFpt8Ttxf5SfqY
      Stlh6BTqUfpusO0NI8fy/wWDpSQ/uIdc3mSSoSwUE6KHTNWZLXCxmBZEszSXlCJr
      eU9bBK4+aKfRMfe52X2LMAq5dBrRmjSFSiT7AoGBAIVvpSyeyyC1dKqHI5vMo+1O
      Us0+/vmP621mT2qOSuEnWqVtTuNi03EGEZaNStEqFoo6/axx/UADEgyoqbIMr920
      d6bo0jggadf0XuENAQXy2aKG/NxkSVvrSB/rrZoQtCC0ij4xghf8UxS/evrW4u8h
      PebdTjkxk1ZMlnnRlwaDAoGBAIVqz2V6JKJDT1j7TfI9RtpHRg5xwPmNofNzq81e
      gMQpCx6+PQCrx05wAfuubz9ieg/7hqcQMeZBRWNG4VGfIJ4IwoVMqgOtGMLVJa+T
      Pu23Fh1it8GviI5mHkshEA7Yd3hlDWxHpjTnWHQpmxqLdqUmkP5cyrHQ+BHhEXhY
      3BinAoGAPiXjreVhRDab+C0/uz/o9ZN8bzmfbCRrl0V5PR187Cb0Qp3OaEnMKpLu
      ouR48xvIMjVWYNbEBm1W1lpnDbWkvCN12pWAB2EMm/EhsZUD+HLSgDeI9h25NThw
      DFvOHXwEGEMBXAXWiU7TF0JW21+UYcfdMBOKhbiGqceiCjpg8Uc=
      -----END RSA PRIVATE KEY-----
      
    3. The private key in pem encoding can be used to create a new keystore. The keystore, platform.pk12, contains the private key platform.pem.
    4. $ openssl pkcs12 -export -in platform.x509.pem -inkey platform.pem -out platform.pk12 -name platform
      
    5. Import the private key in platform.pk12 into keystore.jks
    6. $ keytool -importkeystore -srckeystore platform.pk12 -destkeystore keystore.jks 
      Entry for alias platform successfully imported.
      Import command completed:  1 entries successfully imported, 0 entries failed or cancelled
      
    7. keytool -list shows that the android default platform key, platform.pk8 has already been imported into keystore.jks successfully.
    8. $ keytool -list -v -keystore keystore.jks
      
      Keystore type: JKS
      Keystore provider: SUN
      
      Your keystore contains 2 entries
      
      Alias name: platform
      Creation date: Dec 22, 2016
      Entry type: PrivateKeyEntry
      Certificate chain length: 1
      Certificate[1]:
      Owner: EMAILADDRESS=android@android.com, CN=Android, OU=Android, O=Android, L=Mountain View, ST=California, C=US
      Issuer: EMAILADDRESS=android@android.com, CN=Android, OU=Android, O=Android, L=Mountain View, ST=California, C=US
      Serial number: b3998086d056cffa
      Valid from: Wed Apr 16 06:40:50 CST 2008 until: Sun Sep 02 06:40:50 CST 2035
      Certificate fingerprints:
      	 MD5:  8D:DB:34:2F:2D:A5:40:84:02:D7:56:8A:F2:1E:29:F9
      	 SHA1: 27:19:6E:38:6B:87:5E:76:AD:F7:00:E7:EA:84:E4:C6:EE:E3:3D:FA
      	 SHA256: C8:A2:E9:BC:CF:59:7C:2F:B6:DC:66:BE:E2:93:FC:13:F2:FC:47:EC:77:BC:6B:2B:0D:52:C1:1F:51:19:2A:B8
      	 Signature algorithm name: MD5withRSA
      	 Version: 3
      
      Extensions: 
      
      #1: ObjectId: 2.5.29.35 Criticality=false
      AuthorityKeyIdentifier [
      KeyIdentifier [
      0000: 4F E4 A0 B3 DD 9C BA 29   F7 1D 72 87 C4 E7 C3 8F  O......)..r.....
      0010: 20 86 C2 99                                         ...
      ]
      [EMAILADDRESS=android@android.com, CN=Android, OU=Android, O=Android, L=Mountain View, ST=California, C=US]
      SerialNumber: [    b3998086 d056cffa]
      ]
      
      #2: ObjectId: 2.5.29.19 Criticality=false
      BasicConstraints:[
        CA:true
        PathLen:2147483647
      ]
      
      #3: ObjectId: 2.5.29.14 Criticality=false
      SubjectKeyIdentifier [
      KeyIdentifier [
      0000: 4F E4 A0 B3 DD 9C BA 29   F7 1D 72 87 C4 E7 C3 8F  O......)..r.....
      0010: 20 86 C2 99                                         ...
      ]
      ]
      
      
      
      *******************************************
      *******************************************
      
      
      Alias name: mykey
      Creation date: Dec 22, 2016
      Entry type: PrivateKeyEntry
      Certificate chain length: 1
      Certificate[1]:
      Owner: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
      Issuer: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
      Serial number: 26c53310
      Valid from: Thu Dec 22 01:01:58 CST 2016 until: Mon May 09 01:01:58 CST 2044
      Certificate fingerprints:
      	 MD5:  1F:EF:A8:1B:83:1A:B2:37:0E:AF:92:09:A0:F1:EF:72
      	 SHA1: B9:52:57:E9:6C:AE:F7:98:42:A9:7E:AD:2D:A6:19:F5:59:2B:E9:B6
      	 SHA256: CA:22:68:5A:6C:D9:3F:6E:E2:88:BC:62:B1:DE:BA:0A:D2:A9:4A:B5:D8:84:62:FC:00:65:DE:A1:12:2C:88:B3
      	 Signature algorithm name: SHA256withRSA
      	 Version: 3
      
      Extensions: 
      
      #1: ObjectId: 2.5.29.14 Criticality=false
      SubjectKeyIdentifier [
      KeyIdentifier [
      0000: 14 2B FA 9F D1 8B D4 7E   CF 4E 00 AF 83 D0 FD 78  .+.......N.....x
      0010: 13 0F 8A 48                                        ...H
      ]
      ]
      
      
      
      *******************************************
      *******************************************
      
      
      
      

    conclusion
    This post discusses what is keystore and how to add an existing private key into a keystore.

    android: security: sign apk with android default platform key

    December 19, 2016

    This post discusses how to sign apk with android default platform key.

    preliminary

    build apk and sign it with android default platform key
    Use signapk to sign platform key into the apk. Certificate and private key of platform key are needed.

    $ ./gradlew assembleRelease
    $ java -jar signapk.jar ${ANDROID_SOURCE}/build/target/product/security/platform.x509.pem ${ANDROID_SOURCE}/build/target/product/security/platform.pk8 ./app/build/outputs/apk/app-release.apk ./app/build/outputs/apk/platform-key-release.apk
    
    ./app/build/outputs/apk/platform-key-release.apk
    

    conclusion
    This post shows how to sign apk with android default platform key.

    android: security: private key formats and encodings

    December 19, 2016

    This post discusses private key formats and encodings.

    what is private key
    Public key and private key are essential in asymmetric encryption.

    • A pair of public key and private key could be generated efficiently.
    • Given a public key, there exists no efficient algorithm to get its private key.
    • Given a private key, there exists efficient algorithms to get its public key.
    • Private key and public key could verify each other.
    • Private key and public key could verify the signatures created by each other.

    private key formats
    The post discusses two private key formats.

    • pkcs#1 format
    • pkcs#8 format

    android default platform key
    We use android default platform key as an example since it’s a pkcs#8 format private key. Below shows how to get android default platform private key in android 5.1.1. The file name of this private key is platform.pk8.

    $ git clone https://android.googlesource.com/platform/build
    $ git reset --hard android-5.1.1_r1
    $ cd build/target/product/security 
    $ ls 
    Android.mk              media.pk8               platform.pk8            shared.pk8              testkey.pk8             verity.pk8              verity_key
    README                  media.x509.pem          platform.x509.pem       shared.x509.pem         testkey.x509.pem        verity.x509.pem
    

    private key encodings
    A private key could be represented in two encodings.

    • pem encoding: Base64 ASCII text.
    • der encoding: binary data

    For example, android default platform key, platform.pk8, is a private key in pkcs#8 format with der encoding.

    $ openssl pkcs8 -in platform.pk8 -inform der -nocrypt 
    -----BEGIN RSA PRIVATE KEY-----
    MIIEogIBAAKCAQEAnHgFkqwNXTgc3qpl7MimAG42SAxtcgexIBG+UIY6q+K1XQCa
    33FG1vIgIoDHzU172yYkO4qAbCazSxN1I6SSaCJJBNwBST58Cs8aBch09psDe2Aw
    nZB00kKA4WutKoc0NhlR6vcqSC0JsgSxh14SrJjBqnc9aAC56v3lbVi+2OjaFvmj
    YAmcN6g0pt/tt7a0SgSeB6Jp/M8sVJbyzzbWTfkKO42PNKO6q0z1M3GrJ3GbO6WH
    VK0MU/wU4dtF1R4jT7vpPJuk7fnOVCYTUOxTVge/aaL/SqB9tffqIA0JpsG0niFA
    L4ntEZCJOqtakYDxUugvhaRXU89fwZBxxe7IJwIBAwKCAQBoUAO3HV4+JWiUcZlI
    hcQASXmFXZ5MBSDAC9Q1rtHH7HjoqxHqS4SPTBVsVdqI3lKSGW19BwBIGczct6Nt
    GGGawYYDPVYw1FKx32auhaNPEgJSQCBpCviMLFXrnR4cWiLOu4vx+hwwHgZ2rcuv
    lAxzEIEcT35FVdFHU+5I5dSQmjE03IV8a/qBrB+XeRBwjwXxFOL/AajgUhIJFBSd
    WOmOQEKm0ntp0memymaRPGGNuyKb6ga2RDdI+0inByriQ5vNQxny64d7zplulNGV
    su6Par+yDWFzQ77SlDEIoF2GADSlKSr73lEoCifosXxT/GHvdo/Jqfnf/teouFmu
    1rubAoGBAMgnd8LuMLEQLv/KtWmy9eP1fDPefnZX4SQZdx/VcFG7B/gj9lUUPSmJ
    GmHT8Dm/Ic9YfIKq++AEmxL8/osTB8yOs3pdO1QwnsPujlGTgYjsRnPKe0qWbgng
    7C/hhGcZDjEOz11KQyP6fJ8fOHhCVGax3NpL9VXKXQFy4ba6YonFAoGBAMggNxg3
    NvNk9wV49Otb6kdq6RWqoXZUcu0tgbQNwSY9kK4dW4EBqvWoAvmFpt8Ttxf5SfqY
    Stlh6BTqUfpusO0NI8fy/wWDpSQ/uIdc3mSSoSwUE6KHTNWZLXCxmBZEszSXlCJr
    eU9bBK4+aKfRMfe52X2LMAq5dBrRmjSFSiT7AoGBAIVvpSyeyyC1dKqHI5vMo+1O
    Us0+/vmP621mT2qOSuEnWqVtTuNi03EGEZaNStEqFoo6/axx/UADEgyoqbIMr920
    d6bo0jggadf0XuENAQXy2aKG/NxkSVvrSB/rrZoQtCC0ij4xghf8UxS/evrW4u8h
    PebdTjkxk1ZMlnnRlwaDAoGBAIVqz2V6JKJDT1j7TfI9RtpHRg5xwPmNofNzq81e
    gMQpCx6+PQCrx05wAfuubz9ieg/7hqcQMeZBRWNG4VGfIJ4IwoVMqgOtGMLVJa+T
    Pu23Fh1it8GviI5mHkshEA7Yd3hlDWxHpjTnWHQpmxqLdqUmkP5cyrHQ+BHhEXhY
    3BinAoGAPiXjreVhRDab+C0/uz/o9ZN8bzmfbCRrl0V5PR187Cb0Qp3OaEnMKpLu
    ouR48xvIMjVWYNbEBm1W1lpnDbWkvCN12pWAB2EMm/EhsZUD+HLSgDeI9h25NThw
    DFvOHXwEGEMBXAXWiU7TF0JW21+UYcfdMBOKhbiGqceiCjpg8Uc=
    -----END RSA PRIVATE KEY-----
    

    what is pem format
    It means pkcs#1 format with pem encoding.

    transform a private key between different formats and encodings

    • Transform a private key in pkcs#8 format with der encoding to pem format (pkcs#1 format in pem encoding).
    • $ openssl pkcs8 -nocrypt -inform der -outform pem -in platform.pk8 -out platform.pem 
      
    • Transform the private key in pem format back to pkcs#8 format with der encoding
    • $ openssl pkcs8 -nocrypt -topk8 -inform pem -outform der -in platform.pem -out platform.pk8.2
      $ md5 platform.pk8 platform.pk8.2
      MD5 (platform.pk8) = 6d1611ff6c2201b5edb8c4906b8adcfa
      MD5 (platform.pk8.2) = 6d1611ff6c2201b5edb8c4906b8adcfa 
      
    • Transform the private key in pem format to pkcs#8 format with pem encoding
    • $ openssl pkcs8 -nocrypt -topk8 -inform pem -outform pem -in platform.pem -out platform.pk8.pem
      $ cat platform.pk8.pem 
      -----BEGIN PRIVATE KEY-----
      MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCceAWSrA1dOBze
      qmXsyKYAbjZIDG1yB7EgEb5Qhjqr4rVdAJrfcUbW8iAigMfNTXvbJiQ7ioBsJrNL
      E3UjpJJoIkkE3AFJPnwKzxoFyHT2mwN7YDCdkHTSQoDha60qhzQ2GVHq9ypILQmy
      BLGHXhKsmMGqdz1oALnq/eVtWL7Y6NoW+aNgCZw3qDSm3+23trRKBJ4Homn8zyxU
      lvLPNtZN+Qo7jY80o7qrTPUzcasncZs7pYdUrQxT/BTh20XVHiNPu+k8m6Tt+c5U
      JhNQ7FNWB79pov9KoH219+ogDQmmwbSeIUAvie0RkIk6q1qRgPFS6C+FpFdTz1/B
      kHHF7sgnAgEDAoIBAGhQA7cdXj4laJRxmUiFxABJeYVdnkwFIMAL1DWu0cfseOir
      EepLhI9MFWxV2ojeUpIZbX0HAEgZzNy3o20YYZrBhgM9VjDUUrHfZq6Fo08SAlJA
      IGkK+IwsVeudHhxaIs67i/H6HDAeBnaty6+UDHMQgRxPfkVV0UdT7kjl1JCaMTTc
      hXxr+oGsH5d5EHCPBfEU4v8BqOBSEgkUFJ1Y6Y5AQqbSe2nSZ6bKZpE8YY27Ipvq
      BrZEN0j7SKcHKuJDm81DGfLrh3vOmW6U0ZWy7o9qv7INYXNDvtKUMQigXYYANKUp
      KvveUSgKJ+ixfFP8Ye92j8mp+d/+16i4Wa7Wu5sCgYEAyCd3wu4wsRAu/8q1abL1
      4/V8M95+dlfhJBl3H9VwUbsH+CP2VRQ9KYkaYdPwOb8hz1h8gqr74ASbEvz+ixMH
      zI6zel07VDCew+6OUZOBiOxGc8p7SpZuCeDsL+GEZxkOMQ7PXUpDI/p8nx84eEJU
      ZrHc2kv1VcpdAXLhtrpiicUCgYEAyCA3GDc282T3BXj061vqR2rpFaqhdlRy7S2B
      tA3BJj2Qrh1bgQGq9agC+YWm3xO3F/lJ+phK2WHoFOpR+m6w7Q0jx/L/BYOlJD+4
      h1zeZJKhLBQToodM1ZktcLGYFkSzNJeUImt5T1sErj5op9Ex97nZfYswCrl0GtGa
      NIVKJPsCgYEAhW+lLJ7LILV0qocjm8yj7U5SzT7++Y/rbWZPao5K4SdapW1O42LT
      cQYRlo1K0SoWijr9rHH9QAMSDKipsgyv3bR3pujSOCBp1/Re4Q0BBfLZoob83GRJ
      W+tIH+utmhC0ILSKPjGCF/xTFL96+tbi7yE95t1OOTGTVkyWedGXBoMCgYEAhWrP
      ZXokokNPWPtN8j1G2kdGDnHA+Y2h83OrzV6AxCkLHr49AKvHTnAB+65vP2J6D/uG
      pxAx5kFFY0bhUZ8gngjChUyqA60YwtUlr5M+7bcWHWK3wa+IjmYeSyEQDth3eGUN
      bEemNOdYdCmbGot2pSaQ/lzKsdD4EeEReFjcGKcCgYA+JeOt5WFENpv4LT+7P+j1
      k3xvOZ9sJGuXRXk9HXzsJvRCnc5oScwqku6i5HjzG8gyNVZg1sQGbVbWWmcNtaS8
      I3XalYAHYQyb8SGxlQP4ctKAN4j2Hbk1OHAMW84dfAQYQwFcBdaJTtMXQlbbX5Rh
      x90wE4qFuIapx6IKOmDxRw==
      -----END PRIVATE KEY-----
      

      difference between pkcs#1 and pkcs#8 format

      • A private key in pkcs#1 format with pem encoding begins with —–BEGIN RSA PRIVATE KEY—–
      • A private key in pkcs#8 format with pem encoding begins with —–BEGIN PRIVATE KEY—–
      • pkcs#1 format only includes a RSA private key.
      • pkcs#8 format includes meta data and a private key. The key might not be RSA private key. The meta data implies if it’s RSA private key or not.

      how to verify certificate with private key
      The certificate’s embedded public key is supposed to be the same as the public key computed from its corresponding private key.

      • Get the public key embedded in a certificate.
      • $ openssl x509 -in  platform.x509.pem -noout -pubkey
        -----BEGIN PUBLIC KEY-----
        MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEAnHgFkqwNXTgc3qpl7Mim
        AG42SAxtcgexIBG+UIY6q+K1XQCa33FG1vIgIoDHzU172yYkO4qAbCazSxN1I6SS
        aCJJBNwBST58Cs8aBch09psDe2AwnZB00kKA4WutKoc0NhlR6vcqSC0JsgSxh14S
        rJjBqnc9aAC56v3lbVi+2OjaFvmjYAmcN6g0pt/tt7a0SgSeB6Jp/M8sVJbyzzbW
        TfkKO42PNKO6q0z1M3GrJ3GbO6WHVK0MU/wU4dtF1R4jT7vpPJuk7fnOVCYTUOxT
        Vge/aaL/SqB9tffqIA0JpsG0niFAL4ntEZCJOqtakYDxUugvhaRXU89fwZBxxe7I
        JwIBAw==
        -----END PUBLIC KEY-----
        
      • Compute the public key from a private key.
      • $ openssl pkcs8 -in platform.pk8 -inform der -nocrypt -out platform.pem -outform pem
        $ openssl rsa -in platform.pem -inform pem -pubout
        writing RSA key
        -----BEGIN PUBLIC KEY-----
        MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEAnHgFkqwNXTgc3qpl7Mim
        AG42SAxtcgexIBG+UIY6q+K1XQCa33FG1vIgIoDHzU172yYkO4qAbCazSxN1I6SS
        aCJJBNwBST58Cs8aBch09psDe2AwnZB00kKA4WutKoc0NhlR6vcqSC0JsgSxh14S
        rJjBqnc9aAC56v3lbVi+2OjaFvmjYAmcN6g0pt/tt7a0SgSeB6Jp/M8sVJbyzzbW
        TfkKO42PNKO6q0z1M3GrJ3GbO6WHVK0MU/wU4dtF1R4jT7vpPJuk7fnOVCYTUOxT
        Vge/aaL/SqB9tffqIA0JpsG0niFAL4ntEZCJOqtakYDxUugvhaRXU89fwZBxxe7I
        JwIBAw==
        -----END PUBLIC KEY-----
        

      conclusion
      This post discusses private key formats and encodings. It also shows how to verify a certificate with its corresponding private key.

    android: security: x509 certificate and encodings

    December 19, 2016

    This post discusses x509 certificate, its encodings, and android default platform key’s certificate.

    what is certificate
    It includes a public key and information related to this key, such as issuers and encryption algorithm.

    what is x509 certificate
    A certificate format.

    android default platform key’s certificate
    Android default platform key is only used during development stage. Below shows how to get android default platform key’s certificate in android 5.1.1. The file name of this certificate is platform.x509.pem.

    $ git clone https://android.googlesource.com/platform/build
    $ git reset --hard android-5.1.1_r1
    $ cd build/target/product/security 
    $ ls 
    Android.mk              media.pk8               platform.pk8            shared.pk8              testkey.pk8             verity.pk8              verity_key
    README                  media.x509.pem          platform.x509.pem       shared.x509.pem         testkey.x509.pem        verity.x509.pem
    

    x509 and encodings
    X509 format could be represented in two encodings.

    • pem encoding: Base64 in ASCII text. It begins with —–BEGIN CERTIFICATE—– and ends with —–END CERTIFICATE—–
    • der encoding: binary data
    • $ file platform.x509.pem
      platform.x509.pem: ASCII text
      $ cat platform.x509.pem
      -----BEGIN CERTIFICATE-----
      MIID4zCCAsugAwIBAgIJAIYmxNS3ueGhMA0GCSqGSIb3DQEBBQUAMIGHMQswCQYD
      VQQGEwJDTjERMA8GA1UECAwIU2hlbnpoZW4xEDAOBgNVBAcMB05hbnNoYW4xDTAL
      BgNVBAoMBE1pa2kxDTALBgNVBAsMBE1pa2kxEjAQBgNVBAMMCVNpdGVyd2VsbDEh
      MB8GCSqGSIb3DQEJARYSc2l0ZXJ3ZWxsQG1pa2kuY29tMB4XDTE2MDkxMjEzMTEw
      NloXDTQ0MDEyOTEzMTEwNlowgYcxCzAJBgNVBAYTAkNOMREwDwYDVQQIDAhTaGVu
      emhlbjEQMA4GA1UEBwwHTmFuc2hhbjENMAsGA1UECgwETWlraTENMAsGA1UECwwE
      TWlraTESMBAGA1UEAwwJU2l0ZXJ3ZWxsMSEwHwYJKoZIhvcNAQkBFhJzaXRlcndl
      bGxAbWlraS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDe+L/H
      VlmJt2oRCLoxvebthSPpIAYcFK3+MK4yv0On8bzbrDpaTMct1b+8Or24xkomyz7I
      7y0mKLkDYxd2NLwMTw/JsX0n6yOUBVpvkGPQKg8jXXI13BvnOqzZDBdU4uUX0SAx
      IbVIYijfTdCH5IT6O7Fym9Iju2F39iMMpjePvsi4IAlaqHmXe4blaJcMsBrIV7yf
      vQExGDJpJiFIQ0UUSKVsKpUnFI0TdQiBZGHY3cHV0HI6mDHUocnTGIXhnZ0jF2Cs
      LdJ1oEryvnMkVTRd4KjtxilkntWGTy8PjY3Je1KuAKrxIl6gLx8w6rCEDYFAZXTh
      RdWHAe63Z1n94UCdAgMBAAGjUDBOMB0GA1UdDgQWBBTBICrojPpl7zoOs937tO9Z
      gdsHxDAfBgNVHSMEGDAWgBTBICrojPpl7zoOs937tO9ZgdsHxDAMBgNVHRMEBTAD
      AQH/MA0GCSqGSIb3DQEBBQUAA4IBAQB5Id+i6oaC/tJ4/7Tc3xg/3v15VLT+qgcN
      G0NWPq+XyGJ4fI95CNAV3QcDQXkVk6u00JFLC0yIygnaz3r/rYFh+1v0P/sHK4A6
      LG75C6RUGmQaqW8enDHK8hkcp7Qxfk+75b7geIQiotGH0Yk2Zl1HGRHB0+54W+hU
      sOfgymV5cNhkC+NYOUc1y3QTVv6kMjua3g0fGIHTD+CqhEeUVlkhm4+LOl0AXD1Q
      PVY0Qoe6d3g21bucFiX/1NWhVUQccYIKhsRlX3FS7JGRLYUCC3/Xt8pn84yENEo7
      V1d7SOWTspSKRUnZySFZc1eObuveKOdjl893o/vQF1CSAwOh/JkH
      -----END CERTIFICATE-----
      

    transform x509 format between different encodings

    • Transform a x509 format certificate from pem encoding into der encoding
    • $ openssl x509 -in platform.x509.pem -inform pem -out platform.x509.der -outform der
      
    • Transform a x509 format certificate from der encoding into pem encoding
    • $ openssl x509 -in platform.x509.der -inform der -out platform.x509.pem.2 -outform pem
      
    • Verify that this x509 certificate is the same with the two encodings.
    • bash-3.2$ openssl x509 -in platform.x509.pem -inform pem
      -----BEGIN CERTIFICATE-----
      MIID4zCCAsugAwIBAgIJAIYmxNS3ueGhMA0GCSqGSIb3DQEBBQUAMIGHMQswCQYD
      VQQGEwJDTjERMA8GA1UECAwIU2hlbnpoZW4xEDAOBgNVBAcMB05hbnNoYW4xDTAL
      BgNVBAoMBE1pa2kxDTALBgNVBAsMBE1pa2kxEjAQBgNVBAMMCVNpdGVyd2VsbDEh
      MB8GCSqGSIb3DQEJARYSc2l0ZXJ3ZWxsQG1pa2kuY29tMB4XDTE2MDkxMjEzMTEw
      NloXDTQ0MDEyOTEzMTEwNlowgYcxCzAJBgNVBAYTAkNOMREwDwYDVQQIDAhTaGVu
      emhlbjEQMA4GA1UEBwwHTmFuc2hhbjENMAsGA1UECgwETWlraTENMAsGA1UECwwE
      TWlraTESMBAGA1UEAwwJU2l0ZXJ3ZWxsMSEwHwYJKoZIhvcNAQkBFhJzaXRlcndl
      bGxAbWlraS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDe+L/H
      VlmJt2oRCLoxvebthSPpIAYcFK3+MK4yv0On8bzbrDpaTMct1b+8Or24xkomyz7I
      7y0mKLkDYxd2NLwMTw/JsX0n6yOUBVpvkGPQKg8jXXI13BvnOqzZDBdU4uUX0SAx
      IbVIYijfTdCH5IT6O7Fym9Iju2F39iMMpjePvsi4IAlaqHmXe4blaJcMsBrIV7yf
      vQExGDJpJiFIQ0UUSKVsKpUnFI0TdQiBZGHY3cHV0HI6mDHUocnTGIXhnZ0jF2Cs
      LdJ1oEryvnMkVTRd4KjtxilkntWGTy8PjY3Je1KuAKrxIl6gLx8w6rCEDYFAZXTh
      RdWHAe63Z1n94UCdAgMBAAGjUDBOMB0GA1UdDgQWBBTBICrojPpl7zoOs937tO9Z
      gdsHxDAfBgNVHSMEGDAWgBTBICrojPpl7zoOs937tO9ZgdsHxDAMBgNVHRMEBTAD
      AQH/MA0GCSqGSIb3DQEBBQUAA4IBAQB5Id+i6oaC/tJ4/7Tc3xg/3v15VLT+qgcN
      G0NWPq+XyGJ4fI95CNAV3QcDQXkVk6u00JFLC0yIygnaz3r/rYFh+1v0P/sHK4A6
      LG75C6RUGmQaqW8enDHK8hkcp7Qxfk+75b7geIQiotGH0Yk2Zl1HGRHB0+54W+hU
      sOfgymV5cNhkC+NYOUc1y3QTVv6kMjua3g0fGIHTD+CqhEeUVlkhm4+LOl0AXD1Q
      PVY0Qoe6d3g21bucFiX/1NWhVUQccYIKhsRlX3FS7JGRLYUCC3/Xt8pn84yENEo7
      V1d7SOWTspSKRUnZySFZc1eObuveKOdjl893o/vQF1CSAwOh/JkH
      -----END CERTIFICATE-----
      bash-3.2$ openssl x509 -in platform.x509.der -inform der
      -----BEGIN CERTIFICATE-----
      MIID4zCCAsugAwIBAgIJAIYmxNS3ueGhMA0GCSqGSIb3DQEBBQUAMIGHMQswCQYD
      VQQGEwJDTjERMA8GA1UECAwIU2hlbnpoZW4xEDAOBgNVBAcMB05hbnNoYW4xDTAL
      BgNVBAoMBE1pa2kxDTALBgNVBAsMBE1pa2kxEjAQBgNVBAMMCVNpdGVyd2VsbDEh
      MB8GCSqGSIb3DQEJARYSc2l0ZXJ3ZWxsQG1pa2kuY29tMB4XDTE2MDkxMjEzMTEw
      NloXDTQ0MDEyOTEzMTEwNlowgYcxCzAJBgNVBAYTAkNOMREwDwYDVQQIDAhTaGVu
      emhlbjEQMA4GA1UEBwwHTmFuc2hhbjENMAsGA1UECgwETWlraTENMAsGA1UECwwE
      TWlraTESMBAGA1UEAwwJU2l0ZXJ3ZWxsMSEwHwYJKoZIhvcNAQkBFhJzaXRlcndl
      bGxAbWlraS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDe+L/H
      VlmJt2oRCLoxvebthSPpIAYcFK3+MK4yv0On8bzbrDpaTMct1b+8Or24xkomyz7I
      7y0mKLkDYxd2NLwMTw/JsX0n6yOUBVpvkGPQKg8jXXI13BvnOqzZDBdU4uUX0SAx
      IbVIYijfTdCH5IT6O7Fym9Iju2F39iMMpjePvsi4IAlaqHmXe4blaJcMsBrIV7yf
      vQExGDJpJiFIQ0UUSKVsKpUnFI0TdQiBZGHY3cHV0HI6mDHUocnTGIXhnZ0jF2Cs
      LdJ1oEryvnMkVTRd4KjtxilkntWGTy8PjY3Je1KuAKrxIl6gLx8w6rCEDYFAZXTh
      RdWHAe63Z1n94UCdAgMBAAGjUDBOMB0GA1UdDgQWBBTBICrojPpl7zoOs937tO9Z
      gdsHxDAfBgNVHSMEGDAWgBTBICrojPpl7zoOs937tO9ZgdsHxDAMBgNVHRMEBTAD
      AQH/MA0GCSqGSIb3DQEBBQUAA4IBAQB5Id+i6oaC/tJ4/7Tc3xg/3v15VLT+qgcN
      G0NWPq+XyGJ4fI95CNAV3QcDQXkVk6u00JFLC0yIygnaz3r/rYFh+1v0P/sHK4A6
      LG75C6RUGmQaqW8enDHK8hkcp7Qxfk+75b7geIQiotGH0Yk2Zl1HGRHB0+54W+hU
      sOfgymV5cNhkC+NYOUc1y3QTVv6kMjua3g0fGIHTD+CqhEeUVlkhm4+LOl0AXD1Q
      PVY0Qoe6d3g21bucFiX/1NWhVUQccYIKhsRlX3FS7JGRLYUCC3/Xt8pn84yENEo7
      V1d7SOWTspSKRUnZySFZc1eObuveKOdjl893o/vQF1CSAwOh/JkH
      -----END CERTIFICATE-----
      

      get issuer information from a x509 certificate
      Below shows how to use openssl x509 command to get issuer information from android default platform key’s certificate.

      $ openssl x509 -in  platform.x509.pem -noout -issuer 
      issuer= /C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com
      

      get public key from a x509 certificate
      Below shows how to use openssl x509 command to get public key from android default platform key’s certificate.

      $ openssl x509 -in  platform.x509.pem -noout -pubkey
      -----BEGIN PUBLIC KEY-----
      MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEAnHgFkqwNXTgc3qpl7Mim
      AG42SAxtcgexIBG+UIY6q+K1XQCa33FG1vIgIoDHzU172yYkO4qAbCazSxN1I6SS
      aCJJBNwBST58Cs8aBch09psDe2AwnZB00kKA4WutKoc0NhlR6vcqSC0JsgSxh14S
      rJjBqnc9aAC56v3lbVi+2OjaFvmjYAmcN6g0pt/tt7a0SgSeB6Jp/M8sVJbyzzbW
      TfkKO42PNKO6q0z1M3GrJ3GbO6WHVK0MU/wU4dtF1R4jT7vpPJuk7fnOVCYTUOxT
      Vge/aaL/SqB9tffqIA0JpsG0niFAL4ntEZCJOqtakYDxUugvhaRXU89fwZBxxe7I
      JwIBAw==
      -----END PUBLIC KEY-----
      

      get all information from a x509 certificate
      Below shows how to use openssl x509 command to all information from android default platform key’s certificate.

      $ openssl x509 -in  platform.x509.pem -noout -text
      Certificate:
          Data:
              Version: 3 (0x2)
              Serial Number:
                  b3:99:80:86:d0:56:cf:fa
              Signature Algorithm: md5WithRSAEncryption
              Issuer: C=US, ST=California, L=Mountain View, O=Android, OU=Android, CN=Android/emailAddress=android@android.com
              Validity
                  Not Before: Apr 15 22:40:50 2008 GMT
                  Not After : Sep  1 22:40:50 2035 GMT
              Subject: C=US, ST=California, L=Mountain View, O=Android, OU=Android, CN=Android/emailAddress=android@android.com
              Subject Public Key Info:
                  Public Key Algorithm: rsaEncryption
                  RSA Public Key: (2048 bit)
                      Modulus (2048 bit):
                          00:9c:78:05:92:ac:0d:5d:38:1c:de:aa:65:ec:c8:
                          a6:00:6e:36:48:0c:6d:72:07:b1:20:11:be:50:86:
                          3a:ab:e2:b5:5d:00:9a:df:71:46:d6:f2:20:22:80:
                          c7:cd:4d:7b:db:26:24:3b:8a:80:6c:26:b3:4b:13:
                          75:23:a4:92:68:22:49:04:dc:01:49:3e:7c:0a:cf:
                          1a:05:c8:74:f6:9b:03:7b:60:30:9d:90:74:d2:42:
                          80:e1:6b:ad:2a:87:34:36:19:51:ea:f7:2a:48:2d:
                          09:b2:04:b1:87:5e:12:ac:98:c1:aa:77:3d:68:00:
                          b9:ea:fd:e5:6d:58:be:d8:e8:da:16:f9:a3:60:09:
                          9c:37:a8:34:a6:df:ed:b7:b6:b4:4a:04:9e:07:a2:
                          69:fc:cf:2c:54:96:f2:cf:36:d6:4d:f9:0a:3b:8d:
                          8f:34:a3:ba:ab:4c:f5:33:71:ab:27:71:9b:3b:a5:
                          87:54:ad:0c:53:fc:14:e1:db:45:d5:1e:23:4f:bb:
                          e9:3c:9b:a4:ed:f9:ce:54:26:13:50:ec:53:56:07:
                          bf:69:a2:ff:4a:a0:7d:b5:f7:ea:20:0d:09:a6:c1:
                          b4:9e:21:40:2f:89:ed:11:90:89:3a:ab:5a:91:80:
                          f1:52:e8:2f:85:a4:57:53:cf:5f:c1:90:71:c5:ee:
                          c8:27
                      Exponent: 3 (0x3)
              X509v3 extensions:
                  X509v3 Subject Key Identifier: 
                      4F:E4:A0:B3:DD:9C:BA:29:F7:1D:72:87:C4:E7:C3:8F:20:86:C2:99
                  X509v3 Authority Key Identifier: 
                      keyid:4F:E4:A0:B3:DD:9C:BA:29:F7:1D:72:87:C4:E7:C3:8F:20:86:C2:99
                      DirName:/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com
                      serial:B3:99:80:86:D0:56:CF:FA
      
                  X509v3 Basic Constraints: 
                      CA:TRUE
          Signature Algorithm: md5WithRSAEncryption
              57:25:51:b8:d9:3a:1f:73:de:0f:6d:46:9f:86:da:d6:70:14:
              00:29:3c:88:a0:cd:7c:d7:78:b7:3d:af:cc:19:7f:ab:76:e6:
              21:2e:56:c1:c7:61:cf:c4:2f:d7:33:de:52:c5:0a:e0:88:14:
              ce:fc:0a:3b:5a:1a:43:46:05:4d:82:9f:1d:82:b4:2b:20:48:
              bf:88:b5:d1:49:29:ef:85:f6:0e:dd:12:d7:2d:55:65:7e:22:
              e3:e8:5d:04:c8:31:d6:13:d1:99:38:bb:89:82:24:7f:a3:21:
              25:6b:a1:2d:1d:6a:8f:92:ea:1d:b1:c3:73:31:7b:a0:c0:37:
              f0:d1:af:f6:45:ae:f2:24:97:9f:ba:6e:7a:14:bc:02:5c:71:
              b9:81:38:ce:f3:dd:fc:05:96:17:cf:24:84:5c:f7:b4:0d:63:
              82:f7:27:5e:d7:38:49:5a:b6:e5:93:1b:94:21:76:5c:49:1b:
              72:fb:68:e0:80:db:db:58:c2:02:9d:34:7c:8b:32:8c:e4:3e:
              f6:a8:b1:55:33:ed:fb:e9:89:bd:6a:48:dd:4b:20:2e:da:94:
              c6:ab:8d:d5:b8:39:92:03:da:ae:2e:d4:46:23:2e:4f:e9:bd:
              96:13:94:c6:30:0e:51:38:e3:cf:d2:85:e6:e4:e4:83:53:8c:
              b8:b1:b3:57
      

      conclusion
      This post discusses x509 format certificate. It demonstrates how to use openssl x509 command to manipulate and get information from android default platform key’s certificate.


    %d bloggers like this: