code-signingjcejcaapksigner

Is apksigner compliant with JCE (Java Cryptography Extension) specification?


Is apksigner tool that comes along with Android SDK Build Tools compliant with JCE (Java Cryptography Extension) specification?


Solution

  • The current (as of July 25 2017) apksigner version 0.7 released in Andriod SDK Build Tools 26.0.1 supports signing using HSM keys via Sun/Oracle's PKCS #11 Provider and its extensions. For example:

    apksigner sign --provider-class sun.security.pkcs11.SunPKCS11 \
      --provider-arg token.cfg --ks NONE --ks-type PKCS11 app.apk
    

    Also see https://geoffreymetais.github.io/code/key-signing/.