One of Android’s security verification methods using signed SHA1 (recommended)

Recently, baidu map API was used in Android project. When applying for Baidu map key, we need to fill in "signed SHA1" and "client package name", and then Baidu generates a key for us.

So it triggered thinking, why does Baidu need the SHA1 value of our client signature?

The first idea is: Baidu takes the parameter SHA1 and package name we entered for some column algorithm calculation, and generates a key to return to us.

In order to prove this idea, we wrote a demo to test. The method for Android to obtain the package name is very simple, but we also need to obtain the keystore fingerprint SHA1 from the client.

Only by searching and analyzing various data can we get the method.

1、 First, let's take a look at the meta inf directory under the APK package

What we already know is that Android will sign each APK file. When installing the APK file, the system will compare its signature information to judge the integrity of the program, so as to determine whether the APK file can be installed, so as to achieve the purpose of security to a certain extent.

Given an APK file, unzip it and you can see a meta info folder. There are three files under this folder: manifest.mf, cert.sf and cert.rsa. These three documents respectively represent the following meanings:

(1) Manifest.mf: This is the summary file. The program traverses all the entries in the APK package, generates summary information with SHA1 one by one for the files of non folder and non signature files, and then encodes them with Base64. If you change the files in APK package, the changed file summary information is different from the verification information of manifest.mf during APK installation verification, so the program cannot be installed successfully.

Note: if an attacker modifies the content of the program and regenerates a new summary, it can pass the verification, so this is a very simple verification.

(2) Cert.sf: This is the signature file for the digest. For the manifest.mf generated in the previous step, sha1-rsa algorithm is used to sign with the developer's private key. Only the public key can be used to decrypt it during installation. After decryption, compare it with the unencrypted summary information (i.e. manifest.mf file). If it matches, it indicates that the content has not been abnormally modified.

Note: in this step, even if the developer modifies the program content and generates a new summary file, the attacker does not have the developer's private key, so he cannot generate a correct signature file (cert.sf). When the system verifies the program, it decrypts the incorrect signature file with the developer's public key. The result obtained does not correspond to the summary file (manifest. MF), so it cannot pass the inspection and successfully install the file.

(3) The cert.rsa file stores the public key, encryption algorithm and other information.

Note: the system decrypts the signature file, and the required public key is taken from this file.

Conclusion: from the above summary, it can be seen that the files in meta info are linked, so as to ensure the security of Android programs. (it just prevents the developer's program from being modified by the attacker. If the developer's public-private key pair is obtained by the attacker or the developer develops an attack program, the Android system cannot detect it.)

Unpack the APK package, and then use the command keytool - printcert - file cert.rsa to view cert.rsa, as shown in the figure:

The answer is obvious. The cert.rsa file contains information about the signature.

When we use the following code to obtain certificate information:

Looking at the API, we can find that the x509certificate class does not provide a method to directly obtain the SHA1 value.

After studying the encryption algorithm of signature files, we can calculate the value of SHA1 according to the publickey. The calculation method is as follows:

>Get the byte array of the public key through the getencoded() method of x509certificate.

>Use messagedigest to degest the byte array in SHA1 to get a new byte array.

>Then use hexadecimal to convert the new byte array, and finally get the fingerprint SHA1 of the certificate file.

For more detailed encryption algorithms, you can further study the Java signature certificate rules.

We also have a compromise method, that is, when the client starts, call the server interface to transfer the file cert.rsa to the server by stream. The server processes it by using the commands in the screenshot above, obtains the SHA1 value, and then returns it to the client. The client records the value in the memory variable for use.

Note: the SHA1 value of the certificate fingerprint we obtained is recommended to be used in the memory variable without storing it in the cache file.

Some other codes related to certificates are attached below

Java code for obtaining private key information:

Java code for obtaining public key information:

SHA1 encryption code:

One of the above Android security verification methods using signed SHA1 (recommended) is all the content shared by Xiaobian. I hope it can give you a reference and support programming tips.