1 files changed, 38 insertions, 0 deletions

diff --git a/target/product/security/README b/target/product/security/README
new file mode 100644
index 0000000..b92693d
--- /dev/null
+++ b/target/product/security/README
@@ -0,0 +1,38 @@
+The following commands were used to generate the test key pair:
+
+  openssl genrsa -3 -out testkey.pem 2048
+
+  openssl req -new -x509 -key testkey.pem -out testkey.x509.pem -days 10000 \
+    -subj '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
+
+  openssl pkcs8 -in testkey.pem -topk8 -outform DER -out testkey.pk8 -nocrypt
+
+Alternatively you can use the "mkkey.sh" command included in this directory.
+
+The following standard test keys are currently included:
+
+testkey -- a generic key for packages that do not otherwise specify a key.
+platform -- a test key for packages that are part of the core platform.
+shared -- a test key for things that are shared in the home/contacts process.
+media -- a test key for packages that are part of the media/download system.
+
+These test keys are used strictly in development, and should never be assumed
+to convey any sort of validity.  When $BUILD_SECURE=true, the code should not
+honor these keys in any context.
+
+
+signing using the openssl commandline (for boot/system images)
+--------------------------------------------------------------
+
+1. convert pk8 format key to pem format
+   % openssl pkcs8 -inform DER -nocrypt -in testkey.pk8 -out testkey.pem
+
+2. create a signature using the pem format key
+   % openssl dgst -binary -sha1 -sign testkey.pem FILE > FILE.sig 
+
+extracting public keys for embedding
+------------------------------------
+it's a Java tool
+but it generates C code
+take a look at commands/recovery/Android.mk
+you'll see it running $(HOST_OUT_JAVA_LIBRARIES)/dumpkey.jar
\ No newline at end of file