summaryrefslogtreecommitdiffstats
path: root/target/product/security/README
blob: b92693d15bd01abc54bda679d0f569ec8dc389db (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
The following commands were used to generate the test key pair:

  openssl genrsa -3 -out testkey.pem 2048

  openssl req -new -x509 -key testkey.pem -out testkey.x509.pem -days 10000 \
    -subj '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'

  openssl pkcs8 -in testkey.pem -topk8 -outform DER -out testkey.pk8 -nocrypt

Alternatively you can use the "mkkey.sh" command included in this directory.

The following standard test keys are currently included:

testkey -- a generic key for packages that do not otherwise specify a key.
platform -- a test key for packages that are part of the core platform.
shared -- a test key for things that are shared in the home/contacts process.
media -- a test key for packages that are part of the media/download system.

These test keys are used strictly in development, and should never be assumed
to convey any sort of validity.  When $BUILD_SECURE=true, the code should not
honor these keys in any context.


signing using the openssl commandline (for boot/system images)
--------------------------------------------------------------

1. convert pk8 format key to pem format
   % openssl pkcs8 -inform DER -nocrypt -in testkey.pk8 -out testkey.pem

2. create a signature using the pem format key
   % openssl dgst -binary -sha1 -sign testkey.pem FILE > FILE.sig 

extracting public keys for embedding
------------------------------------
it's a Java tool
but it generates C code
take a look at commands/recovery/Android.mk
you'll see it running $(HOST_OUT_JAVA_LIBRARIES)/dumpkey.jar