tbb-commits

Download

tbb-commits@lists.torproject.org

August 2025

1 participants
1 discussions

[Git][tpo/applications/tor-browser-build][main] Bug 41524: Add a script to generate an android signing key
by boklm (＠boklm) 01 Aug '25

01 Aug '25

boklm pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 86e52868 by Nicolas Vigier at 2025-07-31T16:51:43+02:00 Bug 41524: Add a script to generate an android signing key - - - - - 5 changed files: - + tools/signing/generate-keys/generate-android-signing-key - + tools/signing/generate-keys/sign-aab - + tools/signing/generate-keys/sign-apk - + tools/signing/generate-keys/verify-aab - + tools/signing/generate-keys/verify-apk Changes: ===================================== tools/signing/generate-keys/generate-android-signing-key ===================================== @@ -0,0 +1,27 @@ +#!/bin/bash + +# This script generate a new Android signing key in the android-key directory +# Before running it you should edit the key_* variables for setting the +# key name, password, etc... + +set -e +script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +test -n "$set_config_only" || cd "$script_dir" + +key_alias=tor-vpn +key_password=123456 +key_dname='CN=Tor VPN, O=The Tor Project' + +test -n "$set_config_only" && return 0 + +mkdir android-key +cd android-key + +keytool -genkeypair -keysize 4096 -sigalg SHA512withRSA -keyalg RSA \ + -storetype PKCS12 -alias "$key_alias" -dname "$key_dname" \ + -validity 36500 -keystore "${key_alias}-private.p12" \ + -storepass "$key_password" -v + +# Export the generated certificate into a PEM file +keytool -exportcert -rfc -alias "$key_alias" -file "${key_alias}-public.pem" \ + -keystore "${key_alias}-private.p12" -storepass "$key_password" -v ===================================== tools/signing/generate-keys/sign-aab ===================================== @@ -0,0 +1,18 @@ +#!/bin/bash +# This script will sign the aab given as argument, as signed.aab in the +# current directory, using the key config from generate-android-signing-key + +set -e +script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +set_config_only=1 +source "$script_dir/generate-android-signing-key" + +if test "$#" -ne 1; then + echo "Wrong number of arguments" >&2 + exit 1 +fi + +jarsigner -keystore "$script_dir/android-key/${key_alias}-private.p12" \ + -storepass "${key_password}" -signedjar signed.aab -verbose \ + "$1" "${key_alias}" +echo "Signed $1 in signed.aab" ===================================== tools/signing/generate-keys/sign-apk ===================================== @@ -0,0 +1,18 @@ +#!/bin/bash + +# This script will sign the apk given as argument, as signed.apk in the +# current directory, using the key config from generate-android-signing-key + +set -e +script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +set_config_only=1 +source "$script_dir/generate-android-signing-key" + +if test "$#" -ne 1; then + echo "Wrong number of arguments" >&2 + exit 1 +fi + +apksigner sign --ks "$script_dir/android-key/${key_alias}-private.p12" \ + --ks-pass "pass:${key_password}" --out signed.apk "$1" +echo "Signed $1 in signed.apk" ===================================== tools/signing/generate-keys/verify-aab ===================================== @@ -0,0 +1,18 @@ +#!/bin/bash +# This script takes no argument and will verify the signature of the +# file signed.aab in the currenty directory, using the key config from +# generate-android-signing-key + +set -e +script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +set_config_only=1 +source "$script_dir/generate-android-signing-key" + +if test "$#" -ne 0; then + echo "Wrong number of arguments" >&2 + exit 1 +fi + +jarsigner -keystore "$script_dir/android-key/${key_alias}-private.p12" \ + -storepass "${key_password}" -verify -verbose -certs signed.aab \ + -verbose "${key_alias}" ===================================== tools/signing/generate-keys/verify-apk ===================================== @@ -0,0 +1,18 @@ +#!/bin/bash +# This script takes no argument and will verify the signature of the +# file signed.apk in the currenty directory, using the key config from +# generate-android-signing-key + +set -e +script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +set_config_only=1 +source "$script_dir/generate-android-signing-key" + +if test "$#" -ne 0; then + echo "Wrong number of arguments" >&2 + exit 1 +fi + +jarsigner -keystore "$script_dir/android-key/${key_alias}-private.p12" \ + -storepass "${key_password}" -verify -verbose -certs signed.apk \ + -verbose "${key_alias}" View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/8… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/8… You're receiving this email because of your account on gitlab.torproject.org.

1 0