开发者

Android APK Certificates - what fields are required and what if that info changes?

开发者 https://www.devze.com 2023-04-11 03:31 出处:网络
This seems pretty basic but I can\'t find the info I\'m looking for anywhere, particularly with regard to Android apps.

This seems pretty basic but I can't find the info I'm looking for anywhere, particularly with regard to Android apps.

I am creating my release key (self-signed) and I am asked for lots of info:

  • First and Last Name: (OK; not likely to change)
  • Organizational Unit: (Is this one's "business name"?)
  • Organization: (How's this different from the "Unit" above?)
  • City or Locality: (This may change...)
  • State or Province: (Also may change...)
  • Country Code (XX): (OK; not likely to change)

With that in mind, I've got two basic questions about self-signed certificates used to distribute Android apps:

  1. On creation, can I leave any of these fields EMPTY, particularly the ones that are likely to change? Or is that forbidden? (The big question.)
  2. What if I want to change a given field later? Does that mean creating a n开发者_运维技巧ew key and having everyone reinstall the app to ever upgrade again, even if I have the original key? (Seems to be the case, judging by what little I have found.)

Thanks in advance!


Edit: More info on #1 above: if this is anything like SSL certs, then the Name, Organization and Country should be sufficient. But IS that the case? Pros and cons of leaving any/all the other fields blank? I can't be the only one who's wondered about this in terms of apps... and the Android docs I've read so far aren't helping clarify this.

For #2, it appears that changing the certificate means regenerating it, and signing with that new cert doesn't avoid the Market problem (it's like a whole new app, even if you sign with both the new AND old certs). So it's all the more important to get it right (yet sufficiently generic in case you move) the first time you sign the app.


The content of these fields are actually pretty irrelevant and are not generally seen by anyone other than you. You can leave empty fields wherever keytool will allow without consequence later.

Once you sign an apk with a keystore and upload it to the Android Market, you cannot sign that same package with another keystore. This is obviously done to prevent someone else from replacing your app with another.

For my keystore I put my personal information in it, set the expiration date for 999 years in the future and keep it safe and backed up.


To strictly answer the question about which fields are optional: actually, all fields are optional. The only requirement is that you provide at least one (even if it's just the country code).

Here's Android Studio's explanation:

Android APK Certificates - what fields are required and what if that info changes?

It reads:

At least one Certificate issuer field is required to be non-empty

Sure enough, with some testing, I confirmed that only one field is required.

As answered by Michael, once your app is published, you can never change it.

0

精彩评论

暂无评论...
验证码 换一张
取 消