Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
138 views
in Technique[技术] by (71.8m points)

android - KeyStore and Key Alias

I'm in the process of exporting an app and I'm very curious about the keystore and keyalias. I'm not really sure what are they for, or how many should I create (maybe one for each app?). I would appreciate any information relating those keys. Thanks

question from:https://stackoverflow.com/questions/17663991/keystore-and-key-alias

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

It is basically a way to identify yourself with your app. There are debug keys and signing keys, the latter which you will need to upload APKs to the Play store and publish your app. The Key Alias is a just a commonplace name that points to a specific certificate. You can create one for each release, or just use the same one for all your apps. I suggest creating one for each app, and making sure you back up multiple copies. I like to keep 3, one on my system, one in my Dropbox, and another on an external somewhere. If you lose that keystore file there is absolutely no way to retrieve it, or publish future versions of an application. This questions is pretty useful

EDIT: The "App-Signing" section of the Developer's site actually suggest using the same certificate across all your apps

In general, the recommended strategy for all developers is to sign all of your applications with the same certificate, throughout the expected lifespan of your applications. There are several reasons why you should do so...

Application upgrade – As you release updates to your application, you must continue to sign the updates with the same certificate or set of certificates, if you want users to be able to upgrade seamlessly to the new version. When the system is installing an update to an application, it compares the certificate(s) in the new version with those in the existing version. If the certificates match exactly, including both the certificate data and order, then the system allows the update. If you sign the new version without using matching certificates, you must also assign a different package name to the application — in this case, the user installs the new version as a completely new application.

Application modularity – The Android system allows applications that are signed by the same certificate to run in the same process, if the applications so requests, so that the system treats them as a single application. In this way you can deploy your application in modules, and users can update each of the modules independently if needed. Code/data sharing through permissions – The Android system provides signature-based permissions enforcement, so that an application can expose functionality to another application that is signed with a specified certificate. By signing multiple applications with the same certificate and using signature-based permissions checks, your applications can share code and data in a secure manner.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...