PC SOFT

FORUMS PROFESSIONNELS
WINDEVWEBDEV et WINDEV Mobile

Accueil  |  Messages récents  | Connexion  |   | Français  FR
Accueil → WINDEV Mobile 2024 → changing SHA-1 digest from Android app
changing SHA-1 digest from Android app
Débuté par Rogelio, 01 avr. 2018 02:23 - 2 réponses
#1
Posté le 01 avril 2018 - 02:23
Has anyone a idea if its possible to change the digest that is using windev mobile to sign the application ?, the reason for my question is that by default windev uses SHA-1 Digest on the application, and that only supports 1024 Bits key signing. Amyone know if its possible to sign a windev mobile with a 2048 bit key ?.

I have try to make keystores with that length of a key but i always get the error:

-digestalg SHA1 -sigalg SHA1withDSA "test.apk" test
Error returned:
jarsigner error: java.security.InvalidKeyException: The security strength of SHA-1 digest algorithm is not sufficient for this key size

When i use a 1024 bit key it works fine and no problem is encountered, anyone has come across this before ?

i just think it would be nice to be able to sign the apps with a higher key strength

Thanks for any help
#2
Posté le 19 août 2024 - 20:12
For anyone having this issue in the future, you may use RSA instead of SHA1 or DSA to get more than 1024 bits. Here's an example:

-genkey -keystore "{keystore}" -storepass {storepass} -alias {alias} -keypass {keypass} -dname cn="{dname}",o="{dname}" -validity 1234 -keyalg RSA -sigalg SHA256withRSA -keysize 2048

This is very important to keep in mind for signing any apps for Google Play, as I had to figure out the hard way.

Hope this helps.
#3
Membre enregistré
2 messages
Posté le 25 septembre 2024 - 12:34
Hello,

In Windev Mobile, the default signing algorithm uses SHA-1, which is indeed limited in terms of security strength, especially when it comes to using keys longer than 1024 bits. To address your concerns about using a 2048-bit key for signing your applications, here are some potential approaches:

Update Signing Algorithm: Check if there's an option in Windev Mobile to configure the signing algorithm or the digest algorithm. Some development environments allow you to choose more secure algorithms like SHA-256.

Use Java Keytool: When creating your keystore with a 2048-bit key, ensure you specify a more secure algorithm in your keytool command. For example, try using -sigalg SHA256withRSA instead of SHA-1. keytool -genkeypair -alias yourAlias -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -keystore yourKeystore.jks
Sign the APK Externally: After building your application with Windev Mobile, consider signing it manually using the jarsigner tool from the JDK. Make sure to specify the proper digest and signature algorithm. jarsigner -digestalg SHA-256 -sigalg SHA256withRSA -keystore yourKeystore.jks yourApp.apk yourAlias
Check for Updates: Make sure your Windev Mobile version is up to date. Sometimes https://www.publix-passport.com newer versions provide enhanced security features and options for signing.

Consult Documentation: Look into Windev Mobile’s official documentation or support forums to see if there are specific guidelines or updates regarding app signing and security practices.

hope that helps!
Message modifié, 25 septembre 2024 - 12:34
→ Revenir à WINDEV Mobile 2024