blocks|key|555191|text|在出版之前你得把它们上传到戏剧店。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|555192|然后根据apk：http://developer.android.com/google/play/licensing/adding-licensing.html#account-key的签名对其进行检查。|offset|length|555193|如果您正在讨论在安装时验证应用程序的密钥:您可以使用任何密钥来签署一个应用程序并通过亚行安装它。但是，你必须使用相同的密钥重新安装一个应用程序。在这种情况下，键不像Google那样在全局回购中进行检查，它们只是在本地进行检查。|555194|对于测试来说，情况有点不同，我认为这是因为测试运行程序和被测试代码的交互，它们必须在相同的进程中运行，所以，如果您使用调试证书安装了应用程序的测试包，那么您就不能使用发布证书安装应用程序，或者安装带有调试证书的应用程序，或者卸载测试。|555195|这里的一些细节：http://developer.android.com/tools/publishing/app-signing.html|555196|entityMap|0|LINK|mutability|MUTABLE|url|http://developer.android.com/google/play/licensing/adding-licensing.html#account-key|1|http://developer.android.com/tools/publishing/app-signing.html^0|0|8|2C|0|0|0|0|8|1Q|1|0^^$0|@$1|2|3|4|5|6|7|V|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|W|8|@]|9|@$D|X|E|Y|1|Z]]|A|$]]|$1|F|3|G|5|6|7|10|8|@]|9|@]|A|$]]|$1|H|3|I|5|6|7|11|8|@]|9|@]|A|$]]|$1|J|3|K|5|6|7|12|8|@]|9|@$D|13|E|14|1|15]]|A|$]]|$1|L|3|-4|5|6|7|16|8|@]|9|@]|A|$]]]|M|$N|$5|O|P|Q|A|$R|S]]|T|$5|O|P|Q|A|$R|U]]]]

You gotta upload them on the play store before publishing.

It is then checked against the signature of your apk : 
<a href="http://developer.android.com/google/play/licensing/adding-licensing.html#account-key" rel="nofollow">http://developer.android.com/google/play/licensing/adding-licensing.html#account-key</a>

<hr>

If you are talking about the key to verify apps on install : you can use any key to sign an app and install it via adb. But, you will have to use the same key to re-install an app. In that case, keys are not checked against a global repo like with Google Play, they are just checked locally.

For testing, things are a bit different, I believe it's due to interaction of instrumentation runner and the code under test, they have to be run in the same process so, if you install an app's test package with a debug certificate, then you can't install the app using a release certificate, either you install the app with debug certificate as well, or you uninstall the tests.

Some details here : <a href="http://developer.android.com/tools/publishing/app-signing.html" rel="nofollow">http://developer.android.com/tools/publishing/app-signing.html</a>

blocks|key|1276578|text|下面是一个示例，请按照“获取证书”中的步骤1-8执行。这不仅仅是一个Google教程，它涵盖了您在我提到的那一节中需要的关键签名。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1276579|还有一个关于Android开发的调试和发布键的链接，它提供了关于Android开发站点的更多信息。|1276580|链接:+Android签名键和Google密钥|offset|length|1276581|entityMap|0|LINK|mutability|MUTABLE|url|http://www.digitalopium.com/android-google-maps-api-tutorial/^0|0|0|0|N|0|0^^$0|@$1|2|3|4|5|6|7|P|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|Q|8|@]|9|@]|A|$]]|$1|D|3|E|5|6|7|R|8|@]|9|@$F|S|G|T|1|U]]|A|$]]|$1|H|3|-4|5|6|7|V|8|@]|9|@]|A|$]]]|I|$J|$5|K|L|M|A|$N|O]]]]

Here is an example, follow steps 1 - 8 in "Getting a Certificate".
This isn't just a Google API tutorial, it covers the key signing that you need in that one section i mentioned. 
There's a link there also in regards to Debug and Release keys for Android development that provides more info on the Android development site.

<a href="http://www.digitalopium.com/android-google-maps-api-tutorial/" rel="nofollow">LINK: Android Signing Keys and Google Map API Key</a>

blocks|key|555300|text|公钥分布在apk文件中。如果您解压缩apk文件，您可以在其中找到一个名为META的特殊文件夹，其中包含有关签名的所有信息。基本上，您需要研究扩展名为*.RSA和*.DSA的文件，这些文件包含包的签名和公钥。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|555301|您可以阅读这两篇文章(一，二)来理解这个过程。|offset|length|555302|entityMap|0|LINK|mutability|MUTABLE|url|http://nelenkov.blogspot.it/2013/04/android-code-signing.html|1|http://nelenkov.blogspot.it/2013/05/code-signing-in-androids-security-model.html^0|0|B|1|0|D|1|1|0^^$0|@$1|2|3|4|5|6|7|P|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|Q|8|@]|9|@$D|R|E|S|1|T]|$D|U|E|V|1|W]]|A|$]]|$1|F|3|-4|5|6|7|X|8|@]|9|@]|A|$]]]|G|$H|$5|I|J|K|A|$L|M]]|N|$5|I|J|K|A|$L|O]]]]

The public key is distributed within the apk file. If you unarchive an apk file you can find there a special folder called META-INF where all information about the signature is contained. Basically, you need to explore files with extensions *.RSA and *.DSA, which contain signature of the package along with public key.

You can read these two article (<a href="http://nelenkov.blogspot.it/2013/04/android-code-signing.html">one</a>, <a href="http://nelenkov.blogspot.it/2013/05/code-signing-in-androids-security-model.html">two</a>) to understand the process

blocks|key|1555615|text|http://developer.android.com/google/play/licensing/adding-licensing.html#account-key|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|1555616|链接的某些部分将解决您的问题，将您的公钥嵌入许可。|1555617|对于每个应用程序，Google服务都会自动生成一个2048位RSA公钥/私钥对，用于授权和应用内计费。密钥对与应用程序唯一关联。虽然与应用程序相关联，但密钥对与用于对应用程序(或从中派生的)进行签名的密钥不相同。|1555618|Google控制台向登录到开发人员控制台的任何开发人员公开用于授权的公钥，但它将私钥隐藏在一个安全的位置上，不让所有用户看到。当应用程序请求对在您的帐户中发布的应用程序进行许可证检查时，许可服务器使用应用程序密钥对的私钥签名许可证响应。当LVL接收到响应时，它使用应用程序提供的公钥来验证许可证响应的签名。|1555619|要将许可添加到应用程序中，您必须获取应用程序的公共密钥以进行许可，并将其复制到应用程序中。下面是如何找到应用程序许可的公钥：|1555620|转到Google控制台并登录。确保您登录到您正在授权的应用程序发布(或将被发布)的帐户。在“应用程序详细信息”页面中，找到“服务和API”链接并单击它。在“服务和App”页面中，查找“许可证和应用程序中的计费”部分。此应用程序字段的许可证密钥中给出了用于授权的公钥。要将公钥添加到应用程序中，只需将密钥字符串从字段复制/粘贴到应用程序中，作为字符串变量BASE64_PUBLIC_KEY的值。在复制时，请确保选择了整个键字符串，而不遗漏任何字符。|1555621|下面是LVL示例应用程序的一个示例：|1555622|public+class+MainActivity+extends+Activity+{
++++private+static+final+String+BASE64_PUBLIC_KEY+=+"MIIBIjANBgkqhkiG+...+";+//truncated+for+this+example
...
}|code-block|syntax|javascript|1555623|entityMap|0|LINK|mutability|MUTABLE|url^0|0|2C|0|0|0|0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|11|8|@]|9|@$A|12|B|13|1|14]]|C|$]]|$1|D|3|E|5|6|7|15|8|@]|9|@]|C|$]]|$1|F|3|G|5|6|7|16|8|@]|9|@]|C|$]]|$1|H|3|I|5|6|7|17|8|@]|9|@]|C|$]]|$1|J|3|K|5|6|7|18|8|@]|9|@]|C|$]]|$1|L|3|M|5|6|7|19|8|@]|9|@]|C|$]]|$1|N|3|O|5|6|7|1A|8|@]|9|@]|C|$]]|$1|P|3|Q|5|R|7|1B|8|@]|9|@]|C|$S|T]]|$1|U|3|-4|5|6|7|1C|8|@]|9|@]|C|$]]]|V|$W|$5|X|Y|Z|C|$10|4]]]]

<a href="http://developer.android.com/google/play/licensing/adding-licensing.html#account-key" rel="nofollow">http://developer.android.com/google/play/licensing/adding-licensing.html#account-key</a> 

Some parts of the link will resolve your question
Embed your public key for licensing

For each application, the Google Play service automatically generates a 2048-bit RSA public/private key pair that is used for licensing and in-app billing. The key pair is uniquely associated with the application. Although associated with the application, the key pair is not the same as the key that you use to sign your applications (or derived from it).

The Google Play Developer Console exposes the public key for licensing to any developer signed in to the Developer Console, but it keeps the private key hidden from all users in a secure location. When an application requests a license check for an application published in your account, the licensing server signs the license response using the private key of your application's key pair. When the LVL receives the response, it uses the public key provided by the application to verify the signature of the license response.

To add licensing to an application, you must obtain your application's public key for licensing and copy it into your application. Here's how to find your application's public key for licensing:

Go to the Google Play Developer Console and sign in. Make sure that you sign in to the account from which the application you are licensing is published (or will be published).
In the application details page, locate the Services &amp; APIs link and click it.
In the Services &amp; APIs page, locate the Licensing &amp; In-App Billing section. Your public key for licensing is given in the Your License Key For This Application field.
To add the public key to your application, simply copy/paste the key string from the field into your application as the value of the String variable BASE64_PUBLIC_KEY. When you are copying, make sure that you have selected the entire key string, without omitting any characters.

Here's an example from the LVL sample application:

<pre><code>public class MainActivity extends Activity {
 private static final String BASE64_PUBLIC_KEY = "MIIBIjANBgkqhkiG ... "; //truncated for this example
...
}
</code></pre>

The Android system requires that all installed applications be digitally signed with a certificate whose private key is held by the application's developer. How specifically does the public key be distributed to client Android devices? Is the public key contained in apk when developers release the app? If so, where is the key stored?

Or does Android market,e.g. Google play, hold a list of developer id coupled with corresponding public key and push the right key to client devices when an app is downloaded?

Is there any docs convey this information?

Thanks a lot for any inputs.

How does Android devices get developers' public keys?

翻译质量差，导致语言生硬或混乱。

没有提供实际的解决方法或示例。

解答不清晰，无法理解或解决问题。

页面排版不美观，阅读体验差。

文章

问答

视频

教程

学习中心

腾讯云实验室

直播

竞赛

腾讯云代码分析专区

腾讯iOA零信任安全管理系统专区

腾讯云架构师技术同盟交流圈

腾讯云数据库专区

腾讯云智能顾问专区

腾讯云原生专区

腾讯混元专区

腾讯云TCE专区

腾讯云Lighthouse专区

腾讯云HAI专区

腾讯云Edgeone专区

腾讯云存储专区

腾讯云智能专区

腾讯轻联专区 

腾讯云开发专区

TAPD专区

腾讯轻量云游戏服专区

腾讯云最具价值专家

腾讯云架构师技术同盟

腾讯云创作之星

腾讯云开发者先锋

腾讯云代码助手

云原生构建

TAPD 敏捷项目管理

Cloud Studio

SDK中心

API中心

命令行工具

涵盖代码开发、场景应用、自动测试全流程，助你从零构建专属AI助手

一站式MCP教程库，解锁AI应用新玩法

聚焦“写作效率、视觉美观与运行性能”三方面进行全面升级，为您提供更高效、稳定的创作环境

社区富文本&Markdown编辑器全新改版上线，欢迎大家体验!

诚挚邀请您参与本次调研，分享您的真实使用感受与建议。您的反馈至关重要，感谢您的支持与参与！

社区新版编辑器体验调研

Android系统要求所有安装的应用程序都使用一个证书进行数字签名，该证书的私钥由应用程序的开发人员持有。如何具体地将公钥分发给客户端Android设备？当开发人员发布应用程序时，公钥是否包含在apk中？如果是，密钥存储在哪里？或者Android市场，例如Google播放，是否持有一个开发人员id列表以及相应的公钥，并...

问Android设备如何获取开发人员的公钥？
EN

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问Android设备如何获取开发人员的公钥？EN