.png){kind=logo}
Enterprise
The APK Rotate Signer supports Android Package Kit (APK) key rotation.
Fully qualified class name: org.signserver.module.apk.signer.ApkRotateSigner
Overview
Key rotation supports signing with a new key by rolling over to the new key using a lineage file. The APK Rotate Signer is used to create the lineage file that allows rolling over from an old Signer to a new one. Both Signers must be configured in SignServer and have access to their respective key/certificate.
The APK Rotate Signer requires the OTHER_SIGNERS property to be configured with the old and new Signer to include in the lineage.
The APK Rotate Signer is configured without a Crypto Token, as no Crypto Token is used.
For more information on Android signing and how to set it up in SignServer, see Setting up Android Signing.
To download a sample configuration file for this Worker, see Sample Worker Configurations.
For information on the interfaces this Worker can be called through, see Supported Interfaces by Worker.
Available Properties
|
Required Property |
Default |
Description |
|---|---|---|
|
OTHER_SIGNERS |
None |
Signers to include in the lineage. Specify exactly two Signers: the old and new Signers to include in the lineage. |
|
Property |
Default |
Description |
|
MIN_SDK_VERSION |
Unset |
Specifies the minimum SDK version, if set. This is only used when creating a new lineage file, not when updating an existing one. |
|
NEW_SET_AUTH |
Unset |
Specifies the auth capability of the new Signer in the updated lineage (true or false), if set. |
|
NEW_SET_INSTALLED_DATA |
Unset |
Specifies the installed data capability of the new Signer in the updated lineage (true or false), if set. |
|
NEW_SET_PERMISSION |
Unset |
Specifies the permission capability of the new Signer in the updated lineage (true or false), if set. |
|
NEW_SET_ROLLBACK |
Unset |
Specifies the rollback capability of the new Signer in the updated lineage (true or false), if set. |
|
NEW_SET_SHARED_UID |
Unset |
Specifies the shared UID capability of the new Signer in the updated lineage (true or false), if set. |
|
OLD_SET_AUTH |
Unset |
Specifies the auth capability of the old Signer in the updated lineage (true or false), if set. This is only used when creating a new lineage file, not when updating an existing one. |
|
OLD_SET_INSTALLED_DATA |
Unset |
Specifies the installed data capability of the old Signer in the updated lineage (true or false), if set. This is only used when creating a new lineage file, not when updating an existing one. |
|
OLD_SET_PERMISSION |
Unset |
Specifies the permission capability of the old Signer in the updated lineage (true or false), if set. This is only used when creating a new lineage file, not when updating an existing one. |
|
OLD_SET_SHARED_UID |
Unset |
Specifies the shared UID capability of the old Signer in the updated lineage (true or false), if set. This is only used when creating a new lineage file, not when updating an existing one. |
|
OLD_SET_ROLLBACK |
Unset |
Specifies the rollback capability of the old Signer in the updated lineage (true or false), if set. This is only used when creating a new lineage file, not when updating an existing one. |
Worker Log Fields
|
Field |
Description |
|---|---|
|
REQUEST_DIGEST |
A message digest (hash) for the request document in HEX encoding. |
|
REQUEST_DIGEST_ALGORITHM |
The name of the message digest (hash) algorithm used for the request digest in the log. |
|
RESPONSE_DIGEST |
A message digest (hash) for the response document in hex encoding. |
|
RESPONSE_DIGEST_ALGORITHM |
The name of the message digest (hash) algorithm used for the response digest in the log. |