Skip to main content
Skip table of contents

APK Hash Signer

ENTERPRISE

The APK Hash signer has the fully qualified class name: org.signserver.module.apk.signer.ApkHashSigner

Overview

The APK Hash Signer can sign hashed data for Client-Side Hashing and construction of signed Android Package Kit (APK) files. For more information on Android signing and how to set it up in SignServer, see Setting up Android Signing.

The signer supports the following types of requests:

  • Pre-request with an empty body: The result is a pre-response with information containing the signer certificate chain and the following signers. For more information, see Pre-response Format.

  • Signing request with a non-empty body: The result is a plain signature, as when using the Plain Signer.

Available Properties

Property

Default

Description

DO_LOGREQUEST_DIGEST

True

(Optional) Specifies if the message digest of the requested document should be put in the log.

LINEAGE_FILE_CONTENT

None

(Optional) The base 64-encoded content of a lineage file to include.

LOGREQUEST_DIGESTALGORITHM

SHA256

(Optional) Specifies the algorithm used to create the message digest (hash) of the request document to put in the log.

OTHER_SIGNERS

none

(Optional) When requesting a pre-response (by sending a request with an empty request body), specify the signers whose names and certificate chains to include in the response.

SIGNATUREALGORITHM

Depends on the signing key

(Optional) Property specifying the algorithm used to sign the data. The default value depends on the signing key:

  • NONEwithECDSA for ECDSA keys

  • NONEwithRSA for all other keys

The algorithms NONEwithRSA and NONEwithECDSA are also supported and should be used when hash digest is supplied for signing not the data itself. When using the NONEwithRSA algorithm, the input format should be specified according to RFC#3447. When using SignClient with client-side hashing and construction, the signer should use an RSA or ECDSA key and use NONEwithRSA, or NONEwithECDSA (the default if not configured).

Worker Log Fields

Field

Description

REQUEST_DIGEST

A message digest (hash) for the request document in HEX encoding.

REQUEST_DIGEST_ALGORITHM

The name of the message digest (hash) algorithm used for the request digest in the log.

RESPONSE_ENCODED

The response document (plain signature) in base64 encoding.

Pre-response Format

The pre-response is encoded using key/value pairs (KEY=Value), in the same manner as used in Java properties files.

Field

Description

LINEAGE_FILE_CONTENT

The base 64-encoded content of the lineage file, when one is configured with the corresponding worker property LINEAGE_FILE_CONTENT.

NUMBER_OF_OTHER_SIGNERS

Number of other signers whose names and certificates are to be included in the response.

OTHER_SIGNER_n.CERTIFICATE_CHAIN

Certificate chain of other signer with index n. Index is 0-based. Certificate chain uses the same encoding as for SIGNER_CERTIFICATE_CHAIN.

OTHER_SIGNER_n.NAME

Name of other signer with index n. Index is 0-based.

SIGNER_CERTIFICATE_CHAIN

Semicolon-separated base 64-encoded certificates of the signer's own signer certificate chain.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close