Skip to main content
Skip table of contents

APK Rotate Signer

ENTERPRISE

The signer has the fully qualified class name: org.signserver.module.apk.signer.ApkRotateSigner

Overview

The APK Rotate Signer supports Android Package Kit (APK) key rotation. Key rotation supports signing with a new key by rolling over to the new key using a lineage file. The APK Rotate Signer is used to create the lineage file that allows rolling over from an old signer to a new one. Both signers must be configured in SignServer and have access to their respective key/certificate. 

The APK Rotate Signer requires the OTHER_SIGNERS property to be configured with the old and new signer to include in the lineage. Note that this signer is configured without a crypto token, as no crypto token is used.

For more information on Android signing and how to set it up in SignServer, see Setting up Android Signing.

Available Properties

Required Property

Default

Description

OTHER_SIGNERS

None

Signers to include in the lineage. Specify exactly two signers: the old and new signers to include in the lineage.

Property

Default

Description

MIN_SDK_VERSION

Unset

Specifies the minimum SDK version, if set. This is only used when creating a new lineage file, not when updating an existing one.

NEW_SET_AUTH

Unset

Specifies the auth capability of the new signer in the updated lineage (true or false), if set.

NEW_SET_INSTALLED_DATA

Unset

Specifies the installed data capability of the new signer in the updated lineage (true or false), if set.

NEW_SET_PERMISSION

Unset

Specifies the permission capability of the new signer in the updated lineage (true or false), if set.

NEW_SET_ROLLBACK

Unset

Specifies the rollback capability of the new signer in the updated lineage (true or false), if set.

NEW_SET_SHARED_UID

Unset

Specifies the shared UID capability of the new signer in the updated lineage (true or false), if set.

OLD_SET_AUTH

Unset

Specifies the auth capability of the old signer in the updated lineage (true or false), if set. This is only used when creating a new lineage file, not when updating an existing one.

OLD_SET_INSTALLED_DATA

Unset

Specifies the installed data capability of the old signer in the updated lineage (true or false), if set. This is only used when creating a new lineage file, not when updating an existing one.

OLD_SET_PERMISSION

Unset

Specifies the permission capability of the old signer in the updated lineage (true or false), if set. This is only used when creating a new lineage file, not when updating an existing one.

OLD_SET_SHARED_UID

Unset

Specifies the shared UID capability of the old signer in the updated lineage (true or false), if set. This is only used when creating a new lineage file, not when updating an existing one.

OLD_SET_ROLLBACK

Unset

Specifies the rollback capability of the old signer in the updated lineage (true or false), if set. This is only used when creating a new lineage file, not when updating an existing one.

Worker Log Fields

Field

Description

REQUEST_DIGEST 

A message digest (hash) for the request document in HEX encoding.

REQUEST_DIGEST_ALGORITHM 

The name of the message digest (hash) algorithm used for the request digest in the log.

RESPONSE_DIGEST 

A message digest (hash) for the response document in hex encoding.

RESPONSE_DIGEST_ALGORITHM 

The name of the message digest (hash) algorithm used for the response digest in the log.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close