Click here to Skip to main content
15,867,141 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
I'm currently developing a .AAR android library and I would like to sign the released library with my own key so that I can determine if a fake aar with the same name and functionality has been released by mine or not.

I also want to be able to check the authenticity of my library programmatically, even if a fakely-build one, is forging just part of the functionality of my aar file.

we are publishing this library to some of our business partners and they are going to integrate it into their apps and publish them to public markets.

Current Scenario: Using PackageInfo returns the key of APP code nor the library code.
We need: First Sign AAR library and return its signature if someone uses this library in its code.<pre>


What I have tried:

Note: Tried jarsigner but it's verification by some external command, I need internally return in code.
Posted
Updated 21-Jan-19 6:02am

1 solution

 
Share this answer
 
Comments
Member 14124862 28-Jan-19 5:14am    
The normal way to verify the signature.

PackageManager pm = ctx.getPackageManager();
(PackageInfo packageInfo = pm.getPackageInfo(ctx.getPackageName(),
PackageManager.GET_SIGNATURES);)

in case of APK is not working as it returns only the application's signature and not the signature I signed my library with. Is there a way to do this?
Richard MacCutchan 28-Jan-19 6:13am    
Sorry, no idea, you need to study the instructions for this feature.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900