jarsigner returns NullPointerException 错误
jarsigner returns NullPointerException error
我有一个 cordova 应用程序,正在使用 cmd 构建它,需要签署它的发布 apk。
首先,我在没有 -tsa 选项的情况下执行此操作,所以 运行 它询问 pwd 的命令然后 签署了警告:
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1
-keystore my.keystore "apk\release\app-release-unsigned.apk" myaliasofkeystore
No -tsa or -tsacert is providedand this jar is not timestamped.
所以我添加了选项 -tsa timestamp.digicert.com :
jarsigner -tsa timestamp.digicert.com -verbose -sigalg SHA1withRSA -digestalg SHA1
-keystore my.keystore "apk\release\app-release-unsigned.apk" myaliasofkeystore
现在,在 运行 这个命令上它要求输入密码
但在那之后会产生这个错误:
jarsigner error: java.lang.NullPointerException
您不需要添加 -tsa。忽略这个关于时间戳的警告。
根据docs:
Time stamping the signature is recommended, and a warning is shown if the signature is not time stamped. The time stamp is used to verify that the certificate used to sign the JAR file was valid at the time of signing.
这意味着在证书过期后,用户可以确信您已在过期日之前签署了您的 APK。但是根据 google docs:
If you plan to publish your apps on Google Play, the key you use to sign those APKs must have a validity period ending after 22 October 2033. Google Play enforces this requirement to ensure that users can seamlessly upgrade apps when new versions are available.
如果您的用户无法在 2033 年 10 月 23 日验证证书,我认为这没什么大不了的:)
我有一个 cordova 应用程序,正在使用 cmd 构建它,需要签署它的发布 apk。
首先,我在没有 -tsa 选项的情况下执行此操作,所以 运行 它询问 pwd 的命令然后 签署了警告:
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1
-keystore my.keystore "apk\release\app-release-unsigned.apk" myaliasofkeystore
No -tsa or -tsacert is providedand this jar is not timestamped.
所以我添加了选项 -tsa timestamp.digicert.com :
jarsigner -tsa timestamp.digicert.com -verbose -sigalg SHA1withRSA -digestalg SHA1
-keystore my.keystore "apk\release\app-release-unsigned.apk" myaliasofkeystore
现在,在 运行 这个命令上它要求输入密码 但在那之后会产生这个错误:
jarsigner error: java.lang.NullPointerException
您不需要添加 -tsa。忽略这个关于时间戳的警告。
根据docs:
Time stamping the signature is recommended, and a warning is shown if the signature is not time stamped. The time stamp is used to verify that the certificate used to sign the JAR file was valid at the time of signing.
这意味着在证书过期后,用户可以确信您已在过期日之前签署了您的 APK。但是根据 google docs:
If you plan to publish your apps on Google Play, the key you use to sign those APKs must have a validity period ending after 22 October 2033. Google Play enforces this requirement to ensure that users can seamlessly upgrade apps when new versions are available.
如果您的用户无法在 2033 年 10 月 23 日验证证书,我认为这没什么大不了的:)