enterprise

The signer has the fully qualified class name: org.signserver.module.apk.signer.ApkLineageSigner

Overview

The APK Lineage Signer supports Android Package Kit (APK) key rotation. Key rotation supports signing with a new key by rolling over to the new key using a lineage file.

The APK Lineage Signer allows you to print the content of an APK lineage file and update it, that is, changing the capabilities of one of the signers. This requires that the APK Lineage Signer points to the APK Signer you want to modify in the lineage file (by setting the OTHER_SIGNERS property). The lineage file is then sent in together with the updated capability options and returns an updated lineage file.

Note that this signer is configured without a crypto token, as no crypto token is used from this signer but instead from the other signers.

For more information on Android signing and how to set it up in SignServer, see Setting up Android Signing.

Available Properties

Property

Description

Required

OTHER_SIGNERS

APK Signer to update lineage for. Specify exactly one signer, pointing out the signer to update in the lineage.

(bock)

SET_INSTALLED_DATA

Specifies the installed data capability of the signer in the updated lineage (true or false), if set. Default: unset.


SET_SHARED_UID

Specifies the shared UID capability of the signer in the updated lineage (true or false), if set. Default: unset.


SET_PERMISSION

Specifies the permission capability of the signer in the updated lineage (true or false), if set. Default: unset.


SET_ROLLBACK

Specifies the rollback capability of the signer in the updated lineage (true or false), if set. Default: unset.


SET_AUTH

Specifies the auth capability of the signer in the updated lineage (true or false), if set. Default: unset.


Request Parameters

Property

Description

PRINT_CERTS

If set to true, the process output is a textual representation of the signers in the supplied lineage file instead of an updated lineage. Accepted values: true or false. If set to false (or not included), the output is the updated lineage for the specified signer (default).

Worker Log Fields

Field

Description

REQUEST_DIGEST 

A message digest (hash) for the request document in hex encoding.

REQUEST_DIGEST_ALGORITHM 

The name of the message digest (hash) algorithm used for the request digest in the log.

RESPONSE_DIGEST 

A message digest (hash) for the response document in HEX encoding.

RESPONSE_DIGEST_ALGORITHM 

The name of the message digest (hash) algorithm used for the response digest in the log.