Re: [android-developers] Recover Certificate from APK
Actually the instructions state you should use 25+ years for a single application; more if you sign multiple applications (there's a 20 year minimum for app on Google Play) If you encounter this issue in 25 years, post it on their future-holodeck-message-board :-) I think the idea behind this is that 99% of apps would not last this long or at least would not last as the same code base. On Tuesday, July 23, 2013 3:07:06 AM UTC+3, Raymond Rodgers wrote: On 07/22/2013 12:08 AM, Ted Hopp wrote: On Thursday, June 14, 2012 12:43:51 PM UTC-4, Dianne Hackborn wrote: The platform has an app signed with a cert. If you want to install an update to that app under a different cert, how could the platform trust that this is actually coming from the author who owns the original cert without the new app also being signed in some way with the original cert? Note that we don't use certificate authorities, so there is no root cert or such to go back to, to try to verify some relationship between two certs. Because we use self-signing, you are ultimately the CA, and have responsibility for the certs you generate. I know this is an old thread, but this caught my attention. Would it not be possible to come up with a tool with which a developer could somehow use the old cert as the authority for the new one? After all, the developer is the only one with access to the private key, so a new cert could be signed by the old one just as an .apk file is signed. I've been wondering about this issue a bit for a while now though it was never really at a high importance level. Although it's been a while since I created my keystore, I believe that the instructions we were given originally said to make the key valid for 10 years. What are developers supposed to do when that 10 year mark is up? For instance, what if my app has been receiving regular updates for that entire 10 year period, and at the 10 years and 1 day mark, I need to update it again. The key has expired, so I can't technically update the application in the Play Store. Is there a way to regenerate the key or extend the expiration date? If not, is there a plan? Android has a ways to go before the ten year anniversary, but I hope there's a plan in place for dealing with this [possible] issue. -- Raymond Rodgershttp://www.badlucksoft.com/http://anevilgeni.us/ -- -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en --- You received this message because you are subscribed to the Google Groups Android Developers group. To unsubscribe from this group and stop receiving emails from it, send an email to android-developers+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [android-developers] Recover Certificate from APK
On 07/22/2013 12:08 AM, Ted Hopp wrote: On Thursday, June 14, 2012 12:43:51 PM UTC-4, Dianne Hackborn wrote: The platform has an app signed with a cert. If you want to install an update to that app under a different cert, how could the platform trust that this is actually coming from the author who owns the original cert without the new app also being signed in some way with the original cert? Note that we don't use certificate authorities, so there is no root cert or such to go back to, to try to verify some relationship between two certs. Because we use self-signing, you are ultimately the CA, and have responsibility for the certs you generate. I know this is an old thread, but this caught my attention. Would it not be possible to come up with a tool with which a developer could somehow use the old cert as the authority for the new one? After all, the developer is the only one with access to the private key, so a new cert could be signed by the old one just as an .apk file is signed. I've been wondering about this issue a bit for a while now though it was never really at a high importance level. Although it's been a while since I created my keystore, I believe that the instructions we were given originally said to make the key valid for 10 years. What are developers supposed to do when that 10 year mark is up? For instance, what if my app has been receiving regular updates for that entire 10 year period, and at the 10 years and 1 day mark, I need to update it again. The key has expired, so I can't technically update the application in the Play Store. Is there a way to regenerate the key or extend the expiration date? If not, is there a plan? Android has a ways to go before the ten year anniversary, but I hope there's a plan in place for dealing with this [possible] issue. -- Raymond Rodgers http://www.badlucksoft.com/ http://anevilgeni.us/ -- -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en --- You received this message because you are subscribed to the Google Groups Android Developers group. To unsubscribe from this group and stop receiving emails from it, send an email to android-developers+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [android-developers] Recover Certificate from APK
On Thursday, June 14, 2012 12:43:51 PM UTC-4, Dianne Hackborn wrote: The platform has an app signed with a cert. If you want to install an update to that app under a different cert, how could the platform trust that this is actually coming from the author who owns the original cert without the new app also being signed in some way with the original cert? Note that we don't use certificate authorities, so there is no root cert or such to go back to, to try to verify some relationship between two certs. Because we use self-signing, you are ultimately the CA, and have responsibility for the certs you generate. I know this is an old thread, but this caught my attention. Would it not be possible to come up with a tool with which a developer could somehow use the old cert as the authority for the new one? After all, the developer is the only one with access to the private key, so a new cert could be signed by the old one just as an .apk file is signed. -- -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en --- You received this message because you are subscribed to the Google Groups Android Developers group. To unsubscribe from this group and stop receiving emails from it, send an email to android-developers+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [android-developers] Recover Certificate from APK
On Mon, Jul 22, 2013 at 1:08 PM, Ted Hopp ted.h...@gmail.com wrote: On Thursday, June 14, 2012 12:43:51 PM UTC-4, Dianne Hackborn wrote: The platform has an app signed with a cert. If you want to install an update to that app under a different cert, how could the platform trust that this is actually coming from the author who owns the original cert without the new app also being signed in some way with the original cert? Note that we don't use certificate authorities, so there is no root cert or such to go back to, to try to verify some relationship between two certs. Because we use self-signing, you are ultimately the CA, and have responsibility for the certs you generate. Technically, yes (Cf, bridge certificates, etc.). Android however doesn't really understand X.509 certificates as such: it performs binary comparison on the DER encoded certificate blob to check whether the signer is the same or different, that's it. This is pretty central to the whole package management /security model, so a very big part of the core OS will need to be re-written. Thus, not likely to happen anytime soon. -- -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en --- You received this message because you are subscribed to the Google Groups Android Developers group. To unsubscribe from this group and stop receiving emails from it, send an email to android-developers+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [android-developers] Recover Certificate from APK
Actually, you should have a fall back plan. It's easy to backup your key. On Thu, Jun 14, 2012 at 11:35 AM, Saurav to.saurav.mukher...@gmail.comwrote: Thanks Mark. You have always helped me out, now and in the past! I know that the encryption is irreversible, wanted to know if there is a workaround for upgrading! Could someone convey this to Google, that, loosing a keystore is possible, highly STUPID, but possible. They should have a fall back plan! To upgrade the application, with another keystore or some other secure procedure. Just a thought! I am left at the mercy of my downloaders, to shift to the new application, as I need to put my upgraded application as a new application. Regards, Saurav Mukherjee. On Wed, Jun 13, 2012 at 10:33 PM, Raghav Sood raghavs...@gmail.comwrote: Digital signatures are based upon public-key cryptography. You cannot recover a private key given a public key -- that's the whole point of public-key crypto. Such algorithms are based on one-way functions: things that are easy to do but hard to reverse. This is enough. I know what public key encryption is and how it works, I just didn't know that it was used in this case. This clarifies my question. Thanks -- Raghav Sood Please do not email private questions to me as I do not have time to answer them. Instead, post them to public forums where others and I can answer and benefit from them. http://www.appaholics.in/ - Founder http://www.apress.com/9781430239451 - Author +91 81 303 77248 -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -- Raphael http://blog.rmontanaro.com/ -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Recover Certificate from APK
Thank you so much Dianne and Others for your quick and strong response. I don't know whether any of you did not get the point that I know it was my mistake, to lose the keystore file. No doubt on that :) Anyways, as you all said, I have put my new keystore in my git repo. Fall back Regards, Saurav Mukherjee. On Thu, Jun 14, 2012 at 8:11 PM, Raphael P.F. raphaelpfmontan...@gmail.comwrote: Actually, you should have a fall back plan. It's easy to backup your key. On Thu, Jun 14, 2012 at 11:35 AM, Saurav to.saurav.mukher...@gmail.comwrote: Thanks Mark. You have always helped me out, now and in the past! I know that the encryption is irreversible, wanted to know if there is a workaround for upgrading! Could someone convey this to Google, that, loosing a keystore is possible, highly STUPID, but possible. They should have a fall back plan! To upgrade the application, with another keystore or some other secure procedure. Just a thought! I am left at the mercy of my downloaders, to shift to the new application, as I need to put my upgraded application as a new application. Regards, Saurav Mukherjee. On Wed, Jun 13, 2012 at 10:33 PM, Raghav Sood raghavs...@gmail.comwrote: Digital signatures are based upon public-key cryptography. You cannot recover a private key given a public key -- that's the whole point of public-key crypto. Such algorithms are based on one-way functions: things that are easy to do but hard to reverse. This is enough. I know what public key encryption is and how it works, I just didn't know that it was used in this case. This clarifies my question. Thanks -- Raghav Sood Please do not email private questions to me as I do not have time to answer them. Instead, post them to public forums where others and I can answer and benefit from them. http://www.appaholics.in/ - Founder http://www.apress.com/9781430239451 - Author +91 81 303 77248 -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -- Raphael http://blog.rmontanaro.com/ -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Recover Certificate from APK
On Mon, Jun 18, 2012 at 6:41 AM, Saurav to.saurav.mukher...@gmail.com wrote: Anyways, as you all said, I have put my new keystore in my git repo. Um, I really hope that's a private repo. Backed up does not mean published for the world to see. -- Mark Murphy (a Commons Guy) http://commonsware.com | http://github.com/commonsguy http://commonsware.com/blog | http://twitter.com/commonsguy _The Busy Coder's Guide to Android Development_ Version 3.7 Available! -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Recover Certificate from APK
Ha ha! It is not public, Mark. Regards, Saurav Mukherjee. On Mon, Jun 18, 2012 at 4:14 PM, Mark Murphy mmur...@commonsware.comwrote: see -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Recover Certificate from APK
On Mon, Jun 18, 2012 at 7:31 AM, Saurav to.saurav.mukher...@gmail.com wrote: Ha ha! It is not public, Mark. That's good. I'm willing to bet that there's a few dozen projects floating around, though, who *did* upload their keystore into a public git repo. That's bad -- they are one Google account hack away from having their apps replaced by malware-ridden ones on the Play Store. -- Mark Murphy (a Commons Guy) http://commonsware.com | http://github.com/commonsguy http://commonsware.com/blog | http://twitter.com/commonsguy _The Busy Coder's Guide to Android Development_ Version 3.7 Available! -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Recover Certificate from APK
I understand! Thanks again everyone! Regards, Saurav Mukherjee. On Mon, Jun 18, 2012 at 8:32 PM, Mark Murphy mmur...@commonsware.comwrote: On Mon, Jun 18, 2012 at 7:31 AM, Saurav to.saurav.mukher...@gmail.com wrote: Ha ha! It is not public, Mark. That's good. I'm willing to bet that there's a few dozen projects floating around, though, who *did* upload their keystore into a public git repo. That's bad -- they are one Google account hack away from having their apps replaced by malware-ridden ones on the Play Store. -- Mark Murphy (a Commons Guy) http://commonsware.com | http://github.com/commonsguy http://commonsware.com/blog | http://twitter.com/commonsguy _The Busy Coder's Guide to Android Development_ Version 3.7 Available! -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Recover Certificate from APK
Thanks Mark. You have always helped me out, now and in the past! I know that the encryption is irreversible, wanted to know if there is a workaround for upgrading! Could someone convey this to Google, that, loosing a keystore is possible, highly STUPID, but possible. They should have a fall back plan! To upgrade the application, with another keystore or some other secure procedure. Just a thought! I am left at the mercy of my downloaders, to shift to the new application, as I need to put my upgraded application as a new application. Regards, Saurav Mukherjee. On Wed, Jun 13, 2012 at 10:33 PM, Raghav Sood raghavs...@gmail.com wrote: Digital signatures are based upon public-key cryptography. You cannot recover a private key given a public key -- that's the whole point of public-key crypto. Such algorithms are based on one-way functions: things that are easy to do but hard to reverse. This is enough. I know what public key encryption is and how it works, I just didn't know that it was used in this case. This clarifies my question. Thanks -- Raghav Sood Please do not email private questions to me as I do not have time to answer them. Instead, post them to public forums where others and I can answer and benefit from them. http://www.appaholics.in/ - Founder http://www.apress.com/9781430239451 - Author +91 81 303 77248 -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Recover Certificate from APK
On Thu, Jun 14, 2012 at 10:35 AM, Saurav to.saurav.mukher...@gmail.com wrote: Thanks Mark. You have always helped me out, now and in the past! I know that the encryption is irreversible, wanted to know if there is a workaround for upgrading! Could someone convey this to Google, that, loosing a keystore is possible, highly STUPID, but possible. They should have a fall back plan! To upgrade the application, with another keystore or some other secure procedure. Just a thought! I am left at the mercy of my downloaders, to shift to the new application, as I need to put my upgraded application as a new application. I think they will point to the highly stupid case.. What are you hoping for? Some sort of way you can log into your account, and tell the store manually? kris -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Recover Certificate from APK
On Thu, Jun 14, 2012 at 10:35 AM, Saurav to.saurav.mukher...@gmail.com wrote: They should have a fall back plan! To upgrade the application, with another keystore or some other secure procedure. Just a thought! That would be the responsibility of the Play Store people, who are not on this list AFAIK. -- Mark Murphy (a Commons Guy) http://commonsware.com | http://github.com/commonsguy http://commonsware.com/blog | http://twitter.com/commonsguy Android Training in DC: http://marakana.com/training/android/ -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Recover Certificate from APK
On Thu, Jun 14, 2012 at 9:05 AM, Mark Murphy mmur...@commonsware.comwrote: On Thu, Jun 14, 2012 at 10:35 AM, Saurav to.saurav.mukher...@gmail.com wrote: They should have a fall back plan! To upgrade the application, with another keystore or some other secure procedure. Just a thought! That would be the responsibility of the Play Store people, who are not on this list AFAIK. They can't do anything, they don't have your private key. The platform has an app signed with a cert. If you want to install an update to that app under a different cert, how could the platform trust that this is actually coming from the author who owns the original cert without the new app also being signed in some way with the original cert? Note that we don't use certificate authorities, so there is no root cert or such to go back to, to try to verify some relationship between two certs. Because we use self-signing, you are ultimately the CA, and have responsibility for the certs you generate. -- Dianne Hackborn Android framework engineer hack...@android.com Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Recover Certificate from APK
On Thu, Jun 14, 2012 at 9:35 AM, Saurav to.saurav.mukher...@gmail.comwrote: Could someone convey this to Google, that, loosing a keystore is possible, highly STUPID, but possible. They should have a fall back plan! Really though, *you* should have a fall back plan. You backed up your APKs? Why didn't you back up the keystore? - TreKing http://sites.google.com/site/rezmobileapps/treking - Chicago transit tracking app for Android-powered devices -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Recover Certificate from APK
Hi all, I am in a bit of a soup. I have lost my keystore file for my signed apk, which is in market. Is there any way I can extract the certificate from the backup apks that I have? Any hack? Please. Mercy. I really need to push an update to the application in the market. Thanks in advance! Regards, Saurav Mukherjee. -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Recover Certificate from APK
On Wed, Jun 13, 2012 at 12:00 PM, Saurav to.saurav.mukher...@gmail.com wrote: I have lost my keystore file for my signed apk, which is in market. Is there any way I can extract the certificate from the backup apks that I have? No. It is mathematically impossible to recover a keystore from something signed with that keystore. -- Mark Murphy (a Commons Guy) http://commonsware.com | http://github.com/commonsguy http://commonsware.com/blog | http://twitter.com/commonsguy _The Busy Coder's Guide to Android Development_ Version 3.7 Available! -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Recover Certificate from APK
No. It is mathematically impossible to recover a keystore from something signed with that keystore. I know this isn't related to the list, but I've always wondered about that part. Could anybody explain how it is mathematically impossible, or point me to a good link? Thanks -- Raghav Sood Please do not email private questions to me as I do not have time to answer them. Instead, post them to public forums where others and I can answer and benefit from them. http://www.appaholics.in/ - Founder http://www.apress.com/9781430239451 - Author +91 81 303 77248 -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Recover Certificate from APK
On Wed, Jun 13, 2012 at 12:53 PM, Raghav Sood raghavs...@gmail.com wrote: I know this isn't related to the list, but I've always wondered about that part. Could anybody explain how it is mathematically impossible Digital signatures are based upon public-key cryptography. You cannot recover a private key given a public key -- that's the whole point of public-key crypto. Such algorithms are based on one-way functions: things that are easy to do but hard to reverse. I don't have ready links on the subject, but I'd start with Wikipedia and roll from there. There are also several books on the subject. -- Mark Murphy (a Commons Guy) http://commonsware.com | http://github.com/commonsguy http://commonsware.com/blog | http://twitter.com/commonsguy _The Busy Coder's Guide to Android Development_ Version 3.7 Available! -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Recover Certificate from APK
That's right, this should be covered in any basic crypto text.. kris On Wed, Jun 13, 2012 at 12:53 PM, Raghav Sood raghavs...@gmail.com wrote: No. It is mathematically impossible to recover a keystore from something signed with that keystore. I know this isn't related to the list, but I've always wondered about that part. Could anybody explain how it is mathematically impossible, or point me to a good link? Thanks -- Raghav Sood Please do not email private questions to me as I do not have time to answer them. Instead, post them to public forums where others and I can answer and benefit from them. http://www.appaholics.in/ - Founder http://www.apress.com/9781430239451 - Author +91 81 303 77248 -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Recover Certificate from APK
Digital signatures are based upon public-key cryptography. You cannot recover a private key given a public key -- that's the whole point of public-key crypto. Such algorithms are based on one-way functions: things that are easy to do but hard to reverse. This is enough. I know what public key encryption is and how it works, I just didn't know that it was used in this case. This clarifies my question. Thanks -- Raghav Sood Please do not email private questions to me as I do not have time to answer them. Instead, post them to public forums where others and I can answer and benefit from them. http://www.appaholics.in/ - Founder http://www.apress.com/9781430239451 - Author +91 81 303 77248 -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en