1# pkgsigverify 2 3## Valid cases 4 5APKs in this directory are used by `PkgInstallSignatureVerificationTest`. 6See that class for additional information about their use. 7 8In general, they are differently signed forms of the tinyapp APK and follow 9the following naming scheme: 10 11`${version}-with-${signing-algorithm}-${OID-params}-${keysize}-${extra_info}` 12 13where some fields may not be present, but have the following meaning: 14 15- version: denotes which APK Signature Scheme (v1, v2, and/or v3) was used 16- signing-algorithm: indicates how the signature was generated 17- OID-params: PKI object identifiers indicating how to use the provided key 18 to generate the signature. See, e.g. rfc3279 and rfc4055. 19- keysize: the size of the key used for signing 20- extra_info: additional notes to distinguish packages. Currently this denotes 21 which test certificates were used to generate a proof-of-rotation object, 22 if one exists, included in the signing block of the APK, as well as the 23 capabilities of those certificates according to APK Signature Scheme v3. 24 25Generation of these apks was performed using the `apksigner` command-line tool, 26which lives at `tools/apksig/src/apksigner/java/com/android/apksigner/` in the 27android source tree. Please refer to the usage instructions there for how to 28sign APKs using different keystores, providers, etc. The generation commands 29for some of the APKs are in `generate-apks.sh`. 30 31## Invalid cases 32 33Some of the APKs in this directory were generated by modifying the apksig library (see 34README in tools/apksig/) to create invalid or unsupported outcomes (e.g. ag/11575267).