I am using a certificate to sign a jar file. Jarsigner is able to add the signature and it verifies without warning. This is done on a Windows machine. However, on Android, when I try to verify the certificate used to sign the jar file, it reports that only a partial chain is found. The certificate used was issued for signing by a CA. The root certificate is on the Android device under the system security certificates tab. The intermediate certificate exists in the security certificates user tab as I had to add that manually. Part of the process involves my copying the AndroidCAStore and passing the certs to another assembly where I have tried to use an X509Chain, cert.Verify(), and Bouncy Castle to verify the chain. All three methods fail. I am not finding a lot of clear information on how this process should work, but I've checked the store being passed into the verification method and both the intermediate and root certs are there. The intermediate cert gets added to the chain, but never the root. What may I be doing wrong here? The code is all C# if that helps.
Asked
Active
Viewed 140 times
0
-
Is your app target version android 11 or higher? If so, you not only need to use the jar signing, but also need to use the full apk signing in your app. For more information you can check [this case](https://stackoverflow.com/questions/42648499/difference-between-signature-versions-v1-jar-signature-and-v2-full-apk-sign) and the [official document](https://source.android.com/docs/security/features/apksigning). – Liyun Zhang - MSFT Sep 26 '22 at 07:57