[Q] testsign.jar vs signapk.jar- why signapk fails?

---

Hi!

I signed a custom kernel with SignApk.jar and recovery console cannot verify it.

I get
E:No signature
E:Verification failed

Signing the same source zip with testsign.jar results in a positive verification.

Comparing the resulting CERT.SF files I realized that SHA1-Digest-Manifest is different. The reason why: two files are interchanged in the list. But that can't be the problem, can it?

I'm trying and using zipSigner from maket, and it's quite complete and straightforward for signature

I used SignApk few times with no success, and do not know other methods at the moment ^^

If you used the test keys with signapk.jar, it would likely do the same thing as testsign.jar does. The difference is the keys used to sign the package, which can cause one to fail and the other to be ok.

Quote:

Originally Posted by imnuts

If you used the test keys with signapk.jar, it would likely do the same thing as testsign.jar does. The difference is the keys used to sign the package, which can cause one to fail and the other to be ok.

Let me guess: it is not documented which keys and keystrenghts are okay for signapk?

Quote:

Originally Posted by Der_Caveman

Let me guess: it is not documented which keys and keystrenghts are okay for signapk?

I think the keys that are required are the Android test keys, but I don't know where you would get them to use with signapk.jar

So this is only a problem of custom recovery?

I tried also jarsigner with no luck.

Sent from my LG-P500 using XDA App

why don't you just toggle signature verification? it will disable signature verification.

I can sign with testsign.jar so there is no problem flashing something- I only wanted to know why I can't put in my own cert.