I have made a application in android with map view and I want to publish it on market.
So first of all how to export final APK from eclipse and second Google map API key for release
Please, help me.
For creating the apk file.
Right click on your project->Export
Select the Android->Export Android Application
then next
In this wizard by default you get your project name which you have selected then next
in this keystore you have to create your keystore as first time then select Create new keystore and set the path like this way or you can browse it by click on browse button
path e.g. D:\app\myapp\my_release.keystore
set the password here with confirm password then next.
Set the Alias name here
Set the password and confirm password (this is different from the previous one but)
Set the year and other details
then click next
here set the path for your apk file
for e.g. D:\app\myapp\my_app.apk
now your apk file was created but you have set the map api key with this newly created keystore for mobile device.
obtain your map key using this keystore like this way
c:\java\...\bin Keytool –list -alias youraliasname –keystore D:\app\myapp\my_release.keystore -storepass yourpassword -keypass youraliaspassword then enter
now sign up and obtain map key from google site with this certificate fingerprint and change the api key in your xml file (Note this api key will work only of the mobile as you generate for your emulator you have to also keep save as backup).
now again regenerate the apk file as above step. But this time you have to select existing keystore
Release: right click on the project, go to the android tools, choose the option that reads something like "export signed package". For the key, sign up for one. It really boils down to that. But the complete manual/helps are online, and easy to find.
I wonder where you're stuck, but just read these topics:
Signing Your Applications
Versioning Your Applications
Preparing to Publish
Publishing on Android Market
(I've linked the first, the rest are on the left hand side of that first link).
For the google maps API you'll get far enough using this link i presume
Related
I want to sign an Oracle VirtualBox Virtual Appliance, an OVA file. I am looking for instructions.
I have had extensive conversations with Comodo and Sectigo. They don't know how and had trouble even understanding the question.
When I load my VM in VirtualBox it says that it is unsigned but gives no information as to how to correct that.
I have a code signing certificate, and I have no trouble signing and timestamping an executable file:
signtool sign /t http://timestamp.comodoca.com t_hello.exe
Done Adding Additional Store
Successfully signed: t_hello.exe
Attempting with an .ova file gives an error:
signtool sign /t http://timestamp.comodoca.com ACoreTpl.ova
Done Adding Additional Store
SignTool Error: This file format cannot be signed because it is not recognized.
SignTool Error: An error occurred while attempting to sign: ACoreTpl.ova
I took a shot at downloading a tool from VMWare, but it did not work on my VirtualBox appliance. It just gave error messages.
Unless the error message is meaningless and just hardcoded in VirtualBox, there is code inspecting something. I really don't want to go fishing through the code, but at this point it seems like I might have to.
The purpose of this exercise is so that I can publish a working system as a virtual appliance that is 'known good' and can be verified as the real thing when it loads.
[Note: There are images in the document I pasted this from, but they would not paste in here.]
I was able to muddle through a work-around. The workaround involves getting a tool from VMWare (ovftool.exe), which seems a bit strange. It allows the import of the OVA, showing the certificate and marking it as 'safe'. It still has a couple of issues. One is an annoying warning message issued while creating the signed file, for which I was unable to find a cure. The other is that it does not seem to contact a timeserver to timestamp the file. Presumably that means that when the signing certificate expires, you get warnings again when loading.
I would still like to know how you are supposed to do it properly according to Oracle. Surely, Oracle is not using VMWare's software to sign their Virtual Appliances.
This is my journey under Windows 10. At the end, I have a publishable appliance.
You need a virtual appliance (*.ova)
You need a signing certificate.
You need to have OpenSSL installed.
You need the program ovftool.exe from VMWare
To get the .ova file, you need to export one of your VMs as a virtual appliance:
Open the export virtual appliance dialog:
File->Export Appliance [Alternatively E]
Choose the virtual machine to export. Fill in whatever Virtual system settings apply.
For appliance settings, set the Format to Open Virtualization Format 1.0
Make sure the 'Write Manifest file' checkbox is checked.
Click on the button to write file.
You should have the signing certificate installed in the certificate store. If you don't have this already, you need to consult your certificate provider.
To get the signing certificate in a usable form, you have to jump through a few hoops to get an old-timey Privacy Enhanced Mail (PEM) file.
You need to get the certificate into a file first.
Start the Certificate Manager by running certmgr.msc
Open Personal->Certificates and right-click on your signing certificate
Open the All tasks menu and choose Export
This should open the Certificate Export Wizard
Click [Next]
Choose the radio button marked "Yes, export the private key"
Click [Next]
Choose "Personal Information Exchange - PKCS (.PFX)"
Check "Include all certificates in the certification path if possible"
Check "Export all extended properties"
Check "Enable certificate privacy"
Click [Next]
Check the Password checkbox, and enter and confirm a password [using password "IMPPass" in this example]
Change the Encryption dropdown to AES256-SHA256
Click [Next]
Assign the filename and path for the exported certificate. In this example, I called it "MyCert". Note that you don't put the file extension on the name here. The Certificate Export Wizard adds it when it writes the file. You should save it on the path where you saved the OVA file.
Click [Next]
Review settings and Click
It should pop up a message box saying the export was successful. Dismiss it by clicking on the button.
You need to do the next steps at the command line.
Open a console window.
Change to the directory where you have saved your OVA and PFX files.
cd c:<yoursavelocation>
You now need to convert the certificate to a form that can be used (.pem). To do this, you need to use OpenSSL. Here is the form of the command:
openssl pkcs12 -in MyCert.pfx -out MyCert.pem
Respond to the prompts for Import Password and PEM pass phrase:
Enter Import Password: IMPPass
Enter PEM pass phrase: PEMPass
Verifying - Enter PEM pass phrase: PEMPass
Finally, you can sign the exported OVA with ovftool with a command like this:
ovftool --privateKey=MyCert.pem --shaAlgorithm=SHA1 DamnSmall.ova DSL.ova
Opening OVA source: DamnSmall.ova
Opening OVA target: DSL.ova
Writing OVA package: DSL.ova
Transfer Completed
The manifest validates
Enter passphrase for MyCert.pem: PEMPass
A warning is issued here, but it will not interfere with the signing.
Warning:
No supported manifest(sha1, sha256, sha512) entry found for: 'DamnSmall-disk001.vmdk'.
Completed successfully
At this point, there should be a signed file called DSL.ova. It will indicate that when imported in VirtualBox.
To test, import the newly created and signed OVA file. Open the import dialog:
File->Import Appliance or alternatively I
Enter the path and name of the signed Virtual Appliance.
Click [Next]
The Appliance settings dialog should have text in the bottom left corner indicating that you have signed the appliance, and that it is trusted.
Appliance is signed
Issues were encountered After creating both a Development SSL Certificate, as well as a Production SSL Certificate. In case you're struggling with the procedure, I found this link to be quite helpful:
How to export certificate from Mac OS X to get pair of .cert and .key files ?
The screen shows instructions for creating a Certificate Signing Request (CSR). I Selected "Continue", then selected "Choose File..." and located the .certSigningRequest.
Selected "Generate". Once the certificate was ready, I selected "Done" and then downloaded the generated SSL certificate from the "iOS App ID Settings" screen.
Follow this link as it is pertaining to the bottleneck at hand:
https://www.parse.com/tutorials/ios-push-notifications
You must Double click on the downloaded SSL certificate to install it. Using Keychain Access, click right under "My Certificates", then you must find the certificate you just added.
Right-click on it, select "Export Apple Development IOS Push Services:...", and save it as a .p12 file. The problem is, I don't have the option to export to .p12 as it is grayed out.
How should I proceed?
Turns out all you have to do is select "My Certificates" on the left panel and it enables the .p12 option.
Open your Keychain Access and make sure your certificate is listed under login keychains (left side), then you should be able to see the export to a .p12 file option. If that does not work for you, possibly your certificate is created incorrectly. Try to generate another one.
2021 answer
What worked for me was to open KeyChain Access, under My Certificates tab, select both files, right clic, export 2 items, and the option was available.
I and another guy are developing an add-in project for PowerPoint using C# and VSTO. Our project is being kept in a repository and every time when one of us gets a newest version from the repository, updated by another one, he gets a compiler problem with signing. Up to now, we solved this compiler problem by generating a test certificate on the corresponding machine every time after updating from repository.
My question is: Is it possible to avoid somehow this every-time generating of a test certificate after taking the solution, compilable on other machine, from the repository in order to have it compilable on both machines?
We tried everything:
We used the same .pfx file for both of our PC's (i.e. we sent this file to the repository).
We tried to uncheck the checkbox "Sign the ClickOnce Manifest" in the Properties window of the Solution and to remove the .pfx file at all.
We tried to use our own .pfx files with putting them into the ignore list.
But there was no result!
We have a similar scenario and we are doing the following:
'Sign the ClickOnce manifest' is signed with a locally generated .pfx key that is checked into the repository.
The assembly is signed with a strong name key.
On the build server the manifest is re-signed using the company's digital certificate for deployment using the instructions provided in this article - http://blogs.msdn.com/b/vsto/archive/2009/04/29/signing-and-re-signing-manifests-in-clickonce.aspx
Let me answer my own question. The solution is probably found. The steps are the following:
One developer should generate a new .pfx file defining the password. As a result, he can already develop the add-in correctly, on his machine; but other developer still can not, on their machines.
Using the same tab of the project's "Properties" window, this developer has to select the same .pfx file with the "Select from File..." button, giving the password.
The .pfx file should be sent to the repository (i.e. one shouldn't include it into the ignore list). As a result, other developers will not be required to generate anytime other .pfx files anymore.
We are ready!
The "magic" is that knowing the password by all developers is crucial. When the .pfx file is added to the project as it is described in the item 2, it means that all developers know the password.
I need to sign an enterprise Windows Store app I've developed ,so that users can sideload it into their devices.
I'm in the process of obtaining a code signing certificate from GoDaddy. A lot of the next steps are still hazy for me - any additional details will be appreciated.
What I've done so far
The application is tested, and I was able to deploy it on machines that have a developer license.
Purchased a code signing certificate from Daddy but didn't know what to do next (based on past experience I thought I needed to generate a key pair and a certificate signing request on my developer machine)
Called GoDaddy support who said I actually need a driver signing certificate rather than a code signing certificate. The cost was the same so they instantly switched my purchase.
It turns out there is an automatic process for generating a CSR on Windows, but you have to use Internet Explorer for that. Apparently, the cryptographic stuff is somehow handled transparently by Internet Explorer and the GoDaddy website. I would love to know more about what is actually going on there.
As part of the process you need to provide the legal name and official address / phone of the software publisher (my client in this case).
Once you submit the request, it has to be approved by GoDaddy (who should somehow verify that I am authorized by the publisher to sign code on its behalf).
Next steps
I assume GoDaddy will need to receive some documents from the publisher. I'd love to know how that process works and how long it takes.
Once the certificate is issued, I expect there will again be some easy way to install it on my development machine. Question: is there a way to move the keys and the certificate to another machine?
I also expect Visual Studio (I'm using 2012 Express edition for Windows 8) to be able to use the certificate when creating app packages. Will I need to do some special setup for that or will it be straightforward (part of the "Create app package" wizard) ?
Some of the details I've put on the certificate signing request will eventually be visible on the actual certificate (visible to the persons installing the application). Which ones?
After completing the process here are my own answers:
It turns out the GoDaddy support representative was wrong when
advising me to use a driver signing certificate. I needed a code signing certificate.
The certificate does not show the details of the contact person (which are included in the certificate signing request). You can see the certificate details before you submit the request (I missed it initially). In my case the details shown are the company name, city, state and country.
The documentation requirements depend on the company requesting the certificate (in some cases they may not need any documents at all). GoDaddy has very friendly support, so you should can the requirements from them. The process can take a few days to complete (but they may be able to help in doing it faster).
When using Internet Explorer both for the certificate request phase and installation phase, the process is seamless. I believe it uses Microsoft's Certificate Enrollment API (which is also described in this MSDN blog post)
As mentioned by JP Alioto, the process for using the certificate is described in the article "Signing an app package (Windows Store apps)". To use the new certificate in a specific project:
Open the projects .appxmanifest file
Go to the "Packaging" tab
Next to the publisher field, click "Choose Certificate"
In the dialog that pops up click "Configure Certificate" and select the drop down option "Pick from certificate store ..". The certificate should be available as one of the options.
To export a certificate, you can use the following process:
Run certmgr.msc
Locate the certificate
Right-click > All Tasks > Export to launch the certificate export wizard, which has an option to export the private key
Warning: the private key is supposed to be personal and you should protect it. It is probably OK if you copy it to another machine that you control (assuming nobody can snatch it in transit). Sharing it with someone else may be risky. I was not able to find information about how exactly the private key is used by Windows, but it may be a bad idea to have several people share a private key.
To import the certificate and private key from a PFX file, right click on the file in Windows Explorer, and elect "Install PFX". This will launch a straight-forward "Certificate Import Wizard".
Lots of stuff there. :) There are are few documents you need to read:
Deploying Metro style apps to businesses
How to Add and Remove Apps
Signing an app package (Windows Store apps)
Reading and understanding these documents will give you a better idea of what's going on. Are you sure the enterprise you're deploying for does not already have a trusted root certificate that they deploy to their desktop images? If they do, it may be easier to use that private key to sign the app. (The only reason a public certificate authority is recommended is that you will then not have to deploy the certificate to the target machines.)
You can move certificates (and private keys unfortunately) in the evil PFX format which is basically a PKCS #12 portable key file. But, be very careful how you move that file around. It contains both your public key and your encrypted private key.
I need an access to .k12 or .pem files for all https websites I am visiting on Mac OSx machine. Can anyone help me know the path where these files can be found.
Also, need to know a way to decrypt some packets using the key.
There are a couple of ways to get a certificate file in OSX. One way is to export the certificates from Keychain Access. Select Certificates in the Category (lower left) panel, choose Select All from the Edit menu (or hit ⌘A), and then choose Export Items... from the File menu (or hit ⇧⌘E). You can export your certificates as a .p12 file or a .cer file. The problem with this approach is you have to perform these steps periodically to keep your file in sync with the latest updates from Apple.
Another way is to install OpenSSL and use the cert.pem file that comes with it. Similarly, you'll have to keep OpenSSL up to date.
You would simply access the tool named "Keychain Access" in the Utilities folder of your Applications directory.
Once there, you can filter each keychain to only show certificates.
As for decrypting packets using a given key, there are plenty functions doing that within the Security framework, but this question would require clarification (Language requirement etc).
I was looking for this too. I couldn't find the files anywhere so I thought how about exporting them.
From the Keychain Access:
On left pane, click on the KEYS. On right pane, CTRL-Click on the desired certificate.
The Public key should be exported as a PEM file.
The Private Key should be exported as a P12 file.
The Certificate should be exported as a CRT file.
The Private key export option will as for a passphrase and then the user's keychain password. Upon import you will be asked for this passphrase.
NOTE: The private key, contains the public key.