Bug 41524: Add a script to generate an android signing key

tools/signing/generate-keys/generate-android-signing-key

+#!/bin/bash
+
+# This script generate a new Android signing key in the android-key directory
+# Before running it you should edit the key_* variables for setting the
+# key name, password, etc...
+
+set -e
+script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+test -n "$set_config_only" || cd "$script_dir"
+
+key_alias=tor-vpn
+key_password=123456
+key_dname='CN=Tor VPN, O=The Tor Project'
+
+test -n "$set_config_only" && return 0
+
+mkdir android-key
+cd android-key
+
+keytool -genkeypair -keysize 4096 -sigalg SHA512withRSA -keyalg RSA \
+        -storetype PKCS12 -alias "$key_alias" -dname "$key_dname" \
+        -validity 36500 -keystore "${key_alias}-private.p12" \
+        -storepass "$key_password" -v
+
+# Export the generated certificate into a PEM file
+keytool -exportcert -rfc -alias "$key_alias" -file "${key_alias}-public.pem" \
+        -keystore "${key_alias}-private.p12" -storepass "$key_password" -v

tools/signing/generate-keys/sign-aab

+#!/bin/bash
+# This script will sign the aab given as argument, as signed.aab in the
+# current directory, using the key config from generate-android-signing-key
+
+set -e
+script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+set_config_only=1
+source "$script_dir/generate-android-signing-key"
+
+if test "$#" -ne 1; then
+  echo "Wrong number of arguments" >&2
+  exit 1
+fi
+
+jarsigner -keystore "$script_dir/android-key/${key_alias}-private.p12" \
+          -storepass "${key_password}" -signedjar signed.aab -verbose \
+          "$1" "${key_alias}"
+echo "Signed $1 in signed.aab"

tools/signing/generate-keys/sign-apk

+#!/bin/bash
+
+# This script will sign the apk given as argument, as signed.apk in the
+# current directory, using the key config from generate-android-signing-key
+
+set -e
+script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+set_config_only=1
+source "$script_dir/generate-android-signing-key"
+
+if test "$#" -ne 1; then
+  echo "Wrong number of arguments" >&2
+  exit 1
+fi
+
+apksigner sign --ks "$script_dir/android-key/${key_alias}-private.p12" \
+               --ks-pass "pass:${key_password}" --out signed.apk "$1"
+echo "Signed $1 in signed.apk"

tools/signing/generate-keys/verify-aab

+#!/bin/bash
+# This script takes no argument and will verify the signature of the
+# file signed.aab in the currenty directory, using the key config from
+# generate-android-signing-key
+
+set -e
+script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+set_config_only=1
+source "$script_dir/generate-android-signing-key"
+
+if test "$#" -ne 0; then
+  echo "Wrong number of arguments" >&2
+  exit 1
+fi
+
+jarsigner -keystore "$script_dir/android-key/${key_alias}-private.p12" \
+          -storepass "${key_password}" -verify -verbose -certs signed.aab \
+          -verbose "${key_alias}"

tools/signing/generate-keys/verify-apk

+#!/bin/bash
+# This script takes no argument and will verify the signature of the
+# file signed.apk in the currenty directory, using the key config from
+# generate-android-signing-key
+
+set -e
+script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+set_config_only=1
+source "$script_dir/generate-android-signing-key"
+
+if test "$#" -ne 0; then
+  echo "Wrong number of arguments" >&2
+  exit 1
+fi
+
+jarsigner -keystore "$script_dir/android-key/${key_alias}-private.p12" \
+          -storepass "${key_password}" -verify -verbose -certs signed.apk \
+          -verbose "${key_alias}"