Apkverifier Save

APK Signature verification in Go. Supports scheme v1, v2 and v3 and passes Google apksig's testing suite.

Project README

apkverifier

APK signature verification, should support all algorithms and both scheme v1 and v2, including downgrade attack protection.

Works with Go 1.17 or higher.

Documentation on GoDoc

go get github.com/avast/apkverifier

Vendored stuff

Because Android can handle even broken x509 cerficates and ZIP files, apkverifier is using the ZipReader from apkparser package and vendors crypto/x509 in internal/x509andr and github.com/fullsailor/pkcs7 in the fullsailor/pkcs7 folder. The last two have some changes to handle some not-entirely-according-to-spec certificates.

Example

package main

import (
	"fmt"
	"github.com/avast/apkverifier"
	"os"
)

func main() {
	res, err := apkverifier.Verify(os.Args[1], nil)
	if err != nil {
		fmt.Fprintf(os.Stderr, "Verification failed: %s\n", err.Error())
	}

	fmt.Printf("Verification scheme used: v%d\n", res.SigningSchemeId)
	cert, _ := apkverifier.PickBestApkCert(res.SignerCerts)
	if cert == nil {
		fmt.Printf("No certificate found.\n")
	} else {
		fmt.Println(cert)
	}
}

Open Source Agenda is not affiliated with "Apkverifier" Project. README Source: avast/apkverifier

Stars

Open Issues

Last Commit

7 months ago

Repository

avast/apkverifier

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/apkverifier"><img src="https://www.opensourceagenda.com/projects/apkverifier/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022