diff options
| author | Alex Klyubin <klyubin@google.com> | 2016-02-17 13:13:07 -0800 |
|---|---|---|
| committer | Vishnu Vardhan Reddy Naini <vishnu@vishnunaini.com> | 2017-02-24 22:52:43 +0530 |
| commit | 132f0a9d42a59fcb96a34c8781da690fa97332d7 (patch) | |
| tree | 36357c228df9d0d608a5b28052c93af5f57ce0f1 | |
| parent | 1b883b45d9bf4582425d2b1cf5ad3a2c6853e084 (diff) | |
| download | android_development-132f0a9d42a59fcb96a34c8781da690fa97332d7.tar.gz android_development-132f0a9d42a59fcb96a34c8781da690fa97332d7.tar.bz2 android_development-132f0a9d42a59fcb96a34c8781da690fa97332d7.zip | |
Switch from SHA-1 to SHA-256 for new signing key certs.cm-14.1_old
This is to move OTA update package verification logic for new Android
devices from SHA-1 to SHA-256.
Prior to this change the script which generates new signing keys
used SHA-1 in certificates. This change switches the script from SHA-1
to SHA-256. The reason is that OTA updates are accepted only if they
are signed using the same digest algorithm as in the certificate.
Bug: 25643280
Bug: 20580998
Change-Id: I9babe85946a43697aeb4309837504aea25e26763
| -rwxr-xr-x | tools/make_key | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/tools/make_key b/tools/make_key index 6d1ed4717..a6cf49c0d 100755 --- a/tools/make_key +++ b/tools/make_key @@ -51,7 +51,7 @@ read -p "Enter password for '$1' (blank for none; password will be visible): " \ if [ "${3}" = "rsa" -o "$#" -eq 2 ]; then ( openssl genrsa -f4 2048 | tee ${one} > ${two} ) & - hash="-sha1" + hash="-sha256" elif [ "${3}" = "ec" ]; then ( openssl ecparam -name prime256v1 -genkey -noout | tee ${one} > ${two} ) & hash="-sha256" |