ENTERPRISE This is a SignServer Enterprise feature.
The signer has the fully qualified class name: org.signserver.module.apk.signer.ApkLineageSigner
Overview
The APK Lineage Signer supports Android Package Kit (APK) key rotation. Key rotation supports signing with a new key by rolling over to the new key using a lineage file.
The APK Lineage Signer allows you to print the content of an APK lineage file and update it, that is, changing the capabilities of one of the signers. This requires that the APK Lineage Signer points to the APK Signer you want to modify in the lineage file (by setting the OTHER_SIGNERS property). The lineage file is then sent in together with the updated capability options and returns an updated lineage file.
Note that this signer is configured without a crypto token, as no crypto token is used from this signer but instead from the other signers.
For more information on Android signing and how to set it up in SignServer, see Setting up Android Signing.
Available Properties
| Property | Description | Required |
|---|
| APK Signer to update lineage for. Specify exactly one signer, pointing out the signer to update in the lineage. |  |
| SET_INSTALLED_DATA | Specifies the installed data capability of the signer in the updated lineage (true or false), if set. Default: unset. |
|
| SET_SHARED_UID | Specifies the shared UID capability of the signer in the updated lineage (true or false), if set. Default: unset. |
|
| SET_PERMISSION | Specifies the permission capability of the signer in the updated lineage (true or false), if set. Default: unset. |
|
| SET_ROLLBACK | Specifies the rollback capability of the signer in the updated lineage (true or false), if set. Default: unset. |
|
| SET_AUTH | Specifies the auth capability of the signer in the updated lineage (true or false), if set. Default: unset. |
|
Request Parameters
| Property | Description |
|---|
| PRINT_CERTS | If set to true, the process output is a textual representation of the signers in the supplied lineage file instead of an updated lineage. Accepted values: true or false. If set to false (or not included), the output is the updated lineage for the specified signer (default). |
Worker Log Fields
| Field | Description |
|---|
| REQUEST_DIGEST | A message digest (hash) for the request document in hex encoding. |
| REQUEST_DIGEST_ALGORITHM | The name of the message digest (hash) algorithm used for the request digest in the log. |
| RESPONSE_DIGEST | A message digest (hash) for the response document in HEX encoding. |
| RESPONSE_DIGEST_ALGORITHM | The name of the message digest (hash) algorithm used for the response digest in the log. |