摘要 |
Provided are a multi-party authorized APK signing method and system, comprising: signature servers of different terminal device manufacturers use respective work private keys to sign the signed data comprising an original APK file to generate signature data of different terminal device manufacturers, and place a manufacturer work public key certificate into the signature data of the terminal device manufacturers or pre-install in a terminal device; an receipt institution signature server forms the signature data of different terminal device manufacturers into a signed APK file in a DER format in a time sequence of signatures, the signed APK file comprising the original APK file and a signature file header, and the signature file header comprising data for identifying a signed file and identifying the number of the signature data of the terminal device manufacturers, and the specific positions of the signature data in the signed APK file; the terminal device acquires the signed APK file, and, after determining that the signed APK file contains the corresponding terminal device manufacturer signature data, positions and authenticates the terminal device manufacturer signature data, and allows installation and operation after the authentication succeeds. |