What is contained in "./META-INF/CERT.RSA" file for an Android app?

user3361508 picture user3361508 · Mar 19, 2014 · Viewed 31.1k times · Source

I am new to cryptography certificate and am trying to figure out the components of "CERT.RSA" file under "./META-INF" folder for an Android application.

To my understanding, "CERT.RSA" is used to verify the signiture of "CERT.SF" file under the same directory. It should consist of the certificate meta info (subject, issuer, Series number, etc.), the signature of "CERT.SF" signed by developers private key, and the public key used to verify the signature.

How can I derive the above components from "CERT.RSA" file? Especially, how can I retrieve the public key from the "CERT.RSA"?

I tried to use the following commands to reveal signing certificate. When people talk about signing certificate, is it (the following output) the public keys or the signed signature?

>> openssl pkcs7 -inform DER -print_certs -out cert.pem -in CERT.RSA
>> cat cert.pem

subject=/C=SE/ST=Kista/L=Kista/O=Javsym/OU=Mobile Visuals/CN=Eyvind Almqvist
issuer=/C=SE/ST=Kista/L=Kista/O=Javsym/OU=Mobile Visuals/CN=Eyvind Almqvist
-----BEGIN CERTIFICATE-----
MIICWzCCAcSgAwIBAgIETVPFgjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJT
RTEOMAwGA1UECBMFS2lzdGExDjAMBgNVBAcTBUtpc3RhMQ8wDQYDVQQKEwZKYXZz
eW0xFzAVBgNVBAsTDk1vYmlsZSBWaXN1YWxzMRgwFgYDVQQDEw9FeXZpbmQgQWxt
cXZpc3QwIBcNMTEwMjEwMTEwMTIyWhgPMjA2MTAxMjgxMTAxMjJaMHExCzAJBgNV
BAYTAlNFMQ4wDAYDVQQIEwVLaXN0YTEOMAwGA1UEBxMFS2lzdGExDzANBgNVBAoT
BkphdnN5bTEXMBUGA1UECxMOTW9iaWxlIFZpc3VhbHMxGDAWBgNVBAMTD0V5dmlu
ZCBBbG1xdmlzdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjwLlwflQ2zoC
1EeCkICSqYTSkdv6Xj0YCqoQsuLJw0pwDbz5qRos61Ub0ZxWCa4TfXu1NJmuD4j+
LwQYvAR6JO985y4zjH1Ee5qZmHDC5yoSRko6P8B4KfmBm8E8CryhUjN7vNLUfG2o
XrmXK+g5KKTx3wzWlb4+AdAS7/NlDVkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAS
CxdfvR/LHPlULkCsoGw9/Q2ZhsTlPr7fZw32sef9vnz1hqd6iMDsLC2c34yRVJfb
t6dZCVO9/gWMURIZ7NmT36uBFAUB+XkGK+5/ot3YEJicEwmk/Nvj1Tzo3PjBX3ZD
lLBpEPgc3IUOhgMyzDR+ytgFlH0MkDps6FApunUpiQ==
-----END CERTIFICATE-----

By using the following command, I could get the meta info of this certificate:

>> keytool -printcert -file CERT.RSA

Owner: CN=Eyvind Almqvist, OU=Mobile Visuals, O=Javsym, L=Kista, ST=Kista, C=SE
Issuer: CN=Eyvind Almqvist, OU=Mobile Visuals, O=Javsym, L=Kista, ST=Kista, C=SE
Serial number: 4d53c582
Valid from: Thu Feb 10 06:01:22 EST 2011 until: Fri Jan 28 06:01:22 EST 2061
Certificate fingerprints:
     MD5:  58:94:63:63:C1:ED:4C:02:CE:90:CE:64:DA:D7:4A:E4
     SHA1: 17:5C:44:E3:A6:1A:F2:4F:A5:78:6E:C7:F0:42:4C:AD:E6:F5:CA:DF
     Signature algorithm name: SHA1withRSA Version: 3

Is there other tools/commands I can use to get more complete info from "CERT.RSA"?

Thanks a lot for any inputs!

Answer

Ted picture Ted · Aug 12, 2015

If you only want to get the part of public-key out of the CERT.RSA file, you can try out the following method:

  1. convert CERT.RSA to a standard pem file:

openssl pkcs7 -in CERT.RSA -inform DER -print_certs -out cert.pem

  1. get public key from the pem file:

openssl x509 -in cert.pem -pubkey -noout