Add Comment
|
Related Links
|
TrackBack
How to Deal with INSTALL_PARSE_FAILED_NO_CERTIFICATES and "Application not installed"For a long time, I have refrained from upgrading to JDK 7, because the new jarsigner signs the Android certificate differently, prevent the Android package to install properly. So I have stayed with JDK 6 on both Linux and Mac OS X. But, recently, with Android API 21, JDK 6 is becoming obsolete as Java reports various warning to upgrade. Now that JDK 8 is out, I have thought the problem would be fixed by now. So I upgraded to JDK 8 on both Linux and Mac OS X. Rebuilt one of our Android apps to test it out. It installed on my Google LG Nexus 5 just fine and operated properly. So I submitted the app to several app stores and crossed my fingers. A day later, NOOK Developer Program contacted me and reported that the Android app will not install due to "INSTALL_PARSE_FAILED_NO_CERTIFICATES". NOOK Developer Program reported failing on these devices: NOOK Color (Froyo) 1.4 They also reported that it did not fail on these devices: Samsung Galaxy Tab 4 NOOK 7.0 (KitKat) 4.4 That caused me some headache, because it installed fine on Google LG Nexus 5, which was running Android 5. Then it daunted on me that the failed NOOK devices are still running much older Android operating system (OS). I pulled out my Samsung Galaxy S, which was still running Android 2.2.3 (Gingerbread). Voila! When I tried to install the same app, I get the "Application not installed" error. Apparently, Google has fixed this problem on the Android OS side, but not the development side. That means JDK 7, 8, and future versions will continue to have this problem with the original Android keystore certificates. Therefore, it's time to solve this problem once and for all. This article will explain how. We will go through all of the pitfalls that we encountered, so that you can use this article to understand and resolve the issue for yourself. Jarsigner with -sigalg MD5withRSA -diagestalg SHA1Most people on the web explained that to resolve this issues, simply add "-sigalg MD5withRAS -diagestalg SHA1" when executing jarsigner. While this solution did work for some people, it did not for many others. The problem is this: jarsigner error: java.security.SignatureException: private key algorithm is not compatible with signature algorithm I suspect that keytool, by default, create certificate using MD5withRSA at one point, but changed at a later point. Our certificate is circa 2010 and is not compatible with MD5withRSA. Keytool with -sigalg MD5withRSA -keyalg RSA -keysize 1024Many folks reported that the cure for the previous section is to generate a new certificate with keytool using "-sigalg MD5withRSA -keyalg RSA -keysize 1024". Although many accepts this method as the answer it really isn't unless you are building a brand new Android app that has never been submitted to any Android market before. The reason is because if someone had an older version of your app installed on a device, that Android device will reject any new version of the app unless the new version has the same certificate. Signing a new version of the app with a new certificate will cause the app to fail to install on those Android devices. Our apps has been on various Android markets for years. Needless to say, this solution does not work for us. The second reason this cure is not the solution is because the MD5withRSA is a really old algorithm that is being obsoleted. Many in the security industry no longer accept it for use. In addition, if you are going to create a brand new certification, you might as well use the default to use the latest and greatest technology. Why go backward when you are creating something brand new? The Real Solution: Know Your CertificateThe real solution is to determine the algorithm used to create your original certificate, so that you can use the correct argument with jarsigner. You can see the certificates in your keystore with the following command: keytool -list -v -keystore "${keyFile}" You'll need to substitute "${keyFile}" with your keystore file. And you'll, of course, need your keystore password to access it. In our case, once we did that, we found that the certificate we used for our Android apps shows the following property: Signature algorithm name: SHA1withDSA Jarsigner with -sigalg SHA1withDSA -diagestalg SHA1After understanding that we generated our certificate using the SHA1withDSA algorithm, it's relatively easy to solve this problem. We simply executed jarsigner with "-sigalg SHA1withDSA -diagestalg SHA1". With these new arguments, jarsigner no longer complains and signs our test app successfully. The test app installs onto our Google LG Nexus 5 and Samsung Galaxy S as normal. And after submitting our test app to NOOK app store, NOOK Developer Program reports that the app passes with flying color. Life is all good again. Until next time--same bat time, same bat channel. Mel
Add Comment
|
Related Links
|
TrackBack
Did your message disappear? Read the Forums FAQ. Add CommentSpam Control | * indicates required field TrackBackTrackBack only accepted from WebSite-X Suite web sites. Do not submit TrackBacks from other sites. Send Ping | TrackBack URL | Spam Control No TrackBacks yet. TrackBack can be used to link this thread to your weblog, or link your weblog to this thread. In addition, TrackBack can be used as a form of remote commenting. Rather than posting the comment directly on this thread, you can posts it on your own weblog. Then have your weblog sends a TrackBack ping to the TrackBack URL, so that your post would show up here. Messages, files, and images copyright by respective owners. |
Products
|
Services
52 Users Online
|
Copyright © 1996 - 2024. All Rights Reserved. |