Android studio apk签名 必须明白的概念 流程 证书指纹获取 apk默认名称修改 详解

（一）一些必须明白的基本概念：

此处翻译Android官网 Android Studio 部分下面的 Publish your app 的 部分文档，这里删减了一些与上传应用到 Google Play 的部分 ，也就没介绍 Android App Bundles 、上传秘钥和上传秘钥库等概念，感兴趣的同学 可去 官网 自己学习。

一、Keys, certificates, and keystores 即密钥、证书和密钥库

A public key certificate (.der or .pem files), also known as a digital 
certificate or an identity certificate, contains the public key of a 
public/private key pair, as well as some other metadata identifying the 
owner (for example, name and location) who holds the corresponding 
private key.

公钥证书（.der或.pem文件），也称为数字证书或身份证书，包含公钥/私钥对的公钥，以及标识持有相应私钥的所有者（例如，名称和位置）的某些其他元数据。

When signing your app, the signing tool attaches the certificate to your 
app. The certificate associates the APK or app bundle to you and your 
corresponding private key. This helps Android ensure that any future 
updates to your app are authentic and come from the original author. The 
key used to create this certificate is called the app signing key.

在为应用程序签名时，签名工具会将证书附加到应用程序。证书将APK或应用程序捆绑包与您和相应的私钥相关联。这有助于Android确保您的应用程序的任何未来更新都是真实的，并且来自原始作者。用于创建此证书的密钥称为应用程序签名密钥。

The certificate can be shared with anyone. It does not contain your 
private key.

证书可以与任何人共享。它不包含您的私钥。

Every app must use the same certificate throughout its lifespan in order 
for users to be able to install new versions as updates to the app.

每个应用程序在其整个生命周期中都必须使用相同的证书，以便用户能够安装新版本作为应用程序的更新。

A certificate fingerprint is a short and unique representation of a 
certificate that is often requested by API providers alongside the 
package name to register an app to use their service. 

证书指纹是一种简短且唯一的证书表示形式，通常由API提供者在包名旁边请求该证书以注册应用程序以使用其服务。
证书指纹 分为 MD5、SHA-1 和 SHA-256指纹。
常见的API提供者，比如：微信开放平台 需要提供MD5证书指纹 和 包名，百度地图开放平台 需要提供SHA-1 证书指纹 和 包名，下面会介绍如何获取证书指纹。

The following are the different types of keys and keystores you should 
understand:

以下是你应该了解的不同类型的密钥和密钥库：

App signing key: The key that is used to sign APKs that are installed on  
a user's device. As part of Android’s secure update model, the signing  
key never changes during the lifetime of your app. The app signing key 
is private and must be kept secret. You can, however, share the 
certificate that is generated using your app signing key.

应用程序签名密钥：用于对安装在用户设备上的apk进行签名的密钥。作为Android安全更新模型的一部分，签名密钥在应用程序的生命周期内不会更改。应用程序签名密钥是私有的，必须保密。但是，你可以共享使用应用程序签名密钥生成的证书。

Java keystore (.jks or .keystore): A binary file that serves as a  
repository of certificates and private keys.

Java密钥库（.jks或.keystore）：用作证书和私钥存储库的二进制文件。

二、Sign your debug build 签署调试版本

When running or debugging your project from the IDE, Android Studio 
automatically signs your app with a debug certificate generated by the 
Android SDK tools. The first time you run or debug your project in 
Android Studio, the IDE automatically creates the debug keystore and 
certificate in $HOME/.android/debug.keystore, and sets the keystore and key passwords.

当从IDE运行或 调试项目时，Android Studio会使用 Android SDK工具生成的调试证书 自动 为应用程序签名。第一次在Android Studio中运行或调试项目时，IDE会 自动 在$HOME/.Android/debug.keystore中创建调试密钥库和证书，并设置密钥库和密钥密码。

Because the debug certificate is created by the build tools and is 
insecure by design, most app stores (including the Google Play Store) do 
not accept apps signed with a debug certificate for publishing.

由于调试证书是由生成工具创建的，并且设计上不安全，因此大多数应用程序商店（包括Google Play商店）不接受使用调试证书签名的应用程序进行发布。

Android Studio automatically stores your debug signing information in a 
signing configuration so you do not have to enter it every time you 
debug. A signing configuration is an object consisting of all of the 
necessary information to sign your app, including the keystore location, 
keystore password, key name, and key password. You cannot directly edit 
the debug signing configuration, but you can configure how you sign your 
release build.

Android Studio自动将您的调试签名信息存储在签名配置中，因此您不必在每次调试时都输入它。签名配置是一个对象，包含用于对应用程序进行签名的所有必要信息，包括密钥库位置，密钥库密码，密钥名称和密钥密码。你 不能直接编辑 调试签名 配置，但是可以配置对 发布版本 进行签名的方式。

Expiry of the debug certificate 调试证书到期

The self-signed certificate used to sign your app for debugging has an 
expiration date of 30 years from its creation date. When the certificate 
expires, you get a build error.

用于为应用程序签名以进行调试的自签名证书的有效期为自创建之日起30年。证书过期时，将出现生成错误。

To fix this problem, simply delete the debug.keystore file stored in one 
of the following locations:
 - ~/.android/ on OS X and Linux
 - C:\Documents and Settings\user\.android\ on Windows XP
 - C:\Users\user\.android\ on Windows Vista and Windows 7, 8, and 10

The next time you build and run a debug version of your app, Android 
Studio regenerates a new keystore and debug key.

要解决此问题，只需删除debug.keystore以下位置之一中存储的文件：

• ~/.android/ 在OS X和Linux上
• C:\Documents and Settings\user.android\ 在Windows XP上
• C:\Users\user.android\ 在Windows Vista和Windows 7、8和10上

下次你构建和运行应用程序的调试版本时，Android Studio会重新生成新的密钥库和调试密钥。

三、Generate an upload key and keystore 生成上传密钥和密钥库

If you don't already have an upload key, which is useful when opting in 
to App signing by Google Play, you can generate one using Android Studio 
as follows:

如果您还没有上传密钥（在选择通过Google Play进行应用签名时非常有用），则可以使用Android Studio生成一个密钥，如下所示：

1. In the menu bar, click Build > Build > Generate Signed Bundle/APK.
   在菜单栏中，单击 Build > Build > Generate Signed Bundle/APK。
2. In the Generate Signed Bundle or APK dialog, select Android App Bundle or APK and click Next.
   在 “Generate Signed Bundle or APK” 对话框中，选择“ Android App Bundle ”或“ APK”，然后单击“ 下一步”。
3. Below the field for Key st