| #!/bin/sh |
| # |
| # Copyright 2018 Fairphone B.V. |
| # |
| # Copy a PKCS8 key (as used for AOSP builds) into a JKS keystore for |
| # signing Android apps using Gradle (and Android Studio). |
| # |
| # This script expects environment variables containing password to use for |
| # encrypting key and keystore: |
| # |
| # export KEY_PASSWORD=abcd1234 |
| # export STORE_PASSWORD=efgh5678 |
| # |
| # The original key is assumed to not be password protected. |
| # |
| # Default variables can be overwritten by setting environment variables: |
| # |
| # - ORIGINAL_KEY_DIR |
| # Location of existing keys. Default: ./fp2-keys/security |
| # - ORIGINAL_KEY_STEM |
| # Basename of the key to store. Default: platform |
| # - KEYSTORE_DIR |
| # Path of output keystore. Default: Current working directory |
| # - STORE_FILENAME |
| # Filename of new keystore. Default: release.keystore |
| # - KEY_ALIAS |
| # Alias of key in new keystore. Default: ReleaseKey |
| |
| set -e |
| set -u |
| set -x |
| |
| readonly ORIGINAL_KEY_DIR="${ORIGINAL_KEY_DIR:-./fp2-keys/security}" |
| readonly ORIGINAL_KEY_STEM="${ORIGINAL_KEY_STEM:-platform}" |
| readonly KEYSTORE_DIR="${KEYSTORE_DIR:-.}" |
| |
| readonly KEY_ALIAS="${KEY_ALIAS:-ReleaseKey}" |
| readonly STORE_FILENAME="${STORE_FILENAME:-release.keystore}" |
| |
| readonly KEY_STEM="${ORIGINAL_KEY_DIR}/${ORIGINAL_KEY_STEM}" |
| readonly STORE_PATH="${KEYSTORE_DIR}/${STORE_FILENAME}" |
| |
| # Convert *.pk8 private key to PEM format |
| openssl pkcs8 \ |
| -nocrypt \ |
| -in "${KEY_STEM}.pk8" \ |
| -inform DER \ |
| -out "${KEY_STEM}.priv.pem" \ |
| -outform PEM \ |
| -passout env:KEY_PASSWORD |
| |
| # Create PKCS12 keystore from PEM (private and public) keys |
| openssl pkcs12 -export \ |
| -in "${KEY_STEM}.x509.pem" \ |
| -inkey "${KEY_STEM}.priv.pem" \ |
| -out "${STORE_PATH}.pk12" \ |
| -name "${KEY_ALIAS}" \ |
| -password env:STORE_PASSWORD |
| |
| # Convert PKCS12 keystore to JKS format used by gradle |
| keytool -importkeystore \ |
| -srckeystore "${STORE_PATH}.pk12" \ |
| -srcstoretype PKCS12 \ |
| -destkeystore "${STORE_PATH}" \ |
| -deststoretype JKS \ |
| -alias "${KEY_ALIAS}" \ |
| -srcstorepass:env STORE_PASSWORD \ |
| -deststorepass:env STORE_PASSWORD \ |
| -destkeypass:env KEY_PASSWORD |
| |
| # Clean up intermediary files |
| rm -f \ |
| "${KEY_STEM}.priv.pem" \ |
| "${STORE_PATH}.pk12" |