Is there any existing solution on signing and verifying shared library (.so) in android/Linux?
Thanks!
Is there any existing solution on signing and verifying shared library (.so) in android/Linux?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Is there any existing solution on signing and verifying shared library (.so) in android/Linux?
Thanks!
Assuming you’re verifying the library from a normal Android app that you’ve built and signed, you could just add a build step (after the NDK build but before the Java build) to generate a Java class with the SHA1 sums (or a stronger hash function, if you prefer) of the .so files in your project. Build that generated Java class into your app, and verify at runtime. If the signature on your APK hasn’t been tampered with, you can assume the values in the generated Java class are correct, so they must match the runtime-calculated hashes of the libraries.
Note that you may have to pick between a couple copies of the stored hash value if you’re building for several platforms (arm, armv7-a, x86, etc.).