tags:

views:

185

answers:

1
+4  Q: 

Keystore and Aliases - is there a use to multiple aliases?

When exporting a signed Android application using Eclipse, is there a purpose to using multiple aliases? According to the official guide about signing, it's recommended that you sign all applications with the same certificate to allow your applications to share data, code and be updated in modular fashion. Assuming that "alias", "key" and "certificate" are essentially interchangeable in this context, is there a reason why someone would want to use different aliases for all their applications? The only reason I can think of is that it adds more security to your applications, in the sense that a compromised key/password doesn't compromise everything. Are there other reasons?

Also, is the generated key dependent on the name of the alias? In other words, if you change the name of the alias but not the password, would the generated certificate be different?

Thanks.

+1  A: 

Aliases and passwords don't affect the certificate - you can change those at will.

There are a couple of reasons I can think of in which you may end up with multiple certificates, although they're probably both a bit of a stretch!

If you need two (or more) developers to be able to make releases (independently of each other/a third party/etc), you'd have to share the private key and password for signing the APK. If you have 3 projects and only collaborate on one of them, you probably don't want to be sharing a single key which lets them sign releases for all three of your projects, so you'd have separate keys in your keystore.

Of course, ideally, you wouldn't be sharing private keys, and you'd only have one person making releases. This can still give rise to a situation where you'd need to sign different projects with different keys - if I'm the person who signs releases for BigCompany, I'm going to have one certificate in the name of BigCompany which I use to sign their releases, and my own certificate to sign anything I do myself.

You also have to remember that the keystore is a generic Java construction - there are lots of non-Android uses for it which would entail having multiple certs.

Chris Smith  2010-05-22 18:20:38

related questions

Exposing a remote interface or object model.
Rolling back bad changes with svn in Eclipse
Prevent SWT scrolledComposite from eating part of it's children
Can't create a subversion repository with Eclipse 3.4.0, svn 1.5.1
Do Java multi-line comments account for strings?
Testing a client-server application
Best GUI designer for eclipse?
vim commands in Eclipse
Eclipse 3.2.2 content assist not finding classes in the project
Cannot add a launch shortcut (Eclipse Plug-in)
eclipse javascript editor
Libraries for pretty charts in SWT?
Drag and Drop an Email from MS Outlook to Eclipse RCP
Useful Eclipse features?
What tools do you use to develop C++ applications on Linux?
Map VS2008 keyboard shortcuts to Eclipse
Android Development
How to setup Groovy + Eclipse + Junit4 ?
Can I script FlexBuilder without writing an extension?
I would like a recommendation for a book on Eclipse's Rich Client Platform (RCP).
Eclipse : Class file name must end with .class exception in Java Search
Eclipse on win64
Do you have any recommended plugins for Eclipse?
How can I unit test Flex applications from within the IDE or a build script?
How can you get Subclipse in Aptana to work with the newest release of Subversion?