BASIC! Compiler Custom Certificate Howto

This howto is intended for power users only, it allows you to create your own certificate in order to sign your Android applications (APKs) with the Android BASIC! Compiler com.rfo.compiler.

By following this howto you understand that your private certificate will be stored unprotected on your Android device in the file sdcard/com.rfo.compiler/data/key.pk8 aka the unprotected private key.

By using this howto you agree that the protection of your unprotected private key from unwanted access is your responsibility and yours only.

The creator of the BASIC! Compiler com.rfo.compiler: Mr Nicolas Mougin (aka mougino) cannot be held liable for any loss or misuse by a third-party of your unprotected private key.

P0. Install Android Certificate Utilities

All following methods make use of the collection of utilities AndroCertif written by mougino.

First thing to do is to download the zip at http://mougino.free.fr/androcertif.html and unzip it in a folder on your computer.

If you have previously created a Java KeyStore (JKS), using Android Studio or Eclipse or keytool/openssl (or any other utility...) then you can directly go to paragraph P2. Convert your JKS to PEM+PK8.

Else continue to paragraph P1. Create a Java KeyStore.

P1. Create a Java KeyStore

Navigate to the unzipped folder of AndroCertif and double-click on JKS-MAKER.exe.

Fill all the fields of information and click Ok, then enter an Alias (can be anything, usually a nickname like "mougino") and a Password (more than 6 characters are needed) and finally save your keystore in a safe folder on your computer.

After successful creation of the JKS, answer "Yes" at the question "Convert to PEM + PK8 ?".

Two files will be created next to your Java KeyStore:

  • cert.x509.pem
  • key.pk8 (aka your unprotected private key)

Be very careful to never share these two files with anyone, particularly the unprotected private key which contains private information in clear.

You can now go to paragraph P3. Instal certificate to your Android device

P2. Convert your JKS to PEM+PK8

If you already have a Java KeyStore (JKS), navigate to the unzipped folder of AndroCertif and double-click on JKS2PEM+PK8.exe.

Click on the [...] button under "1. Load the java keystore (jks)" and navigate to your existing Java KeyStore and open it.

Type its password and press Enter. If the password is correct, press Enter a second time, or click with the mouse on the newly enabled button [3. CONVERT TO PEM + PKCS8].

Two files have now been created next to your Java KeyStore:

  • cert.x509.pem
  • key.pk8 (aka your unprotected private key)

Be very careful to never share these two files with anyone, particularly the unprotected private key which contains private information in clear.

You can now go to the next paragraph P3. Instal certificate to your Android device

P3. Instal certificate to your Android device

Plug your Android device to your computer and navigate to the internal memory (or sdcard/) until you're in the folder com.rfo.compiler/data/.

Copy the two files created previously: cert.x509.pem and key.pk8 from your computer to this folder of your Android device.

You're done!

Now all your future compilations with the BASIC! Compiler will make use of your custom certificate instead of the default RFO BASIC! certificate.

P4. Know what certificate your APK was signed with

If you want to check that your APK has been correctly signed with your custom certificate, and not the default one, or if you have a doubt later one with what certificate an APK was signed (yours or a third-party), you can do the following:

First (if needed) plug your Android device to your computer and copy the APK you're interested in to a local folder of your computer.

Then navigate to the unzipped folder of AndroCertif and double-click on APK-CERT-INFO.exe.

In the "Open APK" dialog, browse to where the APK is stored. The next window shows you at a glance all the certificate information the APK has been signed with.