All Products
Search
Document Center

How to solve the issue that the offline package's signature verification failure

Last Updated: Mar 24, 2021

Definitions

The principle and effect of signature verification for offline packages are as described in Offline package introduction. The failure of signature verification does not directly cause an H5 application to be unavailable, but the H5 container will be unable to locally obtain the resources of the H5 application. All traffic falls back to the online CDN, which affects user experience and system performance to some extent.
Principle diagram

Common symptoms

  • You can open the offline package application only when the network is connected.
  • The H5 application is loading slowly.

The basic troubleshooting

  1. Check whether the console enables signature verification for offline packages (the private key used to create signatures for offline packages has been uploaded).
    Check whether the H5 container on the client enables signature verification for offline packages.
    The common configuration combinations and results are as follows:

    • ⚠️Console ON/Client ON: Signature verification may fail due to the mismatch of the private key for verifying signatures.
    • ❓Console ON/Client OFF: The problem may not be related to signature verification.
    • ❌Console OFF/Console ON: The signature verification is bound to fail.
    • ❓Console ON/Console OFF: The problem may not be related to signature verification.
      ⚠️Note: Whether the configuration of signature verification on the client takes into effect is a checkpoint that is easy to be ignored.
  2. Grab Charles and Fiddler data packets to confirm an amr file download and check whether fallback traffic exists.

    • ⚠️If the amr file corresponding to the offline package is being downloaded, and fallback traffic exists, the signature verification may fail.
    • ❌If no amr file is being downloaded, but fallback traffic still exists, you cannot completely exclude other reasons, for example, the offline package fails to be preset or downloaded.
      Grab data packets
  3. View client log to determine the result of signature verification.

    • ❌Search signature verify result in the Android client log to determine whether signature verification failure exists according to the context of the log.
      View Log

Solution

Double-check the configuration of signature verification for offline packages based on the document. Confirm the private key uploaded by the console matches the public key configured on the client.

Note: if you re-upload the private key used to create signatures for offline packages in the console, all offline packages need to be re-uploaded and amr and h5_json files be reproduced.