How to sign an android apk file

Question

I am trying to sign my apk file  I can t figure out how to do it  I can t find good in-depth directions  I have very little programing experience  so any help would be appreciated

User · Answer

APK Signing Process

To manually sign an Android APK file run these three commands:

Generate Keystore file

keytool -genkey -v -keystore YOUR_KEYSTORE_NAME.keystore -alias ALIAS_NAME -keyalg RSA -keysize 2048 -validity 10000

Sign Your APK file using jarsigner

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore KEYSTORE_FILE_PATH UNSIGNED_APK_PATH ALIAS_NAME

Align Signed APK using zipalign tool

zipalign -v 4 JARSIGNED_APK_FILE_PATH ZIPALIGNED_SIGNED_APK_FILE_PATH

STEP 1

`Generate Keystore file`

keytool -genkey -v -keystore YOUR_KEYSTORE_NAME.keystore -alias ALIAS_NAME -keyalg RSA -keysize 2048 -validity 10000

Example:

keytool -genkey -v -keystore id.keystore -alias MySignedApp -keyalg RSA -keysize 2048 -validity 10000

keystore password : yourApp@123 key password : yourApp@123

CMD O/P

D:\ru\SignedBuilds\MySignedApp>keytool -genkey -v -keystore id.keystore
 -alias MySignedApp -keyalg RSA -keysize 2048 -validity 10000
Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]:  MySignedApp Sample
What is the name of your organizational unit?
  [Unknown]:  Information Technology
What is the name of your organization?
  [Unknown]:  MySignedApp Demo
What is the name of your City or Locality?
  [Unknown]:  Mumbai
What is the name of your State or Province?
  [Unknown]:  Maharashtra
What is the two-letter country code for this unit?
  [Unknown]:  IN
Is CN=MySignedApp Demo, OU=Information Technology, O=MySignedApp Demo, L=Mumbai, ST=Maharashtra, C=IN corr
ect?
  [no]:  y

Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 10,
000 days
        for: CN=MySignedApp Demo, OU=Information Technology, O=MySignedApp Demo, L=Mumbai, ST=Maharashtra,
 C=IN
Enter key password for <MySignedApp>
        (RETURN if same as keystore password):
Re-enter new password:
[Storing id.keystore]

D:\ru\SignedBuilds\MySignedApp>

STEP 2

`Sign your app with your private keystore using jarsigner`

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore KEYSTORE_FILE_PATH UNSIGNED_APK_PATH ALIAS_NAME

Example

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore D:\ru\SignedBuilds\MySignedApp\id.keystore D:\ru\SignedBuilds\MySignedApp\MySignedAppS1-release-unsigned.apk id

CMD O/P

D:\ru\SignedBuilds\MySignedApp>jarsigner -verbose -sigalg SHA1withRSA -
digestalg SHA1 -keystore D:\ru\SignedBuilds\MySignedApp\id.keystore D:\ru\SignedBuilds\MySignedApp\MySignedAppS1-release-unsigned.apk id ---
ect
Enter Passphrase for keystore:
   adding: META-INF/MANIFEST.MF
   adding: META-INF/---.SF
   adding: META-INF/---.RSA
  signing: AndroidManifest.xml
  ..... 
    signing: classes.dex
  signing: lib/commons-codec-1.6.jar
  signing: lib/armeabi/libkonyjsvm.so
jar signed.

Warning:
No -tsa or -tsacert is provided and this jar is not timestamped. Without a timestamp, users may not
be able to validate this jar after the signer certificate's expiration date (2044-02-07) or after an
y future revocation date.

D:\ru\SignedBuilds\MySignedApp>

`Verify that your APK is signed`

jarsigner -verify -verbose -certs JARSIGNED_APK_FILE_PATH

Example

jarsigner -verify -verbose -certs MySignedAppS1-release-unsigned.apk

CMD O/P

D:\ru\SignedBuilds\MySignedApp>jarsigner -verify -verbose -certs MySignedAppS1-release-unsigned.apk
 s = signature was verified
  m = entry is listed in manifest
  k = at least one certificate was found in keystore
  i = at least one certificate was found in identity scope

jar verified.

Warning:
This jar contains entries whose certificate chain is not validated.
This jar contains signatures that does not include a timestamp. Without a timestamp, users may not b
e able to validate this jar after the signer certificate's expiration date (2044-02-09) or after any
 future revocation date.

D:\ru\SignedBuilds\MySignedApp>

STEP 3

Align the final APK package using zipalign

zipalign -v 4 JARSIGNED_APK_FILE_PATH ZIPALIGNED_SIGNED_APK_FILE_PATH_WITH_NAME_ofSignedAPK

Example

zipalign -v 4 D:\ru\SignedBuilds\MySignedApp\MySignedAppS1-release-unsigned.apk D:\ru\SignedBuilds\MySignedApp\MySignedApp.apk

CMD O/P

D:\Android\android-sdk\build-tools\19.1.0>zipalign -v 4 D:\ru\ru_doc\Signed_apk\MySignedApp\28.09.16
_prod_playstore\MySignedAppS1-release-unsigned.apk D:\ru\ru_doc\Signed_apk\MySignedApp\28.09.16_prod
_playstore\MySignedApp.apk
Verifying alignment of D:\ru\SignedBuilds\MySignedApp\MySignedApp.apk (
4)...

  4528613 classes.dex (OK - compressed)
 5656594 lib/commons-codec-1.6.jar (OK - compressed)
 5841869 lib/armeabi/libkonyjsvm.so (OK - compressed)
Verification succesful

D:\Android\android-sdk\build-tools\19.1.0>

`Verify that your APK is Aligned successfully`

zipalign -c -v 4 YOUR_APK_PATH

Example

zipalign -c -v 4 D:\ru\SignedBuilds\MySignedApp\MySignedApp.apk

CMD O/P

D:\Android\android-sdk\build-tools\19.1.0>zipalign -c -v 4 D:\ru\SignedBuilds\MySignedApp\MySignedApp.apk
Verifying alignment of D:\ru\SignedBuilds\MySignedApp\MySignedApp.apk (
4)...

 4453984 res/drawable/zoomout.png (OK)
 4454772 res/layout/tabview.xml (OK - compressed)
 4455243 res/layout/wheel_item.xml (OK - compressed)
 4455608 resources.arsc (OK)
 4470161 classes.dex (OK - compressed)
 5597923 lib/commons-codec-1.6.jar (OK - compressed)
 5783198 lib/armeabi/libkonyjsvm.so (OK - compressed)
Verification succesful

D:\Android\android-sdk\build-tools\19.1.0>

Note:

The verify command is just to check whether APK is built and signed correctly!

References

I hope this will help one and all :)

User · Answer

Here is a guide on how to manually sign an APK  It includes info about the new apk-signer introduced in build-tools 24 0 3  10 2016   Automated Process   Use this tool  uses the new apksigner from Google    https   github com patrickfav uber-apk-signer   Disclaimer  Im the developer     Manual Process   Step 1  Generate Keystore  only once   You need to generate a keystore once and use it to sign your unsigned apk  Use the keytool provided by the JDK found in  JAVA HOME  bin   keytool -genkey -v -keystore my keystore -keyalg RSA -keysize 2048 -validity 10000 -alias app   Step 2 or 4  Zipalign  zipalign which is a tool provided by the Android SDK found in e g   ANDROID HOME  sdk build-tools 24 0 2  is a mandatory optimzation step if you want to upload the apk to the Play Store   zipalign -p 4 my apk my-aligned apk   Note  when using the old jarsigner you need to zipalign AFTER signing  When using the new apksigner method you do it BEFORE signing  confusing  I know   Invoking zipalign before apksigner works fine because apksigner preserves APK alignment and compression  unlike jarsigner    You can verify the alignment with  zipalign -c 4 my-aligned apk   Step 3  Sign  amp  Verify  Using build-tools 24 0 2 and older  Use jarsigner which  like the keytool  comes with the JDK distribution found in   JAVA HOME  bin  and use it like so   jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my keystore my-app apk my alias name   and can be verified with  jarsigner -verify -verbose my application apk   Using build-tools 24 0 3 and newer  Android 7 0 introduces APK Signature Scheme v2  a new app-signing scheme that offers faster app install times and more protection against unauthorized alterations to APK files  See here and here for more details   Threfore Google implemented their own apk signer called apksigner  duh   The script file can be found in  ANDROID HOME  sdk build-tools 24 0 3   the  jar is in the  lib subfolder   Use it like this  apksigner sign --ks my keystore my-app apk --ks-key-alias alias name   and can be verified with  apksigner verify my-app apk   The official documentation can be found here

User · Answer

For users of IntelliJ IDEA or Android Studio make these steps    From the menu Build Generate signed APK   You need to create a keystore path  From the dialog click Create new  You will create a jks file that includes your keys  Select folder  define a password  So your keystore ok    Create new key by for your application by using alias  key password  your name etc    Click next    From the dialog either select Proguard or not   Your signed APK file is ready   Help file  https   www jetbrains com idea webhelp generate-signed-apk-wizard html

User · Answer

The manual is clear enough  Please specify what part you get stuck with after you work through it  I d suggest   https   developer android com studio publish app-signing html  Okay  a small overview without reference or eclipse around  so leave some space for errors  but it works like this   Open your project in eclipse Press right-mouse -   tools  android tools   -   export signed application  apk   Go through the wizard  Make a new key-store  remember that password Sign your app Save it etc    Also  from the link      Compile and sign with Eclipse ADT      If you are using Eclipse with the ADT   plugin  you can use the Export Wizard   to export a signed  apk  and even   create a new keystore  if necessary     The Export Wizard performs all the   interaction with the Keytool and   Jarsigner for you  which allows you to   sign the package using a GUI instead   of performing the manual procedures to   compile  sign  and align  as discussed   above  Once the wizard has compiled   and signed your package  it will also   perform package alignment with   zip align  Because the Export Wizard   uses both Keytool and Jarsigner  you   should ensure that they are accessible   on your computer  as described above   in the Basic Setup for Signing       To create a signed and aligned  apk in   Eclipse          Select the project in the Package Explorer and select File     Export    Open the Android folder  select Export Android Application  and click   Next       The Export Android Application wizard now starts  which will guide   you through the process of signing   your application  including steps for   selecting the private key with which   to sign the  apk  or creating a new   keystore and private key     Complete the Export Wizard and your application will be compiled    signed  aligned  and ready for   distribution

User · Answer

Don t worry     Follow these below steps and you will get your signed  apk file  I was also worry about that  but these step get ride me off from the frustration  Steps to sign your application    Export the unsigned package    Right click on the project in Eclipse -  Android Tools -  Export Unsigned Application Package  like here we export our GoogleDriveApp apk to Desktop   Sign the application using your keystore and the jarsigner tool  follow below steps    Open cmd-- change directory where your  jarsigner exe  exist  like here in my system it exist at  C  Program Files Java jdk1 6 0 17 bin   Now enter belwo command in cmd      jarsigner -verbose -keystore c  users android debug keystore   c  users pir fahim Desktops GoogleDriveApp apk my keystore alias   It will ask you to provide your password  Enter Passphrase for keystore  It will sign your apk To verify that the signing is successful you can run      jarsigner -verify c  users pir fahim Desktops GoogleDriveApp apk    It should come back with  jar verified   Method 2  If you are using eclipse with ADT  then it is simple to compiled  signed  aligned  and ready the file for distribution what you have to do just follow this steps    File   Export    Export android application  Browse-- select your project  Next-- Next   These steps will compiled  signed and zip aligned your project and now you are ready to distribute your project or upload at Google Play store

User · Answer

I ran into this problem and was solved by checking the min sdk version in the manifest  It was set to 15  ICS   but my phone was running 10 Gingerbread

[android] How to sign an android apk file

APK Signing Process

STEP 1

`Generate Keystore file`

Example:

CMD O/P

STEP 2

`Sign your app with your private keystore using jarsigner`

Example

CMD O/P

`Verify that your APK is signed`

Example

CMD O/P

STEP 3

Align the final APK package using zipalign

Example

CMD O/P

`Verify that your APK is Aligned successfully`

Example

CMD O/P

Note:

References

Examples related to android

Examples related to apk

Examples related to signing