I have an APK which I got out of a CI pipeline. The CI pipeline builds in release mode but only generates unsigned APKs.
In order to test the generated APK on a real device, I would like to sign it with my debug key. (I have an earlier version of that APK installed, built locally and signed with my debug key, and would like to keep the data.)
Is that possible? How do I do that from the command line?
Assumig you have a debug key, try this command -
jarsigner -verbose -keystore ~/.android/debug.keystore -storepass android -keypass android path/to/my.apk androiddebugkey
(The default key store resides in ~/.android/debug.keystore, both passphrases are android, and the key alias to use is androiddebugkey.)
And, next to verify its signature use
jarsigner -verify -verbose -certs app-release-unsigned.apk
Note that the APK will be modified; work on a copy if you don’t want that.
Related
I'm trying to deploy an android apk created by Cordova but I'm wrong. Here is my process :
1)Build the release apk : cordova build android --release
2)Generate a keystore : keytool -genkey -v -keystore my-release-key.keystore -alias com.MyCompany.AppsName -keyalg RSA -keysize 2048 -validity 10000
I create password named MyPass, and write all information in the form (name, country,...)
3)Signed the Apps : jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore android-release-unsigned.apk com.MyCompany.AppsName
4)Checked for signing : jarsigner -verify -verbose -certs android-release-unsigned.apk
I get this output :
"jar verified.
Warning:
This jar contains entries whose certificate chain is not validated.
This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2043-12-07) or after any future revocation date."
5)Zip the Apk : "c:\pathtosdk\zipalign.exe" -v 4 android-release-unsigned.apk com.MyCompany.AppsName.apk
6)And then i copy the Apk on a android device.
But when I try to install the Apps, the device ask me to allow unknown sources... like it's not signed.
Is anyone who know where i'm wrong ?
Thanks in advance
Your apk is probably signed and perfectly fine. the reason it asks to allow unknown sources because by default it does not allows to install .apk files from other sources than google play store. Security issues
https://support.google.com/nexus/answer/2812853?hl=en
That's the message you will receive if your not downloading the app from the play store which is true for you case. That doesn't have anything to do with the app being signed.
Try to install a derived a apk. First release your app in Alpha Release of play store. Then download the derived apk from alpha release. I think that will help.
I need to test InAppBilling with my debuggable apk. I tried to sign my debug.apk and upload it, unfortunately it doesn´t work. This is what i have done:
Generate Keystore:
keytool -genkey -v -keystore debug.keystore -alias debug_app -keyalg RSA -validity 10000
Sign APK:
jarsigner -verbose -keystore debug.keystore app-debug.apk debug_app
(Actually i never know to use aligned or unaligend)
Then i ZipAlign it:
zipalign -f -v 4 SomeName.apk app-debug.apk
Now when i do this and install it via:
adb install SomeName.apk
I get a Failure [INSTALL_PARSE_FAILED_NO_CERTIFICATES]
Any ideas? The next step would be to put the signed app-debug.apk to the play Store and test it via Alpha/Beta-Test. I am using ReactNative to build my Android App.
Is that debug.keystore the auto-generated debug keystore?
If it is, you can't. You have to generate a keystore that is not a debug one to be able to upload it.
If you have one that is not a debug one, check Signing Your App Manually section here.
When changing files in an extracted APK, I re-zip it, change the extension to .apk, and install like this:
$ adb install CustomAPK.apk
2831 KB/s (41896599 bytes in 14.450s)
pkg: /data/local/tmp/CustomAPK.apk
Failure [INSTALL_PARSE_FAILED_UNEXPECTED_EXCEPTION]
What is this from?
Generate a key and sign the apk: Android Developer Website
Signing Your App Manually
You do not need Android Studio to sign your app. You can sign your app from the command line using standard tools from the Android SDK and the JDK. To sign an app in release mode from the command line:
Generate a private key using keytool. For example:
$ keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
This example prompts you for passwords for the keystore and key, and to provide the Distinguished Name fields for your key. It then generates the keystore as a file called my-release-key.keystore. The keystore contains a single key, valid for 10000 days. The alias is a name that you will use later when signing your app.
Compile your app in release mode to obtain an unsigned APK.
Sign your app with your private key using jarsigner:
$ jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore my_application.apk alias_name
This example prompts you for passwords for the keystore and key. It then modifies the APK in-place to sign it. Note that you can sign an APK multiple times with different keys.
Verify that your APK is signed. For example:
$ jarsigner -verify -verbose -certs my_application.apk
Align the final APK package using zipalign.
$ zipalign -v 4 your_project_name-unaligned.apk your_project_name.apk
zipalign ensures that all uncompressed data starts with a particular byte alignment relative to the start of the file, which reduces the amount of RAM consumed by an app.
INSTALL_PARSE_FAILED_UNEXPECTED_EXCEPTION
for this Uninstall APP and click run button to fix this issue
Build the App, and then Run
solved mine
I don't have source code only have .apk file and i want to sign and zip-align it to upload on play store.
How i can do this?
From official guide
Signing Your App Manually
You do not need Android Studio to sign your app. You can sign your app from the command line using standard tools from the Android SDK and the JDK. To sign an app in release mode from the command line:
Generate a private key using keytool. For example:
$ keytool -genkey -v -keystore my-release-key.keystore -alias
alias_name -keyalg RSA -keysize 2048 -validity 10000
This example prompts you for passwords for the keystore and key, and to provide the Distinguished Name fields for your key. It then generates the keystore as a file called my-release-key.keystore. The keystore contains a single key, valid for 10000 days. The alias is a name that you will use later when signing your app.
Compile your app in release mode to obtain an unsigned APK.
Sign your app with your private key using jarsigner:
$ jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore my_application.apk alias_name
This example prompts you for passwords for the keystore and key. It then modifies the APK in-place to sign it. Note that you can sign an APK multiple times with different keys.
4. Verify that your APK is signed. For example:
$ jarsigner -verify -verbose -certs my_application.apk
Align the final APK package using zipalign.
$ zipalign -v 4 your_project_name-unaligned.apk your_project_name.apk
zipalign ensures that all uncompressed data starts with a particular byte alignment relative to the start of the file, which reduces the amount of RAM consumed by an app.
I developed a Android App and could sign it with the Eclipse Plugin, but i wanted to sign it manually with jarsigner and zipalign, so that i can choose the algorithm and the keysize by my self.
I created a Keystore with this command:
keytool -genkey -v -keystore keystore_name -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
My first issue is that i cant enter the Keystore with the Eclipse Plugin. It says:
Keystore was tampered with, or password was incorrect
So i went on with the jarsigner like this:
jarsigner -verbose -keystore keystore_name my_application.apk alias_name
and it works fine.
finally i run the tool zipaling:
zipalign -v 4 inputfile.apk outputfile.apk
I could publish my app in the market without any trouble. But when a friend downloaded my app, he gets the error: Package file was not signed correctly
Furthermore I can't install my app signed manually. But the version, signed with the Eclipse plugin works fine.
The big problem now I have is, that I can't upload the new apk file do the market, because it says that it is signed with an other certificate.
What can I do ?
Not sure if this will help but I came across a similar issue before. After trying a few things I used jarsigner like this and it has been working fine:
jarsigner -verbose -digestalg SHA1 -sigalg MD5withRSA -keystore %path to key store here% -signedjar %the name you want for your signed apk here% %the apk you want to sign here% your.keystore
EDIT:
Just noticed your question was about what to do with the app on the market place. I'm no help there. Sorry.
Verify the keytool you are using:
which keytool
check if it is set to openjdk... Android supports only Sun/Oracle Java as the keytool.