I just built an appp in phone gap build i'm trying to generate the keystore file,
Does anyone know how to open and sign an apk file in eclipse on a mac?
I'm thinking i'll have to run phonegap locally some how?
Cheers,
If you've built the APK outside of Eclipse, you can sign it on the command line using the Jarsigner tool, as described here in the Android developer documentation.
$ jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore
my_application.apk alias_name
Where my-release-key.keystore is the path to your keystore, my_application.apk is the path to your APK, and alias_name is the name of the alias you gave the release signing key in your keystore.
Depending on whether you set up a password on your keystore and the signing key within it, you may need to add the flags -storepass mystorepass and -keypass mykeypass.
Related
I've decoded an APK with apktool (as the original source code was lost) so I could fix some issues with the layout xml files. I've then rebuilt it back up with apktool and when I tried to install it on my device (using adb: adb install appname.apk) it gave me this error:
[INSTALL_PARSE_FAILED_NO_CERTIFICATES]
the original apk however was signed by a keystore (on eclipse IDE), this one isn't, how can I sign it properly with it's original keystone file outside Eclipse!?
create a key using
keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
then sign the apk using :
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore my_application.apk alias_name
check here for more info
Automated Process:
Use this tool (uses the new apksigner from Google):
https://github.com/patrickfav/uber-apk-signer
Disclaimer: Im the developer :)
Manual Process:
Step 1: Generate Keystore (only once)
You need to generate a keystore once and use it to sign your unsigned apk.
Use the keytool provided by the JDK found in %JAVA_HOME%/bin/
keytool -genkey -v -keystore my.keystore -keyalg RSA -keysize 2048 -validity 10000 -alias app
Step 2 or 4: Zipalign
zipalign which is a tool provided by the Android SDK found in e.g. %ANDROID_HOME%/sdk/build-tools/24.0.2/ is a mandatory optimization step if you want to upload the apk to the Play Store.
zipalign -p 4 my.apk my-aligned.apk
Note: when using the old jarsigner you need to zipalign AFTER signing. When using the new apksigner method you do it BEFORE signing (confusing, I know). Invoking zipalign before apksigner works fine because apksigner preserves APK alignment and compression (unlike jarsigner).
You can verify the alignment with
zipalign -c 4 my-aligned.apk
Step 3: Sign & Verify
Using build-tools 24.0.2 and older
Use jarsigner which, like the keytool, comes with the JDK distribution found in %JAVA_HOME%/bin/ and use it like so:
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my.keystore my-app.apk my_alias_name
and can be verified with
jarsigner -verify -verbose my_application.apk
Using build-tools 24.0.3 and newer
Android 7.0 introduces APK Signature Scheme v2, a new app-signing scheme that offers faster app install times and more protection against unauthorized alterations to APK files (See here and here for more details). Therefore, Google implemented their own apk signer called apksigner (duh!)
The script file can be found in %ANDROID_HOME%/sdk/build-tools/24.0.3/ (the .jar is in the /lib subfolder). Use it like this
apksigner sign --ks-key-alias alias_name --ks my.keystore my-app.apk
and can be verified with
apksigner verify my-app.apk
The official documentation can be found here.
fastest way is by signing with the debug keystore:
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore ~/.android/debug.keystore app.apk androiddebugkey -storepass android
or on Windows:
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore %USERPROFILE%/.android/debug.keystore test.apk androiddebugkey -storepass android
You use jarsigner to sign APK's. You don't have to sign with the original keystore, just generate a new one. Read up on the details: http://developer.android.com/guide/publishing/app-signing.html
For those of you who don't want to create a bat file to edit for every project, or dont want to remember all the commands associated with the keytools and jarsigner programs and just want to get it done in one process use this program:
http://lukealderton.com/projects/programs/android-apk-signer-aligner.aspx
I built it because I was fed up with the lengthy process of having to type all the file locations every time.
This program can save your configuration so the next time you start it, you just need to hit Generate an it will handle it for you. That's it.
No install required, it's completely portable and saves its configurations in a CSV in the same folder.
Updated answer
Check https://shatter-box.com/knowledgebase/android-apk-signing-tool-apk-signer/
Old answer
check apk-signer a nice way to sign your app
I don't have source code only have .apk file and i want to sign and zip-align it to upload on play store.
How i can do this?
From official guide
Signing Your App Manually
You do not need Android Studio to sign your app. You can sign your app from the command line using standard tools from the Android SDK and the JDK. To sign an app in release mode from the command line:
Generate a private key using keytool. For example:
$ keytool -genkey -v -keystore my-release-key.keystore -alias
alias_name -keyalg RSA -keysize 2048 -validity 10000
This example prompts you for passwords for the keystore and key, and to provide the Distinguished Name fields for your key. It then generates the keystore as a file called my-release-key.keystore. The keystore contains a single key, valid for 10000 days. The alias is a name that you will use later when signing your app.
Compile your app in release mode to obtain an unsigned APK.
Sign your app with your private key using jarsigner:
$ jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore my_application.apk alias_name
This example prompts you for passwords for the keystore and key. It then modifies the APK in-place to sign it. Note that you can sign an APK multiple times with different keys.
4. Verify that your APK is signed. For example:
$ jarsigner -verify -verbose -certs my_application.apk
Align the final APK package using zipalign.
$ zipalign -v 4 your_project_name-unaligned.apk your_project_name.apk
zipalign ensures that all uncompressed data starts with a particular byte alignment relative to the start of the file, which reduces the amount of RAM consumed by an app.
I am just following the instruction by Google here, and I am failing in step 3:
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore my_application.apk alias_name
I get this message:
jarsigner: Certificate chain not found for: myApp. myApp must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.
What am I doing wrong?
Btw, I'm not using Eclipse and Android Studio. The apk is already been built in release mode and the project were not done in Eclipse/Android Studio, so I figured I would have to use jarsigner.
You give wrong parameter at the alias_name parameter
the basic format of jarsigner is
$ jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore
my-release-key.keystore my_application.apk alias_name
So you should change your alias_name with correct one :)
you can check it with
keytool -keystore yourkeystorename.keystore -list -v
If you use Android studio go to Build->Generate sign apk
if you use Eclipse right click on the project Android tools-> export signed apk
If you are on eclipse, go to your manifest and click
Use the export wizard to export and sign apk
I've decoded an APK with apktool (as the original source code was lost) so I could fix some issues with the layout xml files. I've then rebuilt it back up with apktool and when I tried to install it on my device (using adb: adb install appname.apk) it gave me this error:
[INSTALL_PARSE_FAILED_NO_CERTIFICATES]
the original apk however was signed by a keystore (on eclipse IDE), this one isn't, how can I sign it properly with it's original keystone file outside Eclipse!?
create a key using
keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
then sign the apk using :
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore my_application.apk alias_name
check here for more info
Automated Process:
Use this tool (uses the new apksigner from Google):
https://github.com/patrickfav/uber-apk-signer
Disclaimer: Im the developer :)
Manual Process:
Step 1: Generate Keystore (only once)
You need to generate a keystore once and use it to sign your unsigned apk.
Use the keytool provided by the JDK found in %JAVA_HOME%/bin/
keytool -genkey -v -keystore my.keystore -keyalg RSA -keysize 2048 -validity 10000 -alias app
Step 2 or 4: Zipalign
zipalign which is a tool provided by the Android SDK found in e.g. %ANDROID_HOME%/sdk/build-tools/24.0.2/ is a mandatory optimization step if you want to upload the apk to the Play Store.
zipalign -p 4 my.apk my-aligned.apk
Note: when using the old jarsigner you need to zipalign AFTER signing. When using the new apksigner method you do it BEFORE signing (confusing, I know). Invoking zipalign before apksigner works fine because apksigner preserves APK alignment and compression (unlike jarsigner).
You can verify the alignment with
zipalign -c 4 my-aligned.apk
Step 3: Sign & Verify
Using build-tools 24.0.2 and older
Use jarsigner which, like the keytool, comes with the JDK distribution found in %JAVA_HOME%/bin/ and use it like so:
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my.keystore my-app.apk my_alias_name
and can be verified with
jarsigner -verify -verbose my_application.apk
Using build-tools 24.0.3 and newer
Android 7.0 introduces APK Signature Scheme v2, a new app-signing scheme that offers faster app install times and more protection against unauthorized alterations to APK files (See here and here for more details). Therefore, Google implemented their own apk signer called apksigner (duh!)
The script file can be found in %ANDROID_HOME%/sdk/build-tools/24.0.3/ (the .jar is in the /lib subfolder). Use it like this
apksigner sign --ks-key-alias alias_name --ks my.keystore my-app.apk
and can be verified with
apksigner verify my-app.apk
The official documentation can be found here.
fastest way is by signing with the debug keystore:
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore ~/.android/debug.keystore app.apk androiddebugkey -storepass android
or on Windows:
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore %USERPROFILE%/.android/debug.keystore test.apk androiddebugkey -storepass android
You use jarsigner to sign APK's. You don't have to sign with the original keystore, just generate a new one. Read up on the details: http://developer.android.com/guide/publishing/app-signing.html
For those of you who don't want to create a bat file to edit for every project, or dont want to remember all the commands associated with the keytools and jarsigner programs and just want to get it done in one process use this program:
http://lukealderton.com/projects/programs/android-apk-signer-aligner.aspx
I built it because I was fed up with the lengthy process of having to type all the file locations every time.
This program can save your configuration so the next time you start it, you just need to hit Generate an it will handle it for you. That's it.
No install required, it's completely portable and saves its configurations in a CSV in the same folder.
Updated answer
Check https://shatter-box.com/knowledgebase/android-apk-signing-tool-apk-signer/
Old answer
check apk-signer a nice way to sign your app
I developed a Android App and could sign it with the Eclipse Plugin, but i wanted to sign it manually with jarsigner and zipalign, so that i can choose the algorithm and the keysize by my self.
I created a Keystore with this command:
keytool -genkey -v -keystore keystore_name -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
My first issue is that i cant enter the Keystore with the Eclipse Plugin. It says:
Keystore was tampered with, or password was incorrect
So i went on with the jarsigner like this:
jarsigner -verbose -keystore keystore_name my_application.apk alias_name
and it works fine.
finally i run the tool zipaling:
zipalign -v 4 inputfile.apk outputfile.apk
I could publish my app in the market without any trouble. But when a friend downloaded my app, he gets the error: Package file was not signed correctly
Furthermore I can't install my app signed manually. But the version, signed with the Eclipse plugin works fine.
The big problem now I have is, that I can't upload the new apk file do the market, because it says that it is signed with an other certificate.
What can I do ?
Not sure if this will help but I came across a similar issue before. After trying a few things I used jarsigner like this and it has been working fine:
jarsigner -verbose -digestalg SHA1 -sigalg MD5withRSA -keystore %path to key store here% -signedjar %the name you want for your signed apk here% %the apk you want to sign here% your.keystore
EDIT:
Just noticed your question was about what to do with the app on the market place. I'm no help there. Sorry.
Verify the keytool you are using:
which keytool
check if it is set to openjdk... Android supports only Sun/Oracle Java as the keytool.