In the Android source code project , I found that ADT doesn't use jarsigner to sign a APK, as:
jarsigner -sigalg MD5withRSA -digestalg SHA1 -keystore *pathtokey* -storepass *yourpass* -keypass *yourpass* *app.apk* *keyalias*
or
String args[] = {"-keystore", keystore, "-storepass", password, jar, keyname};
JarSigner js = new JarSigner();
js.run(args);
, ADT will read the keystore and sign the apk by coding, It's really confusing me.
Maybe at the time it was just sun.security.* implementation available and they did not want to import sun.* packages to Android source. So they created own signer implementation.
http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b14/sun/security/tools/JarSigner.java
Related
How to Sign Android App Bundle with the azure pipeline,
The documentation is available only signing APK
https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/build/android-signing?view=azure-devops
when I try to sign aab with the above task I am getting below error
Error: Failed to deduce min API Level: APK does not contain AndroidManifest.xml. Please specify --min-sdk-version.
Answered here: https://stackoverflow.com/a/69835335/168510
Change the apkFiles to **/*.aab and pass the algorithms, -sigalg SHA256withRSA -digestalg SHA-256 as jarsignerArguments.
Like this:
- task: AndroidSigning#2
inputs:
apkFiles: '**/*.aab'
jarsign: true
jarsignerKeystoreFile: 'pathToYourKeystoreFile'
jarsignerKeystorePassword: '$(jarsignerKeystorePassword)'
jarsignerKeystoreAlias: '$(yourKeystoreAlias)'
jarsignerKeyPassword: '$(jarsignerKeyPassword)'
jarsignerArguments: '-sigalg SHA256withRSA -digestalg SHA-256'
zipalign: true
How to Sign Android app Bundle with azure pipeline
AFAIK, you could sign Android app Bundle from command line:
jarsigner -verbose -sigalg SHA256withRSA -digestalg SHA-256 -keystore xample.jks bundle.aab keystoreAlias
The jarsigner.exe is in the bin folder of your java JDK install (Java SE), so we could get it by:
"%JAVA_HOME%"\bin\jarsigner.exe
So, we could use the command line task to invoke the jarsigner.exe to sign Android app Bundle in the Azure pipeline.
Check this ticket for some more details.
Hope this helps.
I had same problem with signing the Android app bundle, Right now we fixed this issue with the signing app bundle in the Azure Build Pipeline instead of signing Android app bundle from the Azure Release pipeline through jarsigner.
I am trying to generate apk for releasing on Google play. I am following these steps https://facebook.github.io/react-native/docs/signed-apk-android.html
Step 1) I ran this command
$ keytool -genkey -v -keystore my-release-key.keystore -alias my-key-alias -keyalg RSA -keysize 2048 -validity 10000
It asked me question which I answered and got the my-release-key.keystore file generated
I placed the my-release-key.keystore file under the android/app directory in your project folder.
Now it says:
Edit the file ~/.gradle/gradle.properties and add the following (replace ***** with the correct keystore password, alias and key password),
MYAPP_RELEASE_STORE_FILE=my-release-key.keystore
MYAPP_RELEASE_KEY_ALIAS=my-key-alias
MYAPP_RELEASE_STORE_PASSWORD=*****
MYAPP_RELEASE_KEY_PASSWORD=*****
Now there was no file previously in /root/.gradle/gradle.properties so i created a new file and added the above 4 constant and there values.
Also it tells (replace ***** with the correct keystore password, alias and key password )
This step is most confusing for me, as there is no ***** in alias field. And when I generated my-release-key.keystore file I din't get any alias
So what I should put in place of my-key-alias ?
What is basically my-key-alias?
other than the 2 passwords i entered, the keytool command generated something like this
CO=Dev Abhi, OP=The Awesome Coder, L=The Awesome Coder, M=Delhi, SP=Delhi, M=IN
are the above the alisa?
so do i need to replace things like
MYAPP_RELEASE_STORE_FILE=my-release-key.keystore
MYAPP_RELEASE_KEY_ALIAS=CO=Dev Abhi, OP=The Awesome Coder, L=The Awesome Coder, M=Delhi, SP=Delhi, M=IN
MYAPP_RELEASE_STORE_PASSWORD=password1
MYAPP_RELEASE_KEY_PASSWORD=password2
and also Is the real path for ~/.gradle/gradle.properties /root/.gradle/gradle.properties ??
Finally I was able to generate signed apk. So, the thing I was missing -
when you fire the command
$ keytool -genkey -v -keystore my-release-key.keystore -alias my-key-alias -keyalg RSA -keysize 2048 -validity 10000
after option -alias we mention any name/term 'my-key-alias'. that's actually what we need to remember and will have to use same term like this in later step
MYAPP_RELEASE_KEY_ALIAS=my-key-alias
rest of the things are as per documentation. But, I still feel that generating signed apk part could have been made more easy to understand bay react native team. If any one face this same issue please get in touch via http://customphpscript.com
Not sure if this will help you, but I was having the exact same issue. My problem ended up being that the file I was editing ~/.gradle/gradle.properties isn't the file in your project directory but the one in the root directory of your operating system. Once I moved the variables to that location, I was able to generate a signed apk!
I received a keystore file from a customer which I am supposed to use to sign an APK that is going to replace/update an existing APK on the play store.
Unfortunately I get the following error:
jarsigner: Certificate chain not found for: alias_name. alias_name must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.
When I try to sign the same APK with a different, self-generated keystore, this works fine, so I figured there must be something missing in the keystore.
Keystore-Typ: JKS
Keystore-Provider: SUN
Keystore enthält 1 Eintrag
Aliasname: alias_name
Erstellungsdatum: 19.05.2015
Eintragstyp: PrivateKeyEntry
Zertifikatskettenlänge: 1
Zertifikat[1]:
Eigentümer: (redacted)
Aussteller: (redacted)
Seriennummer: 5152a7xx
Gültig von: Wed Mar 27 09:00:32 CET 2013 bis: Sun Aug 12 10:00:32 CEST 2040
Zertifikat-Fingerprints:
MD5: (bla)
SHA1: (bla)
SHA256: (bla)
Signaturalgorithmusname: SHA1withRSA
Version: 3
*******************************************
*******************************************
When I compare this to a different keystore file, I notice there is an "Extension" missing. What is it, and how do I go about fixing this? Is the file incomplete that I got from my customer?
When I import the .p12 file into my Mac OS X keychain, I can see a private key called alias_name and a certificate; although there is no "certificate chain" or anything.
I tried the following command:
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore data_dirs/ff.keystore /path/to/QtApp-release-unsigned.apk alias_name
jarsigner: Certificate chain not found for: alias_name. alias_name must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.
When you create a keystore, you also create an alias in that keystore with an appropriate password. I assume "alias_name" isnt the name of that alias. You need to ask your client for that name and password to sign the apk with that alias and keystore.
I am having trouble using SSL, as I am getting the following error related to my keystore (self-created and self-signed using keytool per: http://developer.android.com/tools/publishing/app-signing.html):
08-14 20:55:23.044: W/System.err(5430): java.io.IOException: Wrong
version of key store. 08-14 20:55:23.060: W/System.err(5430): at
org.bouncycastle.jce.provider.JDKKeyStore.engineLoad(JDKKeyStore.java:812)
...
The error thrown in the JDKKeyStore.java class arises in the following code:
Blockquote
From JDKKeyStore.java:
if (version != STORE_VERSION)
{
if (version != 0)
{
throw new IOException("Wrong version of key store.");
}
}
Blockquote
In this case STORE_VERSION = 1, and my version=3 based on reading the details of the certificate held by the keystore I have created. I do not know how to generate a keystore containing a version=1 certificate.
I found this answer helpful:
wrong version keystore when doing https call
however it calls for creating the keystore using the following parameters:
-storetype BKS
-provider org.bouncycastle.jce.provider.BouncyCastleProvider
-providerpath /path/to/bouncycastle.jar
However, when I try to create the keytool (using the terminal app on Mac) using these parameters:
keytool -genkeypair -v -alias androiddebugkey -keyalg RSA -keysize
2048 -validity 10000 -keypass android -keystore
/Users/djames/dropbox/bc146keystore/debug.keystore -storepass android
-providerclass org.bouncycastle.jce.provider.BouncyCastleProvider –providerpath /Users/djames/dropbox/bc146keystore/
(where /Users/djames/dropbox/bc146keystore/ is the path to the bouncy castle jar: bcprov-jdk16-146.jar)
I get the following error:
keytool error: java.lang.RuntimeException: Usage error, ?providerpath
is not a legal command java.lang.RuntimeException: Usage error,
?providerpath is not a legal command at
sun.security.tools.KeyTool.parseArgs(KeyTool.java:375) at
sun.security.tools.KeyTool.run(KeyTool.java:171) at
sun.security.tools.KeyTool.main(KeyTool.java:166)
I do not understand what this is telling me. If I use: keytool -help it tells me that the following are valid options for the -genkeypair option:
-genkeypair [-v] [-protected]
[-alias ]
[-keyalg ] [-keysize ]
[-sigalg ] [-dname ]
[-validity ] [-keypass ]
[-keystore ] [-storepass ]
[-storetype ] [-providername ]
[-providerclass [-providerarg ]] ...
[-providerpath ]
But in the Oracle docs java version 6 that I am using
(http://docs.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html)
it tells me that these are the options:
-genkeypair {-alias alias} {-keyalg keyalg} {-keysize keysize} {-sigalg sigalg} [-dname dname] [-keypass keypass] {-validity valDays}
{-storetype storetype} {-keystore keystore} [-storepass storepass]
{-providerClass provider_class_name {-providerArg provider_arg}} {-v}
{-protected} {-Jjavaoption}
which does not include the -providerpath option. Why the discordance?
(If I do not use the -providerpath option, then I get an unknown class exception at the option: "-providerclass org.bouncycastle.jce.provider.BouncyCastleProvider"...)
When I google: keytool -providerpath
I get nothing helpful to resolve this.
I am not sure how to solve my keystore version problem without solving my keytool problem. Any suggestions appreciated.
Jim
(Mac OSX 10.6.8 if relevant)
My problem was using a version of bouncy castle that was too new. I had to use 146 - any later and it gave me this error.
I was able to get past this problem with the version of keystore. see: keytool error when creating BKS keystore: providerpath is not a legal command
The version mismatch is for the key store version, not the certificate version (which should have the value 2 for a v3 X.509 certificate).
What version of the JDK did you use keytool from? Did you specify a full path to the command, or use what was in your PATH? Are you sure that you are using JKS key stores, and not JCEKS stores?
In order to complete Ryan answer as I had to dig in to find out how to generate a BKS with Bouncy Castle 1.46, you can use Portecle to generate the BKS.
Download Boucycastle Provider 1.46
Install or unzip it.
Replace bcprov.jar in your Portecle install directory (example: C:\Program Files (x86)\Portecle\bcprov.jar). Same naming is required.
Restart Portecle and generate your BKS truststore.
This explained here.
Edit:
Since Portecle 1.8, you can use BKS-V1 type to generate your truststore without to replace bcprov.jar.
You can select it after clicking on New keystore or change the type via the menu Tools -> Change KeyStore Type.
I'm here signed my Map application with release key with the help of this link
http://developer.android.com/guide/publishing/app-signing.html#cert
after generating debuging key next step is to generate Release map key by signing with the Certificate. i'm doing these steps which works fine but in end jarsigner is unable to find my NooYawk.apk file.
what should i do further.
admins-Mac-mini:.android David$ keytool -genkey -v -keystore
fureleasekey.keystore -alias fashion -keyalg RSA -keysize 2048
-validity 10000
Next is:-
admins-Mac-mini:~ David$ keytool -genkey -v -keystore
maprelease.keystore -alias maps -keyalg RSA -keysize 2048 -validity
10000 Enter keystore password: Re-enter new password: What is your
first and last name? [Unknown]: m What is the name of your
organizational unit? [Unknown]: h What is the name of your
organization? [Unknown]: k What is the name of your City or
Locality? [Unknown]: le What is the name of your State or Province?
[Unknown]: we What is the two-letter country code for this unit?
[Unknown]: sd Is CN=m, OU=h, O=k, L=le, ST=we, C=sd correct? [no]:
yes
Next is:-
Generating 2,048 bit RSA key pair and self-signed certificate
(SHA1withRSA) with a validity of 10,000 days for: CN=m, OU=h, O=k,
L=le, ST=we, C=sd Enter key password for (RETURN if same as
keystore password): Re-enter new password: [Storing
maprelease.keystore]
Next is:-
admins-Mac-mini:~ David$ jarsigner -verbose -sigalg MD5withRSA
-digestalg SHA1 -keystore maprelease.keystore NooYawk.apk maps Enter Passphrase for
keystore: jarsigner: unable to open jar file:
NooYawk.apk
Thanks in advance.
Unless NooYawk.apk is in your current working directory, you need to supply a full path to the APK file.
Cut the Keystore file from android folder to build-->outputs-->apk and paste it, then run the jarsigner command
You need to provide a complete path to the directory of your apk file i.e /USER/DEVELOP/PATH_TO_APK (on a mac osx)
One experience I had is I needed to run jarsigner in the same folder where not just the .apk file but also the related .ap_ and .apk.d files etc were present. So I copied the keystore to the bin output folder and ran jarsigner in that folder. Then things worked.
You should try running the command in your apk path. Copy the unsigned keystore file to the apk path first.