I am trying to sign my apk file. I can't figure out how to do it. I can't find good in-depth directions. I have very little programing experience, so any help would be appreciated.
The manual is clear enough. Please specify what part you get stuck with after you work through it, I'd suggest:
Okay, a small overview without reference or eclipse around, so leave some space for errors, but it works like this
Also, from the link:
Compile and sign with Eclipse ADT
If you are using Eclipse with the ADT plugin, you can use the Export Wizard to export a signed .apk (and even create a new keystore, if necessary). The Export Wizard performs all the interaction with the Keytool and Jarsigner for you, which allows you to sign the package using a GUI instead of performing the manual procedures to compile, sign, and align, as discussed above. Once the wizard has compiled and signed your package, it will also perform package alignment with zip align. Because the Export Wizard uses both Keytool and Jarsigner, you should ensure that they are accessible on your computer, as described above in the Basic Setup for Signing.
To create a signed and aligned .apk in Eclipse:
- Select the project in the Package Explorer and select File > Export.
Open the Android folder, select Export Android Application, and click Next.
The Export Android Application wizard now starts, which will guide you through the process of signing your application, including steps for selecting the private key with which to sign the .apk (or creating a new keystore and private key).
- Complete the Export Wizard and your application will be compiled, signed, aligned, and ready for distribution.
Here is a guide on how to manually sign an APK. It includes info about the new
apk-signer introduced in
build-tools 24.0.3 (10/2016)
Use this tool (uses the new apksigner from Google):
Disclaimer: Im the developer :)
keytool -genkey -v -keystore my.keystore -keyalg RSA -keysize 2048 -validity 10000 -alias app
zipalign -p 4 my.apk my-aligned.apk
Note: when using the old
jarsigner you need to zipalign AFTER signing. When using the new
apksigner method you do it BEFORE signing (confusing, I know). Invoking zipalign before apksigner works fine because apksigner preserves APK alignment and compression (unlike jarsigner).
You can verify the alignment with
zipalign -c 4 my-aligned.apk
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my.keystore my-app.apk my_alias_name
and can be verified with
jarsigner -verify -verbose my_application.apk
Android 7.0 introduces APK Signature Scheme v2, a new app-signing scheme that offers faster app install times and more protection against unauthorized alterations to APK files (See here and here for more details). Threfore Google implemented their own apk signer called
The script file can be found in
%ANDROID_HOME%/sdk/build-tools/24.0.3/ (the .jar is in the
/lib subfolder). Use it like this
apksigner sign --ks my.keystore my-app.apk --ks-key-alias alias_name
and can be verified with
apksigner verify my-app.apk