How to Sign an Already Compiled Apk
Solution 1
create a key using
keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
then sign the apk using :
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore my_application.apk alias_name
Solution 2
Automated Process:
Use this tool (uses the new apksigner from Google):
https://github.com/patrickfav/uber-apk-signer
Disclaimer: Im the developer :)
Manual Process:
Step 1: Generate Keystore (only once)
You need to generate a keystore once and use it to sign your unsigned
apk.
Use the keytool
provided by the JDK found in %JAVA_HOME%/bin/
keytool -genkey -v -keystore my.keystore -keyalg RSA -keysize 2048 -validity 10000 -alias app
Step 2 or 4: Zipalign
zipalign
which is a tool provided by the Android SDK found in e.g. %ANDROID_HOME%/sdk/build-tools/24.0.2/
is a mandatory optimization step if you want to upload the apk to the Play Store.
zipalign -p 4 my.apk my-aligned.apk
Note: when using the old jarsigner
you need to zipalign AFTER signing. When using the new apksigner
method you do it BEFORE signing (confusing, I know). Invoking zipalign before apksigner works fine because apksigner preserves APK alignment and compression (unlike jarsigner).
You can verify the alignment with
zipalign -c 4 my-aligned.apk
Step 3: Sign & Verify
Using build-tools 24.0.2 and older
Use jarsigner
which, like the keytool, comes with the JDK distribution found in %JAVA_HOME%/bin/
and use it like so:
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my.keystore my-app.apk my_alias_name
and can be verified with
jarsigner -verify -verbose my_application.apk
Using build-tools 24.0.3 and newer
Android 7.0 introduces APK Signature Scheme v2, a new app-signing scheme that offers faster app install times and more protection against unauthorized alterations to APK files (See here and here for more details). Therefore, Google implemented their own apk signer called apksigner
(duh!)
The script file can be found in %ANDROID_HOME%/sdk/build-tools/24.0.3/
(the .jar is in the /lib
subfolder). Use it like this
apksigner sign --ks-key-alias alias_name --ks my.keystore my-app.apk
and can be verified with
apksigner verify my-app.apk
The official documentation can be found here.
Solution 3
fastest way is by signing with the debug keystore:
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore ~/.android/debug.keystore app.apk androiddebugkey -storepass android
or on Windows:
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore %USERPROFILE%/.android/debug.keystore test.apk androiddebugkey -storepass android
Solution 4
You use jarsigner to sign APK's. You don't have to sign with the original keystore, just generate a new one. Read up on the details: http://developer.android.com/guide/publishing/app-signing.html
Solution 5
Updated answer
Check https://shatter-box.com/knowledgebase/android-apk-signing-tool-apk-signer/
Old answer
check apk-signer a nice way to sign your app
svarog
The criterion of truth is that it works even if nobody is prepared to acknowledge it.
Updated on July 08, 2022Comments
-
svarog almost 2 years
I've decoded an APK with apktool (as the original source code was lost) so I could fix some issues with the layout xml files. I've then rebuilt it back up with apktool and when I tried to install it on my device (using adb: adb install appname.apk) it gave me this error:
[INSTALL_PARSE_FAILED_NO_CERTIFICATES]
the original apk however was signed by a keystore (on eclipse IDE), this one isn't, how can I sign it properly with it's original keystone file outside Eclipse!?
-
Kyle over 8 yearsthis should be the answer, 27 upvotes versus 3 to the original answer, come on!
-
Couitchy over 8 yearsif you do this and try to install the APK, you might end up with a INSTALL_FAILED_DUPLICATE_PERMISSION error. This happens when the original APK cannot be overwrited (system or built-in app for instance)
-
Dr Deo about 8 years@Couitchy adb shell pm install -r /data/tmp/myapk.apk
-
jayatubi about 8 yearsthe link has been broken
-
Pellet over 7 yearsif you dont want to bother creating a key you can use the debug key with: jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore ~/.android/debug.keystore app.apk androiddebugkey -storepass android
-
shereifhawary over 7 yearsmost properly because it was an old thread, you can have a look to this one shatter-box.com/knowledgebase/…
-
Maria Ines Parnisari over 7 yearsIs there a difference between using
jarsigner
andapksigner
? One requires signing and then zipaligning and the other zipaligning and then signinig -
cantoni over 7 yearsThanks for uber-apk-signer! Great tool!
-
snuk182 over 7 yearsDebug key lives only 1 year since SDK installation, so it is not a good idea to use it for a release.
-
kinORnirvana about 7 yearsFor build-tools 24.0.3 correct way to call zipalign is: zipalign -p 4 my.apk my-aligned.apk
-
antiplex almost 7 yearsThanks for your description! tried uber-apk-signer first but failed probably because I have openJDK installed on my system instead of oracles "official" java. So I tried the manual way and also failed (still same error
[INSTALL_PARSE_FAILED_NO_CERTIFICATES]
). Verifying with uber-apk-signer gave me some further insightsignature VERIFY FAILED
[...]ERROR: JAR signer CERT.RSA: JAR signature META-INF/CERT.RSA uses digest algorithm 2.16.840.1.101.3.4.2.1 and signature algorithm 1.2.840.113549.1.1.1 which is not supported on API Levels [[15, 17]]
. Yes, android 4.2.2, SHA256 not there? ideas? -
Patrick over 6 years@antiplex please report the issue in github not SO
-
antiplex over 6 years@for3st do you mean that my issues may not be due to my limited knowledge around apk-signing but due to some form of incompatibility of uber-apk-signer? but even then the manual way also fails which seems unrelated to your tool...
-
James Wilkins about 6 yearsWhat is the Difference between Jar signer and Apk signer? stackoverflow.com/questions/44153144/…
-
James Wilkins about 6 yearsFor Windows I couldn't find jarsigner but I did find apksigner.bat in the Android Studio sdk folder, which did work great. ;) Perhaps this is the NEW way? Anyhow, the file was in
C:\Users\{username}\AppData\Local\Android\Sdk\build-tools\{version}
for Android Studio and also inC:\Program Files (x86)\Android\android-sdk\build-tools\{version}
(or similar path) for Visual Studio 2017 users. -
James Wilkins about 6 yearsFor those looking for the command line tool location, I found it in
C:\Users\{username}\AppData\Local\Android\Sdk\build-tools\{version}
for Android Studio and also inC:\Program Files (x86)\Android\android-sdk\build-tools\{version}
(or similar path) for Visual Studio 2017 users. -
nmu over 5 yearsWould like to nominate this for best answer on Stack overflow
-
user2513149 over 5 years
zipalign -p 4 my.apk my-aligned.apk
saysERROR: unknown flag -p
. -
Velda almost 4 yearsDoes not work for me. No certificate is added to APK. Seems like it does nothing. Do not even ask for an alias password.
-
Velda almost 4 yearsSeems like
--ks-key-alias
is not needed, if there's only key in a keystore. -
michael-martinez over 3 yearsThanks a lot, I was looking for how to specify an alias, the documentation was confusing and does not provide clear examples.
-
user2513149 over 3 yearsThe following command worked for me:
zipalign 4 my.apk my-aligned.apk
(without the-p
option). -
Epic Speedy about 3 yearsboth links are now deprecated. do not use
-
Parth Developer over 2 yearsgetting Error:
Only one alias can be specified
-
Shimmy Weitzhandler over 2 yearsThere's the error I'm getting when running
jarsigner
: jarsigner: unable to sign jar: java.util.zip.ZipException: invalid entry compressed size (expected 2025 but got 1897 bytes)