APK Процесс подписи
Чтобы вручную подписать APK-файл Android, выполните следующие три команды:
Создать файл хранилища ключей
keytool -genkey -v -keystore YOUR_KEYSTORE_NAME.keystore -alias ALIAS_NAME -keyalg RSA -keysize 2048 -validity 10000
Подпишите файл APK, используя jarsigner
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore KEYSTORE_FILE_PATH UNSIGNED_APK_PATH ALIAS_NAME
Выравнивание подписанного APK с помощью инструмента zipalign
zipalign -v 4 JARSIGNED_APK_FILE_PATH ZIPALIGNED_SIGNED_APK_FILE_PATH
ШАГ 1
Generate Keystore file
keytool -genkey -v -keystore YOUR_KEYSTORE_NAME.keystore -alias ALIAS_NAME -keyalg RSA -keysize 2048 -действительность 10000
Пример:
keytool -genkey -v -keystore id.keystore -alias MySignedApp -keyalg RSA -keysize 2048 -validity 10000
пароль хранилища ключей: yourApp @ 123
ключевой пароль: yourApp @ 123
CMD O / P
D:\ru\SignedBuilds\MySignedApp>keytool -genkey -v -keystore id.keystore
-alias MySignedApp -keyalg RSA -keysize 2048 -validity 10000
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: MySignedApp Sample
What is the name of your organizational unit?
[Unknown]: Information Technology
What is the name of your organization?
[Unknown]: MySignedApp Demo
What is the name of your City or Locality?
[Unknown]: Mumbai
What is the name of your State or Province?
[Unknown]: Maharashtra
What is the two-letter country code for this unit?
[Unknown]: IN
Is CN=MySignedApp Demo, OU=Information Technology, O=MySignedApp Demo, L=Mumbai, ST=Maharashtra, C=IN corr
ect?
[no]: y
Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 10,
000 days
for: CN=MySignedApp Demo, OU=Information Technology, O=MySignedApp Demo, L=Mumbai, ST=Maharashtra,
C=IN
Enter key password for <MySignedApp>
(RETURN if same as keystore password):
Re-enter new password:
[Storing id.keystore]
D:\ru\SignedBuilds\MySignedApp>
ШАГ 2
Sign your app with your private keystore using jarsigner
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore
KEYSTORE_FILE_PATH UNSIGNED_APK_PATH ALIAS_NAME
* * Пример тысяча шестьдесят один * * тысяча шестьдесят два
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore D:\ru\SignedBuilds\MySignedApp\id.keystore D:\ru\SignedBuilds\MySignedApp\MySignedAppS1-release-unsigned.apk id
CMD O / P
D:\ru\SignedBuilds\MySignedApp>jarsigner -verbose -sigalg SHA1withRSA -
digestalg SHA1 -keystore D:\ru\SignedBuilds\MySignedApp\id.keystore D:\ru\SignedBuilds\MySignedApp\MySignedAppS1-release-unsigned.apk id ---
ect
Enter Passphrase for keystore:
adding: META-INF/MANIFEST.MF
adding: META-INF/---.SF
adding: META-INF/---.RSA
signing: AndroidManifest.xml
.....
signing: classes.dex
signing: lib/commons-codec-1.6.jar
signing: lib/armeabi/libkonyjsvm.so
jar signed.
Warning:
No -tsa or -tsacert is provided and this jar is not timestamped. Without a timestamp, users may not
be able to validate this jar after the signer certificate's expiration date (2044-02-07) or after an
y future revocation date.
D:\ru\SignedBuilds\MySignedApp>
Verify that your APK is signed
jarsigner -verify -verbose -certs JARSIGNED_APK_FILE_PATH
* * Пример тысяча семьдесят-семь
jarsigner -verify -verbose -certs MySignedAppS1-release-unsigned.apk
CMD O / P
D:\ru\SignedBuilds\MySignedApp>jarsigner -verify -verbose -certs MySignedAppS1-release-unsigned.apk
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar verified.
Warning:
This jar contains entries whose certificate chain is not validated.
This jar contains signatures that does not include a timestamp. Without a timestamp, users may not b
e able to validate this jar after the signer certificate's expiration date (2044-02-09) or after any
future revocation date.
D:\ru\SignedBuilds\MySignedApp>
ШАГ 3
Выровняйте окончательный пакет APK, используя zipalign
zipalign -v 4 JARSIGNED_APK_FILE_PATH ZIPALIGNED_SIGNED_APK_FILE_PATH_WITH_NAME_ofSignedAPK
Пример * * тысяча девяносто-три
zipalign -v 4 D:\ru\SignedBuilds\MySignedApp\MySignedAppS1-release-unsigned.apk D:\ru\SignedBuilds\MySignedApp\MySignedApp.apk
CMD O / P
D:\Android\android-sdk\build-tools\19.1.0>zipalign -v 4 D:\ru\ru_doc\Signed_apk\MySignedApp\28.09.16
_prod_playstore\MySignedAppS1-release-unsigned.apk D:\ru\ru_doc\Signed_apk\MySignedApp\28.09.16_prod
_playstore\MySignedApp.apk
Verifying alignment of D:\ru\SignedBuilds\MySignedApp\MySignedApp.apk (
4)...
4528613 classes.dex (OK - compressed)
5656594 lib/commons-codec-1.6.jar (OK - compressed)
5841869 lib/armeabi/libkonyjsvm.so (OK - compressed)
Verification succesful
D:\Android\android-sdk\build-tools\19.1.0>
Verify that your APK is Aligned successfully
zipalign -c -v 4 YOUR_APK_PATH
Пример
zipalign -c -v 4 D:\ru\SignedBuilds\MySignedApp\MySignedApp.apk
CMD O / P
D:\Android\android-sdk\build-tools\19.1.0>zipalign -c -v 4 D:\ru\SignedBuilds\MySignedApp\MySignedApp.apk
Verifying alignment of D:\ru\SignedBuilds\MySignedApp\MySignedApp.apk (
4)...
4453984 res/drawable/zoomout.png (OK)
4454772 res/layout/tabview.xml (OK - compressed)
4455243 res/layout/wheel_item.xml (OK - compressed)
4455608 resources.arsc (OK)
4470161 classes.dex (OK - compressed)
5597923 lib/commons-codec-1.6.jar (OK - compressed)
5783198 lib/armeabi/libkonyjsvm.so (OK - compressed)
Verification succesful
D:\Android\android-sdk\build-tools\19.1.0>
Примечание:
Команда verify просто проверяет, правильно ли создан и подписан APK!
Ссылки
Надеюсь, это поможет всем без исключения:)