Friday, November 16, 2012

Sign android application (apk.)

Signing Your Applications using eclipse, ant, console


The Android system requires that all installed applications be digitally signed with a certificate whose private key is held by the application's developer. The Android system uses the certificate as a means of identifying the author of an application and establishing trust relationships between applications. The certificate is not used to control which applications the user can install. The certificate does not need to be signed by a certificate authority: it is perfectly allowable, and typical, for Android applications to use self-signed certificates.
The important points to understand about signing Android applications are:
  • All applications must be signed. The system will not install an application on an emulator or a device if it is not signed.
  • To test and debug your application, the build tools sign your application with a special debug key that is created by the Android SDK build tools.
  • When you are ready to release your application for end-users, you must sign it with a suitable private key. You cannot publish an application that is signed with the debug key generated by the SDK tools.
  • You can use self-signed certificates to sign your applications. No certificate authority is needed.
  • The system tests a signer certificate's expiration date only at install time. If an application's signer certificate expires after the application is installed, the application will continue to function normally.
  • You can use standard tools — Keytool and Jarsigner — to generate keys and sign your application .apk files.
  • After you sign your application for release, we recommend that you use the zipalign tool to optimize the final APK package.
The Android system will not install or run an application that is not signed appropriately. This applies wherever the Android system is run, whether on an actual device or on the emulator. For this reason, you must set up signing for your application before you can run it or debug it on an emulator or device.

Signing Process


The Android build process signs your application differently depending on which build mode you use to build your application. There are two build modes: debug mode and release mode. You use debug mode when you are developing and testing your application. You use release mode when you want to build a release version of your application that you can distribute directly to users or publish on an application marketplace such as Google Play.
When you build in debug mode the Android SDK build tools use the Keytool utility (included in the JDK) to create a debug key. Because the SDK build tools created the debug key, they know the debug key's alias and password. Each time you compile your application in debug mode, the build tools use the debug key along with the Jarsigner utility (also included in the JDK) to sign your application's .apk file. Because the alias and password are known to the SDK build tools, the tools don't need to prompt you for the debug key's alias and password each time you compile.
When you build in release mode you use your own private key to sign your application. If you don't have a private key, you can use the Keytool utility to create one for you. When you compile your application in release mode, the build tools use your private key along with the Jarsigner utility to sign your application's .apk file. Because the certificate and private key you use are your own, you will have to provide the password for the keystore and key alias.
The debug signing process happens automatically when you run or debug your application using Eclipse with the ADT plugin. Debug signing also happens automatically when you use the Ant build script with the debug option. You can automate the release signing process by using the Eclipse Export Wizard or by modifying the Ant build script and building with the release option.

Through Command line: 


use this command, (go to java < jdk < bin path in cmd prompt) write the command
$ jarsigner -verify -verbose -certs my_application.apk

If you see "CN=Android Debug", this means the .apk was signed with the debug key generated by the Android SDK (means it is unsigned), else u will find something for CN. for more details

if you are eclipse User


Right-click your project in Eclipse > Chose Android Tool > Export Signed Application Package.

if you are Ant User 


If you have ant version < 1.8.3 (ant -version) try this approach for issue with JDK 7 basing previous answer.
  1. Add signjarjdk7 to ANDROID_SDK\tools\ant\build.xml
    <macrodef name="signjarjdk7">
        <attribute name="jar" />
        <attribute name="signedjar" />
        <attribute name="keystore" />
        <attribute name="storepass" />
        <attribute name="alias" />
        <attribute name="keypass" />
        <attribute name="verbose" />
            <exec executable="jarsigner" failonerror="true">
                <!-- magic key, always verbose -->
                <arg line="-verbose -digestalg SHA1 -sigalg MD5withRSA" />                      
                <arg line="-keystore @{keystore} -storepass @{storepass} -keypass @{keypass}" />
                <arg line="-signedjar &quot;@{signedjar}&quot;" />
                <arg line="&quot;@{jar}&quot; @{alias}" />
  2. Replace 'signjar' to 'signjarjdk7' in 'release' target in the same build.xml.
NOTE: You have to define '' and 'key.alias.password' propeties for your project (in or in
If your have installed ant-1.8.3+ you have better solution:
Open you ANDROID_SDK\tools\ant\build.xml and add two new parameters - sigalg and digestalg - in original 'signjar' invocation:
            verbose="${verbose}" />


Signing application automatically with password in ant :


I just have these lines in my and it signs automatically

Expiry of the Debug Certificate


The self-signed certificate used to sign your application in debug mode (the default on Eclipse/ADT and Ant builds) will have an expiration date of 365 days from its creation date.
When the certificate expires, you will get a build error. On Ant builds, the error looks like this:
debug: [echo] Packaging bin/samples-debug.apk, and signing it with a debug key... [exec] Debug Certificate expired on 8/4/08 3:43 PM In Eclipse/ADT, you will see a similar error in the Android console.
To fix this problem, simply delete the debug.keystore file. The default storage location for AVDs is in ~/.android/ on OS X and Linux, in C:\Documents and Settings\<user>\.android\ on Windows XP, and in C:\Users\<user>\.android\ on Windows Vista and Windows 7.
The next time you build, the build tools will regenerate a new keystore and debug key.
Note that, if your development machine is using a non-Gregorian locale, the build tools may erroneously generate an already-expired debug certificate, so that you get an error when trying to compile your application. For workaround information, see the troubleshooting topic I can't compile my app because the build tools generated an expired debug certificate.


No comments:

Post a Comment