Signing Your Applications using eclipse, ant, console
The Android system requires that all installed applications be digitally signed with a certificate whose private key is held by the application's developer. The Android system uses the certificate as a means of identifying the author of an application and establishing trust relationships between applications. The certificate is not used to control which applications the user can install. The certificate does not need to be signed by a certificate authority: it is perfectly allowable, and typical, for Android applications to use self-signed certificates.
The important points to understand about signing Android applications are:
- All applications must be signed. The system will not install an application on an emulator or a device if it is not signed.
- To test and debug your application, the build tools sign your application with a special debug key that is created by the Android SDK build tools.
- When you are ready to release your application for end-users, you must sign it with a suitable private key. You cannot publish an application that is signed with the debug key generated by the SDK tools.
- You can use self-signed certificates to sign your applications. No certificate authority is needed.
- The system tests a signer certificate's expiration date only at install time. If an application's signer certificate expires after the application is installed, the application will continue to function normally.
- You can use standard tools — Keytool and Jarsigner — to generate keys and
sign your application
.apk
files. - After you sign your application for release, we recommend that you use the
zipalign
tool to optimize the final APK package.
Signing Process
The Android build process signs your application differently depending on which build mode you use to build your application. There are two build modes: debug mode and release mode. You use debug mode when you are developing and testing your application. You use release mode when you want to build a release version of your application that you can distribute directly to users or publish on an application marketplace such as Google Play.
When you build in debug mode the Android SDK build tools use the Keytool utility (included in the JDK) to create a debug key. Because the SDK build tools created the debug key, they know the debug key's alias and password. Each time you compile your application in debug mode, the build tools use the debug key along with the Jarsigner utility (also included in the JDK) to sign your application's
.apk
file. Because the alias and password are known to the SDK
build tools, the tools don't need to prompt you for the debug key's alias and password each time
you compile.When you build in release mode you use your own private key to sign your application. If you don't have a private key, you can use the Keytool utility to create one for you. When you compile your application in release mode, the build tools use your private key along with the Jarsigner utility to sign your application's
.apk
file. Because the certificate and
private key you use are your own, you will have to provide the password for the keystore and key
alias.The debug signing process happens automatically when you run or debug your application using Eclipse with the ADT plugin. Debug signing also happens automatically when you use the Ant build script with the
debug
option. You can automate the release signing process by using the
Eclipse Export Wizard or by modifying the Ant build script and building with the
release
option.Through Command line:
use this command, (go to java < jdk < bin path in cmd prompt)
write the command
If you see "CN=Android Debug", this means the .apk was signed with the debug key generated by the Android SDK
(means it is unsigned), else u will find something for CN.
for more details
http://developer.android.com/guide/publishing/app-signing.html
OR
$ jarsigner -verify -verbose -certs my_application.apk
http://developer.android.com/guide/publishing/app-signing.html
if you are eclipse User
Right-click your project in Eclipse > Chose Android Tool > Export Signed Application Package.
if you are Ant User
If you have ant version < 1.8.3 (ant -version) try this approach for issue with JDK 7 basing previous answer.
Update:
If your have installed ant-1.8.3+ you have better solution:
Open you ANDROID_SDK\tools\ant\build.xml and add two new parameters - sigalg and digestalg - in original 'signjar' invocation:
- Add signjarjdk7 to ANDROID_SDK\tools\ant\build.xml
<macrodef name="signjarjdk7"> <attribute name="jar" /> <attribute name="signedjar" /> <attribute name="keystore" /> <attribute name="storepass" /> <attribute name="alias" /> <attribute name="keypass" /> <attribute name="verbose" /> <sequential> <exec executable="jarsigner" failonerror="true"> <!-- magic key, always verbose --> <arg line="-verbose -digestalg SHA1 -sigalg MD5withRSA" /> <arg line="-keystore @{keystore} -storepass @{storepass} -keypass @{keypass}" /> <arg line="-signedjar "@{signedjar}"" /> <arg line=""@{jar}" @{alias}" /> </exec> </sequential> </macrodef>
- Replace
'signjar'
to'signjarjdk7'
in'release'
target in the same build.xml.
Update:
If your have installed ant-1.8.3+ you have better solution:
Open you ANDROID_SDK\tools\ant\build.xml and add two new parameters - sigalg and digestalg - in original 'signjar' invocation:
<signjar
sigalg="MD5withRSA"
digestalg="SHA1"
jar="${out.packaged.file}"
signedjar="${out.unaligned.file}"
keystore="${key.store}"
storepass="${key.store.password}"
alias="${key.alias}"
keypass="${key.alias.password}"
verbose="${verbose}" />
OR
Signing application automatically with password in ant :
I just have these lines in my ant.properties and it signs automatically
When the certificate expires, you will get a build error. On Ant builds, the error looks like this:
debug: [echo] Packaging bin/samples-debug.apk, and signing it with a debug key... [exec] Debug Certificate expired on 8/4/08 3:43 PM In Eclipse/ADT, you will see a similar error in the Android console.
To fix this problem, simply delete the
The next time you build, the build tools will regenerate a new keystore and debug key.
Note that, if your development machine is using a non-Gregorian locale, the build tools may erroneously generate an already-expired debug certificate, so that you get an error when trying to compile your application. For workaround information, see the troubleshooting topic I can't compile my app because the build tools generated an expired debug certificate.
key.store.password=mypasswordOne
key.alias.password=mypasswordTwo
key.store=c:/users/myname/my-release-key.keystore
key.alias=release_alias
Expiry of the Debug Certificate
The self-signed certificate used to sign your application in debug mode (the default on Eclipse/ADT and Ant builds) will have an expiration date of 365 days from its creation date.
When the certificate expires, you will get a build error. On Ant builds, the error looks like this:
debug: [echo] Packaging bin/samples-debug.apk, and signing it with a debug key... [exec] Debug Certificate expired on 8/4/08 3:43 PM In Eclipse/ADT, you will see a similar error in the Android console.
To fix this problem, simply delete the
debug.keystore
file.
The default storage location for AVDs is in ~/.android/
on OS X and Linux,
in C:\Documents and Settings\<user>\.android\
on Windows XP, and in
C:\Users\<user>\.android\
on Windows Vista and Windows 7.The next time you build, the build tools will regenerate a new keystore and debug key.
Note that, if your development machine is using a non-Gregorian locale, the build tools may erroneously generate an already-expired debug certificate, so that you get an error when trying to compile your application. For workaround information, see the troubleshooting topic I can't compile my app because the build tools generated an expired debug certificate.
No comments:
Post a Comment