-->![Apk Signing Tool For Os X Apk Signing Tool For Os X](/uploads/1/2/6/4/126421671/412885094.png)
After the application has been built for release, the APK must be signed prior to distribution so that it can be run on an Android device. This process is typically handled with the IDE, however there are some situations where it is necessary to sign the APK manually, at the command line. The following steps are involved with signing an APK:
APK signing key replacement. The signing script signtargetfilesapks works on the target files generated for a build. All the information on certificates and private keys used at build time is included in the target files. When running the signing script to sign for release, signing keys can be replaced based on key name or APK name. Sep 20, 2017 Pepk tool: for exporting private keys from a Java Keystore and encrypting them for transfer to Google Play. Open terminal (Mac OS) or CMD (Windows OS. During the signing or verifying process, the command may issue warning messages. If you specify this option, the exit code of the tool reflects the severe warning messages that this command found. See Errors and Warnings.-verbose suboptions. For the verifying process, the -verbose option takes suboptions to determine how much information is shown. Oracle for mac os x download. The scripts, the APK Tool jar file, and the downloaded APK file must be placed in the same folder Supported versions. Jive Daily Cloud supported by the current Cloud version; Jive Daily Hosted supported by Jive 9.0.0+ General considerations. Re-signing the Jive Daily for.
- Create a Private Key – This step needs to be performedonly once. A private key is necessary to digitally sign the APK.After the private key has been prepared, this step can be skippedfor future release builds.
- Zipalign the APK – Zipalign is an optimization processthat is performed on an application. It enables Android to interactmore efficiently with the APK at runtime. Xamarin.Android conductsa check at runtime, and will not allow the application to run ifthe APK has not been zipaligned.
- Sign the APK – This step involves using the apksigner utility from the Android SDK and signing the APK with the private key that was created in the previous step. Applications that are developed with older versions of the Android SDK build tools prior to v24.0.3 will use the jarsigner app from the JDK. Both of these tools will be discussed in more detail below.
The order of the steps is important and is dependent on which tool used to sign the APK. When using apksigner, it is important to first zipalign the application, and then to sign it with apksigner. If it is necessary to use jarsigner to sign the APK, then it is important to first sign the APK and then run zipalign.
Prerequisites
This guide will focus on using apksigner from the Android SDK buildtools, v24.0.3 or higher. It assumes that an APK has already beenbuilt.
Applications that are built using an older version of the Android SDKBuild Tools must use jarsigner as described inSign the APK with jarsigner below.
Create a Private Keystore
A keystore is a database of security certificates that is createdby using the programkeytoolfrom the Java SDK. A keystore is critical to publishing aXamarin.Android application, as Android will not run applications thathave not been digitally signed. High sierra operating system for mac.
During development, Xamarin.Android uses a debug keystore to sign theapplication, which allows the application to be deployed directly tothe emulator or to devices configured to use debuggable applications.However, this keystore is not recognized as a valid keystore for thepurposes of distributing applications.
For this reason, a private keystore must be created and used forsigning applications. This is a step that should only be performedonce, as the same key will be used for publishing updates and can thenbe used to sign other applications.
It is important to protect this keystore. If it is lost, then it willnot be possible to publish updates to the application with Google Play.The only solution to the problem caused by a lost keystore would be tocreate a new keystore, re-sign the APK with the new key, and thensubmit a new application. Then the old application would have to beremoved from Google Play. Likewise, if this new keystore is compromisedor publicly distributed, then it is possible for unofficial ormalicious versions of an application to be distributed.
Create a New Keystore
![Apk Signing Tool For Os X Apk Signing Tool For Os X](/uploads/1/2/6/4/126421671/412885094.png)
Creating a new keystore requires the command line toolkeytoolfrom the Java SDK. The following snippet is an example of how to usekeytool (replace
<my-filename>
with the file name for the keystoreand <key-name>
with the name of the key within the keystore):The first thing that keytool will ask for is the password for thekeystore. Then it will ask for some information to help with creatingthe key. The following snippet is an example of creating a new keycalled
publishingdoc
that will be stored in the filexample.keystore
:To list the keys that are stored in a keystore, use the keytool withthe –
list
option:Zipalign the APK
Before signing an APK with apksigner, it is important to first optimize the file using the zipalign tool from the Android SDK. zipalign will restructure the resources in an APK along 4-byte boundaries. This alignment allows Android to quickly load the resources from the APK, increasing the performance of the application and potentially reducing memory use. Xamarin.Android will conduct a run-time check to determine if the APK has been zipaligned. If the APK is not zipaligned, then the application will not run.
The follow command will use the signed APK and produce a signed, zipaligned APK called helloworld.apk that is ready for distribution.
Sign the APK
After zipaligning the APK, it is necessary to sign it using a keystore. This is done with the apksigner tool, found in the build-tools directory of the version of the SDK build tools. For example, if the Android SDK build tools v25.0.3 is installed, then apksigner can be found in the directory:
The following snippet assumes that apksigner is accessible by the
PATH
environment variable. It will sign an APK using the key aliaspublishingdoc
that is contained in the file xample.keystore:When this command is run, apksigner will ask for the password to the keystore if necessary.
See Google's documentation for more details on the use of apksigner.
Note
According to Google issue 62696222, apksigner is 'missing' from the Android SDK. The workaround for this is to install the Android SDK build tools v25.0.3 and use that version of apksigner.
Sign the APK with jarsigner
Warning
Apk Signing Tool For Os X Download
This section only applies if it is nececssary to sign the APK with the jarsigner utility. Developers are encouraged to use apksigner to sign the APK.
This technique involves signing the APK file using the jarsigner command from the Java SDK. The jarsigner tool is provided by the Java SDK.
The following shows how to sign an APK by using jarsigner and the key
publishingdoc
that is contained in a keystore file named xample.keystore :Note
When using jarsigner, it is important to sign the APK first, and then to use zipalign.