Signing Your Android Applications
Following
are the generic steps to create signed applications.
Tools/Binaries
Required:
1.
keytool
2.
jarsigner
3.
zipalign
Usually
keytool and jarsigner will be avialable in
/usr/lib/jvm/java/jdk1.6.0_33/bin and zipalign will be available in
SDK of tools directory. Add all these binaries into your
enavirnmenatal variables.
Ex:
export PATH=/usr/lib/jvm/java/jdk1.6.0_33/bin:$PATH
or
Add
above paths into /etc/environment file so no need to do everytime.
Signing
of Android will be 2 types.
1.
Signing in Debug Mode
2.
Signing in Release Mode
sign your apk with platform key for using shared system id
you
can find the key in your AOSP code.
normally you can find here AOSP_HOME/build/target/product/security
r
normally you can find here AOSP_HOME/build/target/product/security
r
1.
Signing in Debug Mode: The
Android build tools provide a debug signing mode that makes it easier
for you to develop and debug your application.
$cd
$ANDROID_HOME/build/target/product/security/
$openssl
pkcs8 -inform DER -nocrypt -in platform.pk8 -out platform.pem
$openssl
pkcs12 -export -in platform.x509.pem -inkey platform.pem -out
platform.p12 -password pass:android -name androiddebugkey
$/usr/lib/jvm/java/jdk1.6.0_33/bin/keytool
-importkeystore -deststorepass android -destkeystore platform.jks
-srcstoretype PKCS12 -srcstorepass android -srckeystore platform.p12
copy
platform.jks to your key dir.
and open eclipse -> window -> preferences -> Android -> build
and open eclipse -> window -> preferences -> Android -> build
then
your application is signed with platform key and system user id
application can be ran.
remember, your Androidmanifest.xml need "android:sharedUserId="android.uid.system"
remember, your Androidmanifest.xml need "android:sharedUserId="android.uid.system"
Eclipse Users
If
you are developing in Eclipse/ADT (and have set up Keytool and
Jarsigner as described above,
signing in debug mode is enabled by default. When you run or debug
your application, ADT signs the
.apk
file
with the debug certificate, runs zipalign
on
the package, then installs it on the selected emulator or connected
device. No specific action on your part is needed, provided ADT has
access to Keytool.Signing in Release Mode
When
your application is ready for release to other users, you must:
- Obtain a suitable private key
- Compile the application in release mode
- Sign your application with private key
- Align the final APK Package
1.
Obtain a suitable private key
example
of a Keytool command that generates a private key and follow the:
$
keytool -genkey -v -keystore prakash.keystore -alias kothnanmaklu
-keyalg RSA -keysize 2048 -validity 10000
It
will look like below steps
Enter
keystore password:
Re-enter
new password:
What
is your first and last name?
[Unknown]:
prakash
What
is the name of your organizational unit?
[Unknown]:
What
is the name of your organization?
[Unknown]:
What
is the name of your City or Locality?
[Unknown]:
What
is the name of your State or Province?
[Unknown]:
What
is the two-letter country code for this unit?
[Unknown]:
Is
CN=prakash, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
correct?
[no]:
yes
Generating
2,048 bit RSA key pair and self-signed certificate (SHA1withRSA) with
a validity of 10,000 days
for:
CN=prakash, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
Enter
key password for <kothnanmaklu>
(RETURN
if same as keystore password):
Re-enter
new password:
[Storing
prakash.keystore] (This will be stored in wherever you specified.
Keytool
option usage:
-genkey:
Generate a key pair (public and private keys)
-v
:verbose
-keystore:
A name for the keystore containing the private key.
-alias
:An alias for the key. Only the first 8 characters of the alias
are used.
-keyalg
:The encryption algorithm to use when generating the key. Both DSA
and RSA are supported.
-keysize
:The size of each generated key (bits). If not supplied, Keytool uses
a default key size of 1024 bits. In general, we recommend using a key
size of 2048 bits or higher.
-validity
:The validity period for the key, in days.
Note:A
value of 10000 or greater is recommended.
2. Compile the application in release mode
In
order to release your application to users, you must compile it in
release mode. In release mode, the compiled application is not signed
by default and you will need to sign it with your private key.
With Eclipse
To
export an unsigned
APK
from Eclipse, right-click the project in the Package Explorer and
select Android
Tools>Export
Unsigned Application Package.
Then specify the file location for the unsigned APK. (Alternatively,
open your
AndroidManifest.xml
file
in Eclipse, select the Manifest
tab,
and click Export
an unsigned APK.)3. Sign your application with your private key
$
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore
prakash.keystore MediaPlayer.apk kothnanmaklu
It
will ask for Keystore password.
Enter
Passphrase for keystore:
Output
will look like this.
adding:
META-INF/MANIFEST.MF
adding:
META-INF/TRUEINDI.SF
Enter
key password for trueindian:
adding:
META-INF/TRUEINDI.RSA
signing:
res/anim/slide_in.xml
signing:
res/anim/slide_out.xml
signing:
res/drawable/back.xml
signing:
res/drawable/back_black.xml
signing:
res/drawable/back_not_round.xml
signing:
res/drawable/background.xml
signing:
res/drawable/background2.xml
signing:
res/drawable/bakground_list.xml
signing:
res/drawable/blue_grad_bg_26.png
signing:
res/drawable/button_col.xml
signing:
res/drawable/ch_backgd1.xml
signing:
res/drawable/ch_backgd2.xml
signing:
res/drawable/customshape.xml
signing:
res/drawable/dback.xml
signing:
res/drawable/goto_text.xml
signing:
res/drawable/grey_bak_ground.xml
signing:
res/drawable/icon_favorites.png
signing:
res/drawable/icon_tv_guide.png
signing:
res/drawable/panel.xml
signing:
res/drawable/rect1.xml
signing:
res/drawable/rect2.xml
signing:
res/drawable/red_grad_bg_26.png
signing:
res/drawable/rem_col.xml
signing:
res/drawable/rounded_black.xml
signing:
res/drawable/rounded_blue_corner.xml
signing:
res/drawable/rounded_red.xml
signing:
res/drawable/trans_border.xml
signing:
res/layout/activity_main.xml
signing:
res/layout/chan_ban.xml
signing:
res/layout/chan_ban_rowlayout.xml
signing:
res/layout/fav_main.xml
signing:
res/layout/go_to_fav.xml
signing:
res/layout/goto_rowlayout.xml
signing:
res/layout/home.xml
signing:
res/layout/info.xml
signing:
res/layout/madil.xml
signing:
res/layout/main.xml
signing:
res/layout/media.xml
signing:
res/layout/options_activity_main.xml
signing:
res/layout/options_newpage1.xml
signing:
res/layout/options_rowlayout.xml
signing:
res/layout/rem_col.xml
signing:
res/layout/rempop.xml
signing:
res/layout/rowlayout.xml
signing:
res/layout/setrem.xml
signing:
res/layout/settings.xml
signing:
res/layout/settings_rowlayout.xml
signing:
res/layout/showrem.xml
signing:
res/layout/tvguide.xml
signing:
res/menu/main.xml
signing:
res/raw/h264.mp4
signing:
AndroidManifest.xml
signing:
resources.arsc
signing:
res/drawable-hdpi/app_favorites.png
signing:
res/drawable-hdpi/app_home.png
signing:
res/drawable-hdpi/app_settings.png
signing:
res/drawable-hdpi/app_tv_guide.png
signing:
res/drawable-hdpi/arrow_blue_up.png
signing:
res/drawable-hdpi/arrow_grey_down.png
signing:
res/drawable-hdpi/grey.png
signing:
res/drawable-hdpi/grey_grad_bg_27.png
signing:
res/drawable-hdpi/ic_launcher.png
signing:
res/drawable-hdpi/icon_settings.png
signing:
res/drawable-hdpi/intv_logo.png
signing:
res/drawable-hdpi/launcher.png
signing:
res/drawable-hdpi/pause.png
signing:
res/drawable-hdpi/red_grad_bg_26.png
signing:
res/drawable-hdpi/resize.png
signing:
res/drawable-hdpi/screen_shot.png
signing:
res/drawable-hdpi/stop.png
signing:
res/drawable-ldpi/app_settings.png
signing:
res/drawable-ldpi/ic_launcher.png
signing:
res/drawable-ldpi/pause.png
signing:
res/drawable-mdpi/ic_launcher.png
signing:
res/drawable-xhdpi/ic_launcher.png
signing:
classes.dex
To
verify that your APK is signed, you can use a command like this:
jarsigner -verify -verbose MediaPlayer.apk
you
will see in last line like
jar
varified.
4. Align the final APK package
This
tool ensures that all uncompressed data starts with a particular byte
alignment, relative to the start of the file. Ensuring alignment at
4-byte boundaries provides a performance optimization when installed
on a device. When aligned, the Android system is able to read files
with
mmap()
,
even if they contain binary data with alignment restrictions, rather
than copying all of the data from the package.
zipalign -v 4 MediaPlayer.apk IPTV_MediaPlayer.apk