Signing your apk/application for release (keytool,jarsigner)

Tutorials with advanced 'difficulty' and more Lines of Code.

Postby darolla » Wed Dec 10, 2008 11:07 am

use export like this :D
Attachments
exort.jpg
how to export unsigned .apk
exort.jpg (57.46 KiB) Viewed 15656 times
User avatar
darolla
Master Developer
Master Developer
 
Posts: 273
Joined: Thu Sep 25, 2008 5:16 pm
Location: Dortmund, Germany

Top

I did use export, jarsigner error no valid keystore

Postby sazabo » Wed Dec 10, 2008 6:19 pm

thanks for the post

I was setting -verify and it was not asking for the passwd, fix that but...

I do have some more info

C:mykeytools>c:"Program Files"Javajdk1.6.0_07binjarsigner -verbose -keysto
re c:mykeytoolskeyscsi.keystore -signedjar mymedbox_signed.pdk pmPhr.apk csi.
keystore
Enter Passphrase for keystore:
jarsigner: Certificate chain not found for: csi.keystore. csi.keystore must ref
erence a valid KeyStore key entry containing a private key and corresponding pub
lic key certificate chain.

Here is the list output form the keytool not sure what a good out put should be I only see a PrivateKeyEntry. Should there be at Public?

C:mykeytools>c:"Program Files"Javajdk1.6.0_07binkeytool -list -alias comsi
key -keystore keys/csi.keystore
Enter keystore password:
comsikey, Dec 10, 2008, PrivateKeyEntry,
Certificate fingerprint (MD5): 67:6E:F4:40:47:D3:F7:65:32:93:83:83:5F:AB:BD:13
C:mykeytools>
sazabo
Junior Developer
Junior Developer
 
Posts: 24
Joined: Wed Nov 19, 2008 8:04 pm

Found it!!

Postby sazabo » Wed Dec 10, 2008 10:21 pm

looks like the jarsigner -signed flag is not working correctly. I resigned the jar with the simplest variation and it worked.

thanks

Jeff
sazabo
Junior Developer
Junior Developer
 
Posts: 24
Joined: Wed Nov 19, 2008 8:04 pm

Postby avolovoy » Thu Dec 11, 2008 4:05 pm

soniya wrote:How to use "export" function????

Really ? That is the question ? I don't mean to be rude, but dammit..

Something tells we're up to see some interesting applications.
Alexey Volovoy
Bytesharp.NET
User avatar
avolovoy
Experienced Developer
Experienced Developer
 
Posts: 68
Joined: Mon Nov 03, 2008 10:32 pm
Location: kansas

Postby MrSnowflake » Thu Dec 11, 2008 6:12 pm

avolovoy wrote:Something tells we're up to see some interesting applications.
You haven't seen many questions here yet, I guess... :D
User avatar
MrSnowflake
Moderator
Moderator
 
Posts: 1439
Joined: Sat Feb 16, 2008 3:11 pm
Location: Flanders, Belgium

bad flag -signed

Postby sazabo » Thu Dec 11, 2008 8:07 pm

I fixed it thanks,

I removed the option flag -signed and it worked???

Bleeding edge

thanks
sazabo
Junior Developer
Junior Developer
 
Posts: 24
Joined: Wed Nov 19, 2008 8:04 pm

Top

Postby Sparkletron » Fri Dec 12, 2008 4:15 am

darolla wrote:well, this tutorial works fine. but only one time. after updating your source code, and updating version name and version number in manifest.mf, deploying wont work anymore on g1.


I have no solution but I can confirm this. First time it worked. Every subsequent install fails.
Sparkletron
Developer
Developer
 
Posts: 26
Joined: Tue Nov 04, 2008 6:17 am

update

Postby sazabo » Fri Dec 12, 2008 5:18 pm

Try just updating the version number

Jeff
sazabo
Junior Developer
Junior Developer
 
Posts: 24
Joined: Wed Nov 19, 2008 8:04 pm

Re: update

Postby Sparkletron » Fri Dec 12, 2008 9:47 pm

sazabo wrote:Try just updating the version number
Jeff


That was already tried by darolla and I can confirm it has no effect whatsoever. The actual error is...

Package [my.package] signatures do not match the previously installed version; ignoring!

In the user data folder that we don't have access to, the G1 continues to store some reference to the file even *after* it's removed. And then it compares the digital sigs of every subsequent app with the original. If they don't match it rejects them. Now the question is: why don't the sigs match? Is there something about the formulation of that jarsigner command that creates a new sig each time? Certainly we are using the same keystores.
Sparkletron
Developer
Developer
 
Posts: 26
Joined: Tue Nov 04, 2008 6:17 am

Postby KanedaSyndrome » Tue Jan 06, 2009 2:00 am

Sorry, but I have no experience what so ever with signing and this tutorial really explains nothing to me..

I have created the folders in my workspace folders.. that keytool and key folder.. But that is about it, trying to run the command just tells me that there is no such thing as a keytool executable, which is kinda an expected response seeing as I just have an empty folder...

Also I can't find a keytool program anywhere, and that is with having Eclipse Ganymedes and android sdk of course.. I have exported my .apk file, but haven't really gotten to the point of "signing" it yet since I don't even have the keytool thingie set up, but really, this is something I have never ever used before, so please don't get patronizing on me.

Perhaps this is one of those things that would have eluded me when I have never ever worked with Java before?

Btw, am using winXP so it is Eclipse, Android SDK and cmd that I have at my disposal for this, I am sure it is super easy, if just someone would explain in 100% detail how to do this since I have no clue... Easy enough to follow the tutorial once I have the missing pieces.. like the keytool and jarsigner programs.. not sure if those are some I should download separately of if they come with the Android SDK or Eclipse IDE somewhere..

[update]
Been looking around for a bit now.. and well, nothing call keytool, so no program to launch from my cmd that can create that key thingies.. So probably no jarsigner either..

Tbh, I would have thought this would've been an automated Eclipse function, what's up with making it so complicated when it could be soo simple.. I really need this damn program signed before one day has passed.. Didn't think this would be the thing to halt me.. :(
KanedaSyndrome
Developer
Developer
 
Posts: 41
Joined: Tue Nov 11, 2008 3:32 pm

Postby KanedaSyndrome » Tue Jan 06, 2009 2:49 am

Ok I downloaded some keytool plugin for Eclipse..

But seriously, us here that have not done Java nor Linux or something before, we need a step by step guide for making it work with Eclipse..

And download links to the Keytool and jarsigner applications please...

It might be that I am tired, but I just can't make it work..

The keytool plugin I downloaded let me make a certificate, but couldn't reopen it with either passwords I made... And I don't know what this "keystore" thing is, I assume it is a bundle file where you can keep all your cerficicates/keys in?

Need this stuff explained really, never ever ever used it before in my life.. I need to know how to:

create that key thingie for my exported .apk file

sign said .apk file

if I need to download any programs to do this, is keytool and jarsigner something I need to download first to be able to use.
KanedaSyndrome
Developer
Developer
 
Posts: 41
Joined: Tue Nov 11, 2008 3:32 pm

Use Keytool On Windows Vista / XP / Eclipse

Postby glassfish » Sun Jan 18, 2009 11:00 pm

glassfish
Freshman
Freshman
 
Posts: 9
Joined: Sun Jan 18, 2009 10:23 pm

Re: update

Postby kanzlr » Sun Mar 15, 2009 5:09 pm

found a solution to this on the android developer mailing list. you just have to delete your package from the

/data/system/packages.xml

file if you change the signature.



Sparkletron wrote:
sazabo wrote:Try just updating the version number
Jeff


That was already tried by darolla and I can confirm it has no effect whatsoever. The actual error is...

Package [my.package] signatures do not match the previously installed version; ignoring!

In the user data folder that we don't have access to, the G1 continues to store some reference to the file even *after* it's removed. And then it compares the digital sigs of every subsequent app with the original. If they don't match it rejects them. Now the question is: why don't the sigs match? Is there something about the formulation of that jarsigner command that creates a new sig each time? Certainly we are using the same keystores.
kanzlr
Developer
Developer
 
Posts: 25
Joined: Sun Mar 15, 2009 4:44 pm
Location: Vienna/Austria/EU

Re: Found it!!

Postby lostInTransit » Mon Mar 23, 2009 6:52 pm

sazabo wrote:looks like the jarsigner -signed flag is not working correctly. I resigned the jar with the simplest variation and it worked.

thanks

Jeff


Jeff, can you please post the exact commands that you used. I am facing a similar issue when signing my apk using jarsigner.

Thanks.
lostInTransit
Developer
Developer
 
Posts: 26
Joined: Thu Feb 12, 2009 10:37 am
Location: India

Postby guruk » Wed Apr 01, 2009 2:15 pm

I get the following Error from jarsigner .. what can i do??

Enter Passphrase for keystore:
Exception in thread "main" java.util.zip.ZipError: jzentry == 0,
jzfile = 34283992,
total = 22,
name = mydays04.apk,
i = 1,
message = null
at java.util.zip.ZipFile$2.nextElement(ZipFile.java:321)
at java.util.zip.ZipFile$2.nextElement(ZipFile.java:299)
at sun.security.tools.JarSigner.getManifestFile(JarSigner.java:1554)
at sun.security.tools.JarSigner.signJar(JarSigner.java:892)
at sun.security.tools.JarSigner.run(JarSigner.java:203)
at sun.security.tools.JarSigner.main(JarSigner.java:74)

greets
chris
guruk
Junior Developer
Junior Developer
 
Posts: 24
Joined: Sun Mar 08, 2009 8:05 pm

Top
PreviousNext

Return to Advanced Tutorials

Who is online

Users browsing this forum: Exabot [Bot] and 1 guest