Signing your apk/application for release (keytool,jarsigner)

Tutorials with advanced 'difficulty' and more Lines of Code.

Signing your apk/application for release (keytool,jarsigner)

Postby plusminus » Wed Oct 08, 2008 12:30 am

Signing your apk/application for release (keytool,jarsigner)


What you learn: You will learn how to sign your applications apk-file that it can be installed on Android-Devices.

:idea: Designed/Tested with sdk-version: 1.0_r1

Difficulty: 2 of 5 :)

What you need: just a working JDK

:idea: Questions/Problems: Simply post below...

Description:

###########################
Create folders:
D:Workspacekeytools

and
D:Workspacekeytoolskeys

###########################
Open a CommandLine / Shell and go to the following folder:
D:Workspacekeytools

###########################
This part is unfortunately german, but it should be easy to follow in your jdk language:
D:Workspacekeytools>D:ProgrammedevJavajdk1.6.0_07binkeytool -genkey -alias anddev.keystore -keyalg RSA -validity 20000 -keystore keys/anddev.keystore
Geben Sie das Keystore-Passwort ein: YOURSECRETPASSPHRASE
Geben Sie das Passwort erneut ein: YOURSECRETPASSPHRASE
Wie lautet Ihr Vor- und Nachname?
[Unknown]: www.anddev.org
Wie lautet der Name Ihrer organisatorischen Einheit?
[Unknown]: Android Application Development
Wie lautet der Name Ihrer Organisation?
[Unknown]: anddev.org
Wie lautet der Name Ihrer Stadt oder Gemeinde?
[Unknown]: Schriesheim
Wie lautet der Name Ihres Bundeslandes oder Ihrer Provinz?
[Unknown]: Baden-Wuerttemberg
Wie lautet der Landescode (zwei Buchstaben) f³r diese Einheit?
[Unknown]: DE
Ist CN=www.anddev.org, OU=Android Application Development, O=anddev.org, L=Schri
esheim, ST=Baden-Wuerttemberg, C=DE richtig?
[Nein]: ja

Geben Sie das Passwort f³r <anddev.keystore> ein.
(EINGABETASTE, wenn Passwort dasselbe wie f³r Keystore): <ENTER>

D:Workspacekeytools>

###########################
A new file was created:
D:Workspacekeytoolskeysanddev.keystore

###########################
Lets now sign a apk. So add a file to the working folder, like:
D:WorkspacekeytoolsAndOpenStreetMap.apk

###########################
D:Workspacekeytools>D:ProgrammedevJavajdk1.6.0_07binjarsigner -verbose -keystore keys/anddev.keystore -signedjar AndOpenStreetMap_signed.apk AndOpenStreetMap.apk anddev.keystore
Enter Passphrase for keystore: YOURSECRETPASSPHRASE
adding: META-INF/MANIFEST.MF
adding: META-INF/ANDDEV_K.SF
adding: META-INF/ANDDEV_K.RSA
signing: res/drawable/icon.png
signing: res/layout/main.xml
signing: AndroidManifest.xml
signing: resources.arsc
signing: classes.dex

###########################
If you see an output, similar to the one above, your apk is ready for release :)

Thats it :)


Regards,
plusminus
Last edited by plusminus on Sun Oct 26, 2008 11:31 pm, edited 2 times in total.
Image
Image | Android Development Community / Tutorials
User avatar
plusminus
Site Admin
Site Admin
 
Posts: 2688
Joined: Wed Nov 14, 2007 8:37 pm
Location: Schriesheim, Germany

Top

Postby ninor » Wed Oct 08, 2008 9:34 am

Thanks! Really useful
Image AndDev: Your Android Development Community / Tutorials | Here's my Basic ToolKit
User avatar
ninor
Moderator
Moderator
 
Posts: 180
Joined: Thu Aug 14, 2008 6:30 pm
Location: Barcelona, Spain

Postby pjv » Wed Oct 08, 2008 12:49 pm

Tip: omit -keystore keys/anddev.keystore so the default keystore (I think it is ~/.keystore) is used and you don't have to remember where you left it.

Tip: open source developers may want to not answers many of the personal questions, except for providing their (nick-)name and maybe a link to their profile (something unique like launchpad profiles) as org. Some X.509 people may hate me for this but...

Another tip: if you find this too much and aren't really doing any big releases, why not just use the debug signed apk? As I understand it, its expiration period is one year which should suit your alpha releases.
pjv
Developer
Developer
 
Posts: 39
Joined: Tue Aug 19, 2008 7:11 pm

Postby NevinM » Fri Oct 10, 2008 7:43 am

I followed this tutorial. Everything has worked fine except for building the signed .apk file (which is kind of the point). On the final step, I keep getting the error "jarsigner: unable to sign jar: java.util.zip.ZipException: invald entry compressed size (expected 703 but got 707 bytes)"

Has anyone experienced this problem? I have even tried different JDK's.

Please help me.

Neviin
NevinM
Developer
Developer
 
Posts: 36
Joined: Wed Oct 01, 2008 4:24 am
Location: Lethbridge, Canada

Problem Solved

Postby NevinM » Fri Oct 10, 2008 7:55 pm

I solved my own problem. It appears that I was trying to sign an .apk file that was already signed by the debugger. Make sure to follow the steps to export an unsigned .apk file before you sign it with the jarsigner.

See Link: http://code.google.com/android/intro/de ... ml#signing

Nevin
NevinM
Developer
Developer
 
Posts: 36
Joined: Wed Oct 01, 2008 4:24 am
Location: Lethbridge, Canada

Postby plusminus » Sun Oct 26, 2008 11:33 pm

:!: :!: :!:Important notice :!: :!: :!:


Google wants you to sign your applications with a validity of at least 25 years :!: So use at least 11000 as validity when creating the keystore :!:
Image
Image | Android Development Community / Tutorials
User avatar
plusminus
Site Admin
Site Admin
 
Posts: 2688
Joined: Wed Nov 14, 2007 8:37 pm
Location: Schriesheim, Germany

Top

Postby scoward » Mon Oct 27, 2008 4:22 pm

Hi there, thanks very much for building the site/community :)

I'm running into some problems with signing/installing on my G1, wondering if anyone may be able to spot the problem. Here's how it goes:

1. Export an Unsigned APK from Eclipse (Ganymede).
2. Fire up cmd prompt and enter in the following:

Code: Select all
keytool -v -genkey -alias <keystorename>.keystore -keyalg RSA -validity 11000 -keystore <keystorename>.keystore


3. Fill in the usual signing information (Name, OU, Locality, etc.)
4. Everything seems fine, here is the output:

Code: Select all
Generating 1,024 bit RSA key pair and self-signed certificate (SHA1withRSA) with
a validity of 11,000 days
        for: CN=<MyCN>, OU=<MyOU>, O=<MyO>, L=<MyCity>, ST=<MyState>, C=US
Enter key password for <keystorename.keystore>
        (RETURN if same as keystore password):
Storing keystorename.keystore


5. Then I'll use jarsigner to sign the APK. Output follows:

Code: Select all
jarsigner -verbose -keystore <mykeystore>.keystore -signedjar TipCalcSigned.apk TipCalc.apk <mykeystore>.keystore
Enter Passphrase for keystore:
   adding: META-INF/MANIFEST.MF
   adding: META-INF/MASTEROF.SF
   adding: META-INF/MASTEROF.RSA
  signing: res/drawable/icon.png
  signing: res/layout/main.xml
  signing: AndroidManifest.xml
  signing: resources.arsc
  signing: classes.dex


6. Upload the signed APK to my host, and download it to my G1.
7. Click to install the APK, and the system asks if I want to replace application. I choose OK.
8. Application permissions page shows, and says: "No permissions required". I choose "Install".
9. Next screen says "Application install unsuccessful".

Can anyone see/suggest what I might be doing wrong here? I'm losing my mind :( Thank you in advance!

-Steve
scoward
Freshman
Freshman
 
Posts: 2
Joined: Mon Oct 27, 2008 3:51 pm

Postby scoward » Mon Oct 27, 2008 6:14 pm

Okay, good news :)

I figured out my problem. After a LOT of digging around on the Android Google Group, I did find that on a shared host, you must make sure you add the .apk extension to the list of known MIME types. Add in the following to your .htaccess file:

Code: Select all
AddType application/vnd.android.package-archive apk


I hope this helps some people!

-Steve
scoward
Freshman
Freshman
 
Posts: 2
Joined: Mon Oct 27, 2008 3:51 pm

Postby androooooid » Tue Oct 28, 2008 7:44 pm

scoward wrote:9. Next screen says "Application install unsuccessful".

Can anyone see/suggest what I might be doing wrong here? I'm losing my mind :( Thank you in advance!

-Steve


I have added the MIME type and still get the same error, any other possibilities? It works through emulator and when it was unsigned...

Looks like I had the old key that the debugger had in there so the new key was not working. I went ahead and set it back to factory default :( Any way to remove the old key without doing this?
androooooid
Junior Developer
Junior Developer
 
Posts: 17
Joined: Fri Sep 26, 2008 8:47 pm

Postby velpandian » Wed Nov 12, 2008 3:32 pm

Hi
I tried the following command
> keytool -genkey -v -keystore my-release-key.keystore -alias alias -keyalg RSA -validity 11000
> jarsigner -verbose -keystore my-release-key.keystore -signedjar sandroid.apk android.apk alias

i got the verbose output as Jar signed but sandroid.apk is not getting created
I got the apk from eclipse export unsigned jar

Please help me i tried almost all alternatives
Thanks in advance
velpandian
Once Poster
Once Poster
 
Posts: 1
Joined: Wed Nov 12, 2008 3:17 pm

Postby darolla » Fri Dec 05, 2008 4:24 pm

hi,

well, this tutorial works fine. but only one time. after updating your source code, and updating version name and version number in manifest.mf, deploying wont work anymore on g1.

the only solution I've found is to refactor all packages so that G1 thinks its a new apk.

who helps me on this?

greetings,
marco
User avatar
darolla
Master Developer
Master Developer
 
Posts: 273
Joined: Thu Sep 25, 2008 5:16 pm
Location: Dortmund, Germany

Postby soniya » Tue Dec 09, 2008 3:19 pm

i have done every thing...
but every time im facing same problem

jarsigner: unable to sign jar: java.util.zip.ZipException: invald entry compressed size (expected 703 but got 707 bytes)"


plz help me............. :cry:
soniya
Senior Developer
Senior Developer
 
Posts: 111
Joined: Mon Jan 14, 2008 1:52 pm
Location: india

Postby darolla » Tue Dec 09, 2008 5:12 pm

I think your problem is that u dont use the "export" function inside eclipse.

I got the same problems if I tried to use the .apk inside the bin folder ;)

greetings,
darolla
User avatar
darolla
Master Developer
Master Developer
 
Posts: 273
Joined: Thu Sep 25, 2008 5:16 pm
Location: Dortmund, Germany

jar is unsigned. (signatures missing or not parsable)

Postby sazabo » Tue Dec 09, 2008 11:50 pm

Hello all,

I am trying to sign my apk and I am getting error I exported an unsigned apk from eclipse. keytool seem to run fine but the jarsigner is failing?? I have tried with RSA set and unset.

Any thoughts?
thanks
Jeff

C:mykeytools>c:"Program Files"Javajdk1.6.0_07binjarsigner -verify -verbose
-keystore keys/csi.keystore pmPhr.apk comsikey

s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope

no manifest.
jar is unsigned. (signatures missing or not parsable)

C:mykeytools>c:"Program Files"Javajdk1.6.0_07binkeytool -genkey -alias com
sikey -validity 18615 -keystore keys/csi.keystore
sazabo
Junior Developer
Junior Developer
 
Posts: 24
Joined: Wed Nov 19, 2008 8:04 pm

Postby soniya » Wed Dec 10, 2008 7:08 am

darolla wrote:I think your problem is that u dont use the "export" function inside eclipse.

I got the same problems if I tried to use the .apk inside the bin folder ;)

greetings,
darolla

How to use "export" function????
soniya
Senior Developer
Senior Developer
 
Posts: 111
Joined: Mon Jan 14, 2008 1:52 pm
Location: india

Top
Next

Return to Advanced Tutorials

Who is online

Users browsing this forum: Yahoo [Bot] and 5 guests