andbook!.pdf - Learning Android Get an anddev.org - Android-Shirt Back to index
anddev.org Header Logo
FAQ Search Top rated articles Browse Feeds anddev.org - Authors Contact Details Register Log in

Signing your apk/application for release (keytool,jarsigner)

Goto page 1, 2, 3  Next
 
       anddev.org - Android Development Community | Android Tutorials | Index -> Advanced Tutorials
Author Message
plusminus
Site Admin
Site Admin


Joined: 14 Nov 2007
Posts: 2660
Location: College Park, MD

PostPosted: Wed Oct 08, 2008 12:30 am    Post subject: Signing your apk/application for release (keytool,jarsigner) Reply with quote

Signing your apk/application for release (keytool,jarsigner)


What you learn: You will learn how to sign your applications apk-file that it can be installed on Android-Devices.

Idea Designed/Tested with sdk-version: 1.0_r1

Difficulty: 2 of 5 Smile

What you need: just a working JDK

Idea Questions/Problems: Simply post below...

Description:

###########################
Create folders:
Quote:
D:\Workspace\keytools

and
Quote:
D:\Workspace\keytools\keys

###########################
Open a CommandLine / Shell and go to the following folder:
Quote:
D:\Workspace\keytools

###########################
This part is unfortunately german, but it should be easy to follow in your jdk language:
Quote:
D:\Workspace\keytools>D:\Programme\dev\Java\jdk1.6.0_07\bin\keytool -genkey -alias anddev.keystore -keyalg RSA -validity 20000 -keystore keys/anddev.keystore
Geben Sie das Keystore-Passwort ein: YOURSECRETPASSPHRASE
Geben Sie das Passwort erneut ein: YOURSECRETPASSPHRASE
Wie lautet Ihr Vor- und Nachname?
[Unknown]: www.anddev.org
Wie lautet der Name Ihrer organisatorischen Einheit?
[Unknown]: Android Application Development
Wie lautet der Name Ihrer Organisation?
[Unknown]: anddev.org
Wie lautet der Name Ihrer Stadt oder Gemeinde?
[Unknown]: Schriesheim
Wie lautet der Name Ihres Bundeslandes oder Ihrer Provinz?
[Unknown]: Baden-Wuerttemberg
Wie lautet der Landescode (zwei Buchstaben) f³r diese Einheit?
[Unknown]: DE
Ist CN=www.anddev.org, OU=Android Application Development, O=anddev.org, L=Schri
esheim, ST=Baden-Wuerttemberg, C=DE richtig?
[Nein]: ja

Geben Sie das Passwort f³r <anddev.keystore> ein.
(EINGABETASTE, wenn Passwort dasselbe wie f³r Keystore): <ENTER>

D:\Workspace\keytools>

###########################
A new file was created:
Quote:
D:\Workspace\keytools\keys\anddev.keystore

###########################
Lets now sign a apk. So add a file to the working folder, like:
Quote:
D:\Workspace\keytools\AndOpenStreetMap.apk

###########################
Quote:
D:\Workspace\keytools>D:\Programme\dev\Java\jdk1.6.0_07\bin\jarsigner -verbose -keystore keys/anddev.keystore -signedjar AndOpenStreetMap_signed.apk AndOpenStreetMap.apk anddev.keystore
Enter Passphrase for keystore: YOURSECRETPASSPHRASE
adding: META-INF/MANIFEST.MF
adding: META-INF/ANDDEV_K.SF
adding: META-INF/ANDDEV_K.RSA
signing: res/drawable/icon.png
signing: res/layout/main.xml
signing: AndroidManifest.xml
signing: resources.arsc
signing: classes.dex

###########################
If you see an output, similar to the one above, your apk is ready for release Smile

Thats it Smile


Regards,
plusminus

_________________
Download my apps Idea
Please remember, that this board is give & take Smile


| Android Development Community / Tutorials


Last edited by plusminus on Sun Oct 26, 2008 11:31 pm; edited 2 times in total
Back to top
View user's profile Send private message Send e-mail Visit poster's website
ninor
Moderator
Moderator


Joined: 14 Aug 2008
Posts: 180
Location: Barcelona, Spain

PostPosted: Wed Oct 08, 2008 9:34 am    Post subject: Reply with quote

Thanks! Really useful
_________________
AndDev: Your Android Development Community / Tutorials | Here's my Basic ToolKit
Back to top
View user's profile Send private message
pjv
Developer
Developer


Joined: 19 Aug 2008
Posts: 37

PostPosted: Wed Oct 08, 2008 12:49 pm    Post subject: Reply with quote

Tip: omit -keystore keys/anddev.keystore so the default keystore (I think it is ~/.keystore) is used and you don't have to remember where you left it.

Tip: open source developers may want to not answers many of the personal questions, except for providing their (nick-)name and maybe a link to their profile (something unique like launchpad profiles) as org. Some X.509 people may hate me for this but...

Another tip: if you find this too much and aren't really doing any big releases, why not just use the debug signed apk? As I understand it, its expiration period is one year which should suit your alpha releases.
Back to top
View user's profile Send private message
NevinM
Developer
Developer


Joined: 01 Oct 2008
Posts: 36
Location: Lethbridge, Canada

PostPosted: Fri Oct 10, 2008 7:43 am    Post subject: Reply with quote

I followed this tutorial. Everything has worked fine except for building the signed .apk file (which is kind of the point). On the final step, I keep getting the error "jarsigner: unable to sign jar: java.util.zip.ZipException: invald entry compressed size (expected 703 but got 707 bytes)"

Has anyone experienced this problem? I have even tried different JDK's.

Please help me.

Neviin
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
NevinM
Developer
Developer


Joined: 01 Oct 2008
Posts: 36
Location: Lethbridge, Canada

PostPosted: Fri Oct 10, 2008 7:55 pm    Post subject: Problem Solved Reply with quote

I solved my own problem. It appears that I was trying to sign an .apk file that was already signed by the debugger. Make sure to follow the steps to export an unsigned .apk file before you sign it with the jarsigner.

See Link: http://code.google.com/android/intro/develop-and-debug.html#signing

Nevin
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
plusminus
Site Admin
Site Admin


Joined: 14 Nov 2007
Posts: 2660
Location: College Park, MD

PostPosted: Sun Oct 26, 2008 11:33 pm    Post subject: Reply with quote

Exclamation Exclamation :!:Important notice Exclamation Exclamation Exclamation


Google wants you to sign your applications with a validity of at least 25 years Exclamation So use at least 11000 as validity when creating the keystore Exclamation

_________________
Download my apps Idea
Please remember, that this board is give & take Smile


| Android Development Community / Tutorials
Back to top
View user's profile Send private message Send e-mail Visit poster's website
scoward
Freshman
Freshman


Joined: 27 Oct 2008
Posts: 2

PostPosted: Mon Oct 27, 2008 4:22 pm    Post subject: Reply with quote

Hi there, thanks very much for building the site/community Smile

I'm running into some problems with signing/installing on my G1, wondering if anyone may be able to spot the problem. Here's how it goes:

1. Export an Unsigned APK from Eclipse (Ganymede).
2. Fire up cmd prompt and enter in the following:

Code:
keytool -v -genkey -alias <keystorename>.keystore -keyalg RSA -validity 11000 -keystore <keystorename>.keystore


3. Fill in the usual signing information (Name, OU, Locality, etc.)
4. Everything seems fine, here is the output:

Code:

Generating 1,024 bit RSA key pair and self-signed certificate (SHA1withRSA) with
 a validity of 11,000 days
        for: CN=<MyCN>, OU=<MyOU>, O=<MyO>, L=<MyCity>, ST=<MyState>, C=US
Enter key password for <keystorename.keystore>
        (RETURN if same as keystore password):
Storing keystorename.keystore


5. Then I'll use jarsigner to sign the APK. Output follows:

Code:

jarsigner -verbose -keystore <mykeystore>.keystore -signedjar TipCalcSigned.apk TipCalc.apk <mykeystore>.keystore
Enter Passphrase for keystore:
   adding: META-INF/MANIFEST.MF
   adding: META-INF/MASTEROF.SF
   adding: META-INF/MASTEROF.RSA
  signing: res/drawable/icon.png
  signing: res/layout/main.xml
  signing: AndroidManifest.xml
  signing: resources.arsc
  signing: classes.dex


6. Upload the signed APK to my host, and download it to my G1.
7. Click to install the APK, and the system asks if I want to replace application. I choose OK.
8. Application permissions page shows, and says: "No permissions required". I choose "Install".
9. Next screen says "Application install unsuccessful".

Can anyone see/suggest what I might be doing wrong here? I'm losing my mind Sad Thank you in advance!

-Steve
Back to top
View user's profile Send private message
scoward
Freshman
Freshman


Joined: 27 Oct 2008
Posts: 2

PostPosted: Mon Oct 27, 2008 6:14 pm    Post subject: Reply with quote

Okay, good news Smile

I figured out my problem. After a LOT of digging around on the Android Google Group, I did find that on a shared host, you must make sure you add the .apk extension to the list of known MIME types. Add in the following to your .htaccess file:

Code:
AddType application/vnd.android.package-archive apk


I hope this helps some people!

-Steve
Back to top
View user's profile Send private message
androooooid
Junior Developer
Junior Developer


Joined: 26 Sep 2008
Posts: 17

PostPosted: Tue Oct 28, 2008 7:44 pm    Post subject: Reply with quote

scoward wrote:

9. Next screen says "Application install unsuccessful".

Can anyone see/suggest what I might be doing wrong here? I'm losing my mind Sad Thank you in advance!

-Steve


I have added the MIME type and still get the same error, any other possibilities? It works through emulator and when it was unsigned...

Looks like I had the old key that the debugger had in there so the new key was not working. I went ahead and set it back to factory default Sad Any way to remove the old key without doing this?
Back to top
View user's profile Send private message
velpandian
Once Poster
Once Poster


Joined: 12 Nov 2008
Posts: 1

PostPosted: Wed Nov 12, 2008 3:32 pm    Post subject: Reply with quote

Hi
I tried the following command
> keytool -genkey -v -keystore my-release-key.keystore -alias alias -keyalg RSA -validity 11000
> jarsigner -verbose -keystore my-release-key.keystore -signedjar sandroid.apk android.apk alias

i got the verbose output as Jar signed but sandroid.apk is not getting created
I got the apk from eclipse export unsigned jar

Please help me i tried almost all alternatives
Thanks in advance
Back to top
View user's profile Send private message Send e-mail
darolla
Senior Developer
Senior Developer


Joined: 25 Sep 2008
Posts: 195
Location: Dortmund, Germany

PostPosted: Fri Dec 05, 2008 4:24 pm    Post subject: Reply with quote

hi,

well, this tutorial works fine. but only one time. after updating your source code, and updating version name and version number in manifest.mf, deploying wont work anymore on g1.

the only solution I've found is to refactor all packages so that G1 thinks its a new apk.

who helps me on this?

greetings,
marco
Back to top
View user's profile Send private message
soniya
Senior Developer
Senior Developer


Joined: 14 Jan 2008
Posts: 111
Location: india

PostPosted: Tue Dec 09, 2008 3:19 pm    Post subject: Reply with quote

i have done every thing...
but every time im facing same problem

jarsigner: unable to sign jar: java.util.zip.ZipException: invald entry compressed size (expected 703 but got 707 bytes)"


plz help me............. Crying or Very sad
Back to top
View user's profile Send private message
darolla
Senior Developer
Senior Developer


Joined: 25 Sep 2008
Posts: 195
Location: Dortmund, Germany

PostPosted: Tue Dec 09, 2008 5:12 pm    Post subject: Reply with quote

I think your problem is that u dont use the "export" function inside eclipse.

I got the same problems if I tried to use the .apk inside the bin folder Wink

greetings,
darolla
Back to top
View user's profile Send private message
sazabo
Junior Developer
Junior Developer


Joined: 19 Nov 2008
Posts: 24

PostPosted: Tue Dec 09, 2008 11:50 pm    Post subject: jar is unsigned. (signatures missing or not parsable) Reply with quote

Hello all,

I am trying to sign my apk and I am getting error I exported an unsigned apk from eclipse. keytool seem to run fine but the jarsigner is failing?? I have tried with RSA set and unset.

Any thoughts?
thanks
Jeff

C:\mykeytools>c:\"Program Files"\Java\jdk1.6.0_07\bin\jarsigner -verify -verbose
-keystore keys/csi.keystore pmPhr.apk comsikey

s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope

no manifest.
jar is unsigned. (signatures missing or not parsable)

C:\mykeytools>c:\"Program Files"\Java\jdk1.6.0_07\bin\keytool -genkey -alias com
sikey -validity 18615 -keystore keys/csi.keystore
Back to top
View user's profile Send private message
soniya
Senior Developer
Senior Developer


Joined: 14 Jan 2008
Posts: 111
Location: india

PostPosted: Wed Dec 10, 2008 7:08 am    Post subject: Reply with quote

darolla wrote:
I think your problem is that u dont use the "export" function inside eclipse.

I got the same problems if I tried to use the .apk inside the bin folder Wink

greetings,
darolla

How to use "export" function????
Back to top
View user's profile Send private message
Display posts from previous:   
       anddev.org - Android Development Community | Android Tutorials | Index -> Advanced Tutorials All times are GMT + 1 Hour
Goto page 1, 2, 3  Next
Page 1 of 3

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


© 2007, Android Development Community
All rights reserved.
Powered by phpBB.