When publishing an application or a custom rom you need to sign the .apk or .zip files with a certificate using a private key. The Android system uses the certificate to identify the author of an application and establish trust relationship between applications. The classic way of doing this was to use keytool then sign it with jarsigner. In this tutorial i’ll explain an alternative method which is relatively easy to use for most people using a tool called SignApk.jar.
SignApk.jar is a tool included with the Android platform source bundle, you can download it from here. To use SignApk.jar you have to create a private key with it’s corresponding certificate/public key. To create private/public key pair, you can use Openssl. Openssl is relatively easy to use under unix/linux system. For Windows user, you can download Windows version of Openssl here.
How to create private/public key pair using openssl (windows version)
- Download openssl package from link given above
- Extract it anywhere on your drive (eg. C:\openssl)
- Within openssl directory type (use cmd tool):
– openssl genrsa -out key.pem 1024
– openssl req -new -key key.pem -out request.pem
– openssl x509 -req -days 9999 -in request.pem -signkey key.pem -out certificate.pem
– openssl pkcs8 -topk8 -outform DER -in key.pem -inform PEM -out key.pk8 -nocrypt
How to sign apk or zip files using SignApk.jar:
- Download SignApk.rar from link given above
- Extract it anywhere on your drive (eg. c:\SignApk)
- If you don’t have java installed, download and install it.
- Copy certificate.pem and key.pk8 into your extracted SignApk directory
- Within SignApk directory type:
java -jar signapk.jar certificate.pem key.pk8 your-app.apk your-signed-app.apk
java -jar signapk.jar certificate.pem key.pk8 your-update.zip your-signed-update.zip
If you don’t want to create your own public/private key pair, you can use test key included in SignApk.rar.