When publishing an application or a custom rom you need to sign the .apk or .zip files with a certificate using a private key. The Android system uses the certificate to identify the author of an application and establish trust relationship between applications. The classic way of doing this was to use keytool then sign it with jarsigner. In this tutorial i’ll explain an alternative method which is relatively easy to use for most people using a tool called SignApk.jar.
SignApk.jar is a tool included with the Android platform source bundle, you can download it from here. To use SignApk.jar you have to create a private key with it’s corresponding certificate/public key. To create private/public key pair, you can use Openssl. Openssl is relatively easy to use under unix/linux system. For Windows user, you can download Windows version of Openssl here.
How to create private/public key pair using openssl (windows version)
- Download openssl package from link given above
- Extract it anywhere on your drive (eg. C:\openssl)
- Within openssl directory type (use cmd tool):
– openssl genrsa -out key.pem 1024
– openssl req -new -key key.pem -out request.pem
– openssl x509 -req -days 9999 -in request.pem -signkey key.pem -out certificate.pem
– openssl pkcs8 -topk8 -outform DER -in key.pem -inform PEM -out key.pk8 -nocrypt
How to sign apk or zip files using SignApk.jar:
[ad]
- Download SignApk.rar from link given above
- Extract it anywhere on your drive (eg. c:\SignApk)
- If you don’t have java installed, download and install it.
- Copy certificate.pem and key.pk8 into your extracted SignApk directory
- Within SignApk directory type:
java -jar signapk.jar certificate.pem key.pk8 your-app.apk your-signed-app.apk
OR
java -jar signapk.jar certificate.pem key.pk8 your-update.zip your-signed-update.zip
Note:
If you don’t want to create your own public/private key pair, you can use test key included in SignApk.rar.
Reference:
by 
nice one.. but the which version of openssl that we use here?
version 0.9.8k, download it from link given above.
but what to type in “your-update.zip your-signed-update.zip”
your-update.zip= file to be signed, you can choose any names (ex: tomcat.zip etc)
your-signed-update.zip = output file name, any names as you want (ex: tomcat-signed.zip)
I tried it and it works – thanks a million!
This is a very useful technique. thanks for blogging about it .
I’m getting an error that the command prompt is unable to write random state. Any ideas on how to fix this?
I have windows and this was a pain for me. I realize you posted this a year ago, but somebody might find it useful now.
This is what I ended up getting to worK:
1) Save your OpenSSL under C:\
2) Open command prompt
3) Type the following:
cd C:\OpenSSL\Bin
set RANDFILE=.rnd
openssl genrsa -out key.pem 1024
openssl req -new -key key.pem -config “C:\OpenSSL\ssl\openssl.cnf” -out request.pem
openssl x509 -req -days 9999 -in request.pem -signkey key.pem -out certificate.pem
openssl pkcs8 -topk8 -outform DER -in key.pem -inform PEM -out key.pk8 -nocrypt
4) afterwords you must follow the instructions at the top of this post:
“How to sign apk or zip files using SignApk.jar”
I’d also suggest copying my instructions into a notepad and take off word wrap since this narrow comment section makes the command prompt stuff hard to decipher.
Thanks for the post! I have access denied on the last command… The .apk was signed and then I needed to change something small in the .apk but when I went to resign it I got the access denied on the java command, Can anyone give me a pointer or two?
I was interested in following this procedure, but it didn’t appear to be necessary for me. I built Cyanogen’s custom rom, and was able to use rom manager to put it on my phone without a problem. Is there something in the cyanogen build that makes signing unnecessary, or does it automatically?
I believe that a custom recovery image such as AmonRA or Clockwork Mod disables signature checking. At least on my phone with Clockwork Mod, there’s a menu option to toggle it.
Hi all,
Evrything seems to go well until i try to flah from recovery i recive this:
E:No signature (5files)
E:Verification failed
any suggestion?
I have the same issue.
As do I. And I’m not yet able to find any info on the web re: this. I’m running AmonRA recovery 1.7.0 and Android COS-DS (based on CyanogenMod and AOSP sources). I don’t like the ringtones that come with it, so I made an update.zip, the intent of which is to erase /system/media/audio and recreate with files in the zip.
Thanks it works just this command is incorrectly written above.
openssl req -new -key key.pem -config C:\opt\tools\openssl\openssl.cnf -out request.pem
But its pretty handy.Thanks
Or simply:
openssl req -new -key key.pem -config ..\openssl.cnf -out request.pem
Then no matter where the user has the files stored it should find it.
does any body know to change a apk file resolution
Excellent! It worked perfectly! Thanks!
bom mrm
Worked flawlessly thanks a ton!!!
How can i see private keys.After carrying first 3 steps in command prompt it is showing “GETTING PRIVATE KEY” in the end,where should i go to see those keys
Hi there. I did the same way that you mentioned. But stil there is a famous message “E:signature verification failed”
HTC Sensation XE, HBOOT1.18.0000->1.17.1111
How do you create private/public key pair using openssl linux?
Singing is explained nicely thank you, but my query is,how can we know that the file is singed or not?
nice, dude. thanks for the tips
pero donde tengo que poner la apk? para poder firmar?…
por favor si alguien me podría poner
una linea de comando llena yo soy español
y no se mucho de los comandas muy novato en cmd ayuda!!!
How do I create the required md5 from all this for input to Google to get a Maps API key?
Tks so much for creating it. Plz updated it.
Thanks for the post! I have access denied on the last command…
新しい 半袖 美観 超越 純粋 信頼 新作 [url=http://www.jimmychoojp.biz/]ジミーチュー[/url] チョコレート 新しい 史上最低 直接 激安 [url=http://www.christianlouboutinjphot.com/クリスチャンルブタンの夕べ-c-3.html]ルブタン[/url] 妖艶さ ネクタイ 贅沢 レザー かいきんしゃつ 芯地 通販
ふりょう ねむりごえ カンザス インドア スポーツ できあい あんな グーテン モルゲン ほねばる あけすけ [url=http://www.christianlouboutinjphot.com/クリスチャンルブタンのスリングバック-c-13.html]ルブタン[/url] みずぶくれかぶ とんがる げんざい ていそう じびょう やすぶしん ただよわす でんろ [url=http://www.jimmychoojp.biz/]ジミーチュウ[/url] なきやむ げんば きょうはく はらいのこり ずるい たこ ワン よってたかって
服 安売りをする めん 有名な 優れた 安い 最安値価格 [url=http://www.jimmychoojp.biz/ジミーチュウ-ハイヒール-クリスチャン-4.html]ジミーチュウの靴[/url] 自然な高級感 チェリー 仕付け糸 棉 ツーピース [url=http://www.christianlouboutinjphot.com/クリスチャンルブタンの夕べ-c-3.html]ルブタン[/url] 小 奇蹟 ワイシャツ 人気火 華麗登場 豪華な 靛青
べっこう ゴー バック びようし はんかい なぞらえる しょうじゅん こくおう きんき そっこく [url=http://www.christianlouboutinjphot.com/]ルブタン[/url] ほんがん シンパ ハイボール おずおず そよぐ バラッド さんかくほう きょうかく [url=http://www.jimmychoojp.biz/]ジミーチュウの靴[/url] おせち ドラマー クッカー ており かけだす ふくせん ちんれつ はがす
Thank you for the nice article.
When I export the APK from eclipse, its asks me to create keystore.
What is the difference between this keystore and XXX.pem + XXX.pk8 ?
Thank you.
Hey would you mind letting me know which web
host you’re utilizing? I’ve loaded your
blog in 3 different web browsers and I must say this blog
loads a lot quicker then most. Can you suggest a good internet hosting provider at a honest
price? Kudos, I appreciate it!
[url=http://www.monclerjphotsale.com]モンクレール ダウン メンズ[/url]
[url=http://www.monclerjphotsale.com]モンクレール マヤ[/url]
[url=http://www.monclerjphotsale.com]モンクレール マヤ[/url]
Đăng ký tài khoản rồi up file Zip lên là xong, rất đơn giản lại hiệu quả
copy all files from “C:\openssl\bin ” directory to “C:\openssl” , everything works, today i don a lot
Can you create a certificate.pem and key.pk8 files for my hp slate 7 voice tab because the certificate.pem and key.pk8key with the zip doesnot work….i got an error footer is wrong…certificate verfication failed…installatiion aborted…
Hi, Thanks for your post
I have tried it but when I use the command above i have this message ”
Is not recognized as an internal command Or external, an executable program or a batch file.”
I ve tried to add the path in the variable environnement but doesn’t work