Android sign blank package and upload audit _android

Introduction: Before the company app in Tencent Open platform claims application, involves a problem: is to the blank package signature. And then upload it up for review.

Applications that can be installed on the Android system must be signed with a certificate data that has a private key. The Android system identifies the author of the application through the certificate and establishes a trust relationship with the application. Certificates are not used to control the installation of an application. Certificate does not require authority signature: it is very perfect and standard.

Some important points about signing:

• All applications must be signed (Android has a default signature).
• Test and debug applications, the build tool signs your application with the specified debug key (created by the Android SDK Builder).
• Use the appropriate key signature application before publishing to the end user, and you cannot sign the application that will be published with the Debug key.
• You can sign your application with your own signed certificate.
The Android system will only check the validity period of the certificate when the installation is applied. If the application expires after installation, the application will run normally.
• We can use standard tools-keytool and Jarsigner-to generate key and signature applications.
• After the signature is completed, the final APK package needs to be optimized using the Zipalign tool before publishing.

The Android system cannot install and run packages that do not have the correct signature.

The official description of Tencent's open platform is as follows

How to sign:

Jarsgner-verbose-keystore[keystorepath]-singnedjar [Apkout] [APKLN] [alias]

Jarsgner command format:-verbose output details-keystore keystore location-alias demo.keystore alias Demo.keystore

-KEYALG RSA uses RSA algorithm to encrypt signature
-validity 40000 effective period 4,000 days
-keystore Demo.keystore
D:\>jarsigner-verbose-keystore Demo.keystore-signedjar demo_signed.apk demo.apk demo.keystore

/* Description:-verbose OUTPUT Signature Details * *

For example

D:\>jarsigner-verbose-keystore Demo.keystore-signedjar demo_signed.apk demo.apk demo.keystore

Android to unsigned apk signature commands.

Preparing files

1, tap_unsign.apk (unsigned apk)
2, Shanhy.keystore (Signature certificate file)

Command syntax:

Jarsigner-verbose-keystore [Keystorepath]-signedjar [apkout] [Apkin] [alias]

Example

Jarsigner-verbose-keystore G:\shanhy.keystore-signedjar G:\signed.apk G:\tap_unsign.apk shanhy

[Keystorepath] is followed by an absolute path G:\shanhy.keystore
[Apkout] The location of the APK that generated the signature
The [Apkin] parameter represents the unsigned apk downloaded in the Tencent Application Center, and the default name is tap_unsign.apk
[Alias] is an alias for G:\shanhy.keystore

Jarsigner This exe is under the C:\Program Files\java\jdk1.7.0_10\bin folder. So I'm going to use CMD to access this folder.

Then use the following command

Copy Code code as follows:

Jarsigner-verbose-keystore G:\shanhy.keystore-signedjar G:\signed.apk G:\tap_unsign.apk shanhy

I met a wonderful problem is:

The company's APK signature certificate is not a suffix name. KeyStore, only this Android_star_key signature certificate. Alias is Android_key

This problem should not be added to the suffix, as follows.

Jarsigner-verbose-keystore G:\android_star_key-signedjar G:\signed.apk G:\tap_unsign.apk Android_key