Android application signature steps and related knowledge _android

This article focuses on the theoretical knowledge of the Android application signature, including: What is a signature, why the application is signed, how to sign the application, and so on .

1, what is the signature?
If the problem is not in Android development, if it's in an ordinary forum, I think we all know what the signature means. It is often the use of some of the terminology of life in the field of computer science, and everyone began to confuse. What does the computer do, or what the programming language does, not just simulate reality as much as possible? So, the signature in the computer and the signature in life is the same in nature, and it has the same function.
Let's take a look at the signature in real life. For example, the following picture:

This is the signature of actress Sun Li. Signing means writing your name on paper or somewhere else, or marking it somewhere as a unique sign of your own, and when someone sees it, he knows it's about you, not the other person.

2. Why do you want to sign the Android app?
If I could only answer this question with a simple word, I would say: "This is what the Android system requires."
The Android system requires every Android application to be digitally signed to be installed in the system, which means that if an Android application is not digitally signed, there is no way to install it! Android uses digital signatures to identify the author of an application and to establish trust between applications, not to determine which applications the end user can install. This digital signature is done by the application's author and does not require authoritative digital certificate signing Authority authentication, it is only used to let the application package self authentication.

3. Why did the Android app I developed do not have signatures to run on simulators and mobile phones?
Your failure to sign the Android application does not mean that the Android application is not signed. To facilitate our development of the debugger, ADT automatically uses the debug key to sign the application. Debug key? Where is it? The Debug key is a file named Debug.keystore, and its location:
system drive letter:/documents and Settings/liufeng/.android/debug.keystore
"Liufeng" corresponds to your own Windows operating system user name, how, has not already found it. This means that if we want to have our own signature, rather than having ADT sign it for us, we also have a key file (*.keystore) of our own.

4. Android Application Signature Steps
1) Preparation work
APK's signature work can be done in two ways:
1) The APK signature is completed by the graphical interface provided by ADT;
2 Complete APK signature through DOS command
I prefer the 2nd way, so here's how to complete the APK signature by command.
A total of 3 tools, or 3 commands, for apk signatures are: Keytool, Jarsigner, and Zipalign, and here's a brief introduction to the 3 tools:
1 Keytool: Generate a digital certificate, that is, the key, that is, the name of the file extension. KeyStore mentioned above;
2) Jarsigner: Use digital certificate to sign APK file;
3) Zipalign: Optimize the signed apk to improve the efficiency of interacting with the Android system (Android SDK1.6 version begins to contain this tool)
The role of these 3 tools can also be seen in the order in which these 3 tools are used. Usually all of the applications we develop ourselves, use the same signature, that is, using the same digital certificate, which means: If you are the first to do the Android application signature, the above 3 tools will be used; but if you already have a digital certificate and then sign the other apk, It only needs to be done with Jarsigner and zipalign.
To facilitate the use of the above 3 commands, you first need to add the path of the above 3 tools to the environment variable path (I'm talking about making it easy to use, not saying it has to be done). How to configure an environment variable not to explain here, here is the default path for these 3 tools:
1) Keytool: The tool is located in the bin directory of the JDK installation path;
2) Jarsigner: The tool is located in the bin directory of the JDK installation path;
3) Zipalign: The tool is located in the android-sdk-windows/tools/directory
I don't know if you noticed that the Keytool and Jarsigner two tools are JDK, which means that digital certificates and file signatures are not patents on Android, and that Jarsigner can also be guessed literally to be used to sign jar files.
2 to generate unsigned apk files
Now that we have to sign the apk ourselves, we no longer need ADT to sign us by default.How do I get an unsigned apk file? Open Eclipse, right-click on the Android project name, select "Android Tools"-"Export Unsigned application Package ...", and then select a storage location to save. This will get an unsigned apk file.
3 using the Keytool tool to generate digital certificates
Keytool-genkey-v-keystore liufeng.keystore-alias liufeng.keystore-keyalg rsa-validity 20000
Description
1) Keytool is the tool name,-genkey means to perform a digital certificate operation,-V indicates that the details of the certificate will be printed out and displayed in a DOS window;
2)-keystore Liufeng.keystore indicates that the generated digital certificate file name is "Liufeng.keystore";
3)-alias Liufeng.keystore indicates that the alias of the certificate is "Liufeng.keystore", of course it can not be the same as the file name above;
4)-keyalg RSA indicates that the algorithm used to generate the key file is RSA;
5)-validity 20000 indicates that the digital certificate is valid for 20,000 days, meaning that the certificate will expire after 20,000 days
When you execute the above command to generate a digital certificate file, you are prompted to enter some information, including the certificate's password, as follows:

4 Use the Jarsigner tool to sign the Android application
Jarsigner-verbose-keystore Liufeng.keystore-signedjar notepad_signed.apk notepad.apk liufeng.keystore
Description
1 Jarsigner is the tool name,-verbose indicates that the details of the signature process are printed out and displayed in the DOS window;
2)-keystore Liufeng.keystore indicates the location of the digital certificate used by the signature, there is no write path here, indicated in the current directory;
3)-signedjar notepad_signed.apk notepad.apk to notepad.apk file signed, signed file name for notepad_signed.apk;
4 The last Liufeng.keystore represents the alias of the certificate, corresponding to the name after the-alias parameter when the digital certificate is generated
5 using the Zipalign tool to optimize signed apk(not necessarily but recommended)
Zipalign-v 4 notepad_signed.apk notepad_signed_aligned.apk
Description
1 Zipalign is the tool name,-V means to print out the detailed optimization information in the DOS window;
2) notepad_signed.apk notepad_signed_aligned.apk indicates that the signed file notepad_signed.apk is optimized, and the optimized file name is Notepad_signed_ aligned.apk

Description: If your previous program is using the default signature method (that is, debug signature), once the new signature application will not be able to cover the installation, you must uninstall the original program to install. Because the program covers the installation mainly check two points:
1 The entry activity of two programs is the same. Two programs, if the package name is not the same, even if all other code is identical, will not be treated as a different version of the same program;
2 The signatures used in the two programs are the same. If two programs use different signatures, they will not be treated as different versions of the same program, even if the package name is the same, and cannot overwrite the installation.
In addition, one might think that a debug-signed application could be installed anyway, and there's no need to sign it yourself. Do not think that the debug signed application has such two limitations, or risks:
1 Debug signed application cannot be sold on Android Market, it will force you to use your own signature;
2 Debug.keystore can be generated on different machines may not be the same, which means that if you change the machine for the APK version upgrade, then there will be the above program can not cover the problem of installation. Do not belittle this problem, if you develop the program only you use, of course, it does not matter, uninstall and then install it. But if you have a lot of software to use customers, this is a big problem, the equivalent of software does not have the upgrade function!