Android Application Signature

Android Application Signature
Sign Android applications

The Android app uses its package name as a unique identifier. If two apps with the same package name are installed on the same mobile phone, the apps installed later will overwrite those installed earlier. To avoid this situation, Android requires that you sign the application published as a product.

The signature mainly has the following two functions:

1. determine the identity of the publisher. Because application developers can replace installed programs with the same package name, using signatures can avoid this situation, that is to say, you should not replace your released program by publishing a program with the same package name.

2. Ensure application integrity. The signature processes each file in the application package to ensure that the file in the package is not replaced.

From the above introduction, it is not difficult to see that the Android app signature function is similar to the real-life signature. When a developer signs an Android Application, the developer tells the outside world that the application was developed by "I, "I" will be responsible for the application-because there is a signature (the signature has a key), others cannot impersonate "I"; at the same time, "I" cannot impersonate others.

 

Note: In the application development and debugging phase, the Eclipse ADT plug-in or Ant tool automatically generates a debugging certificate to sign the Android Application. Therefore, the deployment and debugging process has not been signed. It should be noted that to officially release an Android Application, you must use a suitable digital certificate to sign the application. You cannot use the debugging certificate generated by the ADT plug-in or Ant tool to publish it.

Sign Android apps in Eclipse

During the development process, we usually directly sign the Android Application in Eclipse. The steps for signing the Android Application in Eclipse are as follows:

1. Right-click the Android project and choose "AndroidTools"> "ExportSignedApplicationPackage..." from the drop-down menu. The operations are as follows:

A prompt box is displayed as follows:

Select the project to be exported. Because the project to be exported is right-clicked, It is the project to be exported by default, so no operation is required for this step, click "Next>" to display the following information:

2. Select "Createnewkeystore" and enter the path and password of the digital certificate according to the format. The operation is shown as follows:

3. After filling in the preceding format, click "Next>". The following prompt box appears in Eclipse:

Enter the details of the digital certificate as shown in.

4. Click "Next>" after entering the information, as shown below:

This window is used to specify the storage path of the signed APK installation package.

5. Click "Finish" to complete the signature. Eclipse generates a signed APK installation package in the specified path.

A new digital certificate is created in the preceding steps. Once the digital certificate is created, you can use the digital certificate to sign the certificate directly. Use an existing digital certificate for signature. follow these steps:

1. Right-click the project to be signed. The default project does not need to be modified. Click Next until the following occurs:

Click "Browse..." and select the generated digital signature. The operation is shown as follows:

Enter the password of the digital signature.

2. After Entering the above content, click "Next>" and the following will be displayed:

Select the key of the alias "keyzz" created when the digital signature is created (I created this alias and you can select it based on the alias you created, enter the password specified when the key is created.

3. After completing the preceding operations, click "Next>", as shown below:

 

Select the storage path of the signed APK package. The English "Destinationfilealreadyexists" prompted by the yellow exclamation mark above indicates that the target file already exists. You can directly overwrite the previous file. If you do not want to overwrite it, click "Browse... to select a new storage path.

4. Click "Finish" to generate the signed APK package.

Use commands to sign Android apps

If you do not want to sign an Android application using the method provided by Eclipse, or in some cases, you need to sign an "unsigned" APK package, you can use the "command" to manually sign the Android app.

To sign an Android app, follow these steps:

1. Create a keystore. The keytool.exe tool is included in the binsubdirectory of JDK installation directory to generate a digital certificate. Click Start> Run and Enter cmd ", on the command line interface that appears, use the cd command to switch to the jdk directory you have installed (if you have already added it to the environment variable, you do not need to switch to the jdk directory ), my name is "C: \ ProgramFiles \ Java \ jdk1.6.0 _ 22 \ bin". In the command line window, enter the following command:

Keytool-genkeypair-aliaszzfeng.keystore-keyalgRSA-validity1000-keystorezzfeng.keystore

The options in the preceding command are described as follows:

-Genkeypair: Specifies the digital certificate generation.

-Alias: Specifies the alias for generating the digital certificate.

-Keyalg: Specifies the algorithm used to generate the digital certificate. Use the RSA algorithm.

-Validity: Specifies the validity period of the generated digital certificate (in days ).

-Keystore: Specifies the storage path of the generated digital certificate.

Enter the preceding command and press the Enter key. Next, you are asked to enter the password, author, company, and other details of the digital certificate keystore in interactive mode, as shown in:

Note: The purpose of this step is to generate a digital certificate belonging to your company. You only need to perform this step once. Once a digital certificate is created successfully, it can be used repeatedly as long as it is within the validity period of the certificate.

2. Generate the unsigned APK installation package. In Eclipse, right-click the Android project and choose "AndroidTools"> "ExportUnsignedApplicationPackage" from the drop-down menu... ", Eclipse will pop up a dialog box for saving files. After selecting the location and file name of the stored files, click" save "(some versions are" Finish ") button to generate an unsigned APK installation package. The operation is shown as follows:

 

 

 

3. Use the "jarsigner" command to sign the unsigned APK installation package. You can use the “jarsigner.exe tool to sign the directory. In the command line window, enter the following command:

 

Jarsigner-verbose-keystorezzfeng.keystore-signedjarBleDevManager-signed.apkBleDevManager.apkzzfeng.keystore

 

The options in the preceding command are described as follows:

-Verbose: Specifies to generate detailed output.

-Keystore: Specifies the storage path of the digital certificate (the name of the digital certificate directly used by the preceding command is because the digital certificate is in the current directory. If it is in another directory, add the corresponding path before the digital certificate name ).

-Signedjar: the three parameters of this option are the signed APK package, unsigned APK package, and digital certificate alias.

 

Note that in the preceding command, the path and file name must correspond to your own, because the path and file name you set may be different from mine. You can modify it based on your own settings.

Enter the preceding command and press the Enter key. Then, the user is asked to enter the password of the digital certificate keystore in interactive mode. The operation is shown as follows:

 

Signature completed.

4.use unzip zipalign.exe to optimize the APK installation package. Unzip zipalign.exe is an archive sorting tool that comes with Android. It can be used to optimize the APK installation package, so as to improve the interaction efficiency between Android applications and the system and improve the running speed of applications. This tool exists in SDKtools, my path is "E: \ adt-bundle-windows-x86-20130917 \ sdk \ build-tools \ 19.1.0", if not found, you can search under the sdk directory. If the existing path is not set to the environment variable, we can use the cd command in the command line to switch to the above path, copy the signed APK installation package to this path, and enter the following command in the command line window:

Zipalign-f-v4BleDevManager-signed.apkBleDevManager-signed-zip.apk

The options in the preceding command are described as follows:

-F: Specifies to forcibly overwrite existing files.

-V: Specify to generate detailed output.

4: specify the number of bytes of the archive, which is usually 4, that is, 32-bit.

Bledevmanager-signed.apkand bledevmanager-signed-zip.apk specify the original APK and the generated APK respectively.

 

Run the script to generate a bledevmanager-signed-zip.apk file in the current directory. This is the APK installation package that has been signed and optimized. The installation package can be released. The operation is shown as follows: