How to sign an APK file

1. The meaning of the signature
In order to guarantee the legal ID of each application developer, to prevent some of the open vendors from possibly confusing the installed program by using the same package name, we need to uniquely sign our released APK file to ensure consistency for each release we publish ( such as Automatic Updates will not be installed because of inconsistent versions).

2. Procedure for signing
A. Creating a key
B. Sign the APK using the key generated in step a

3. Specific operation

Method One: Sign the APK at the command line (principle)

　　1) Create key, need to use Keytool.exe (located in the Jdk1.6.0_24\jre\bin directory), using the generated key to the APK signature is Jarsigner.exe (located in the jdk1.6.0_24\ Bin directory), after adding the directory where the two software is located to the environment variable path, open the cmd input

> Keytool-genkey-v-alias CERT -keyalg rsa-keysize 2048-validity 10000-keystore cert.keystore< /c11> The creation process needs to enter some identification information and password, some important parameter values are described as follows (according to their own needs to make corresponding changes): Cert.keystore----Certificate saved file name CERT----Certificate alias 10000----10,000 Days The validity period of 2048----default to bits,android recommended to use 2048 bits or higher for additional details you can use Keytool-help to view Help certificate generation after you use the following command to view the certificate information:

> Keytool-list-alias CERT -keystore cert.keystore

2) Use JDK's Jarsigner tool to sign APK file

> Jarsigner-verbose-keystore cert.keystore to_sign.apk CERT (Jarsigner-verbose-keystore D:\project\360Wallpaper.keystore-signedjar d:\qihusign.apk d:\Qihuunsign.apk CRET)The signing process needs to enter the password of the certificate, some important parameter values are described as follows (according to their own needs to make corresponding changes): Cert.keystore----Certificate saved file name CERT----Certificate alias to sign the apk file root directory If there is a folder "META -info ", please remove (re-sign the need to do so). If you do not want to create too much information about the process output, you can delete "-verbose". The above signature will directly overwrite the original file, if you do not want to be overwritten and signed to another new file Signed.akp, just change to_sign.apk to -signedjar to_sign.apk SIGNED.AKPCan. After signing, you can use the following command to verify that the signature is successful:> Jarsigner-verify to_sign.apkIf you need to see more detailed verification information, you can modify it to:> Jarsigner-certs-verbose-verify to_sign.apkNote: The demo.apk in the bin directory of the Android project is signed by default with the debug user, so you cannot use the above procedure to sign the file again. The correct step should be: In the project right click->anroid tools-export Unsigned Application package exported APK takes the above steps to sign. 3) Use the Zipalign tool of the Android SDK to optimize the signed apk file> Zipalign-v 4 unaligned.apk aligned.apk Be careful to zipalign after signing. This tool is not the JDK itself, but the%android_home%\tools\zipalign.exe.

Example:

regenerate the signature for the APK

1), copy the certificate to the same directory as the apk file that needs to be re-signed
2), enter this directory to execute the following statement

Command explanation:
Jarsigner is the signature tool for Java, and the JDK comes with
-verbose parameter indication: Show signature details
-keystore represents the use of the Android.keystore signing certificate file in the current directory.
--signedjar weibo_signed.apk netease_microblog_android_unsigned.apk indicates that the generated APK name after the signature is called weibo_signed.apk, the unsigned apk Android software name is netease_microblog_android_unsigned.apk
CERT: Represents the alias of the signature file, which is written when the certificate is generated

After performing the above operation, the weibo_signed.apk is generated in the directory, and the APK file is signed by itself.

Method Two: Use Eclipse to export the signed APK
Eclipse can directly export a signed final apk, which is very convenient and recommended, with the following steps:
First step: Export.

The second step: Create the KeyStore keystore, enter the KeyStore export location and password, remember the password, the next use existing KeyStore will be used.

Step three: Fill in the KeyStore information, fill in some apk file password, use the term and organizational unit information.

Fourth step: Generate a signed apk file, and this is the end.

Fifth step: If the next release, use the previously generated keystore to sign again.

Sixth step: Next,next, End!

This article references: http://www.cnblogs.com/qianxudetianxia/archive/2011/04/09/2010468.html

http://blog.csdn.net/shandong_chu/article/details/7672474

How to sign an APK file