Sign and align commands for apk files

  android

Order

For android applications, a formal signature is required when releasing the release version, and the jarsigner command is required at this time.

step

  • sign
    Signing is to add a signature to apk according to the keystore. it should be noted that the debug version of apk will automatically add a signature.

  • align
    Align is to optimize apk package once.

jarsigner

Check if jar package has been signed

jarsigner -verify demo-unsigned.apk

If there is no signature, output

没有清单。
jar 未签名。(缺少签名或无法解析签名)

If there is a signature, output

jar 已验证。

警告:
此 jar 包含证书链未验证的条目。
此 jar 包含的签名没有时间戳。如果没有时间戳, 则在签名者证书的到期日期 (2020-01-13) 或以后的任何撤销日期之后, 用户可能无法验证此 jar。

有关详细信息, 请使用 -verbose 和 -certs 选项重新运行。

Sign

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 \ 
-keystore /Users/mars/demok.keystore -storepass keystorepwd \
demo-unsigned.apk demok \ 
&& jarsigner -verify -verbose -certs demo-unsigned.apk 

Where demok is the alias of keystore

align

zipalign -v 4 demo-unsigned.apk demo-signed.apk

The combined order is

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 \ 
-keystore /Users/mars/demok.keystore -storepass keystorepwd \
demo-unsigned.apk demok \ 
&& jarsigner -verify -verbose -certs demo-unsigned.apk \
&& zipalign -v 4 demo-unsigned.apk demo-signed.apk

doc