14 DAY TRIAL // Before publishing their apps on Android Market, developers sign the .apk files with a personal private key also called a certificate. The Android platform identifies the author of the application through this certificate.
In the past, the only way to sign an .apk file was to use a keytool and then sign it with jarsigner, but recently an alternative solution has been developed and it is compatible with almost any operating system.
The easier method requires only one tool to sign .apk files, called SignApk.jar and included with the Android platform source bundle.
The application comes with several default keys, which should not be used for personal use. I strongly advised users to generate their own keys.
To use SignApk.jar you'll have to create a private key with its own corresponding certificate using OpenSSL.
After you download OpenSSL make sure to remember where you extract it (preferably C:\openssl). Within the openssl directory type the following line using the command prompt tool:
- openssl genrsa -out key.pem 1024 - openssl req -new -key key.pem -out request.pem - openssl x509 -req -days 9999 -in request.pem -signkey key.pem -out certificate.pem - openssl pkcs8 -topk8 -outform DER -in key.pem -inform PEM -out key.pk8 -nocrypt Then, you will be able to sign an .apk file using the SignApk.jar tool and the key.pk8 and certificate.pem files that you just created using the commands described above.
Before using SignApk to sing the .apk file, make sure you have Java installed and copy certificate.pem and key.pk8 into your extracted SignApk directory.
Using command prompt, within SignApk directory type the following command to have your application signed:
- java -jar signapk.jar certificate.pem key.pk8 your-update.zip your-signed-update.zip
To verify that the package has been signed simply type: jarsigner -verify -verbose -certs apkfilename.