How to Sign Apps

APK Signature And Verification

In standard Android system, all the applications should be signed before installed to system. Please refer to Google's resource for detail.

In wizarPOS terminal, the system will also verify the certificate chain of the APK signatures by the application root certificate, except the normal Android signature checking. So the terminal only allow the APK signed by the application root certificate or its sub certificate.

The developer should apply the development certificate from wizarPOS. Please refer to this document wizarPOSDevCertificateApplyGuide_en.pdf. After you get the CSR reply from wizarPOS, please import the certificate chain file to your key store. Then the APK signed by this key store can be installed to wizarPOS production terminal.

By default, the additional signature verification is not required in developing mode terminal. So you can use ADB to install and debug the normal Android APK in developing mode terminal.

The wizarPOS application root certificate can also be update to acquire's own application root certificate to let acquirer (terminal owner) control the terminal application totally.

How to sign app

Sign by IDE

Please refer to Google Sign APP

• Click Build>Generate Signed Bundle/APK
• Select APK

• Choose keystore and input the info in the follow picture, click Next, then finish.

Sign by Command Line Tool

wizarPOS provides a java signature tool to help developer sign the APK. You can use it in command line. Please download the signature tool. Please make sure that you have already installed the JRE 1.6 or above in your PC.

Run signature tool

In PC, run the follow command:

 java -jar SignatureTools.jar sign [--keytype jks|pk8] [--apk <FILE>] [--out <FILE>] [--keystore <FILE.jks>] [--alias <String>] [--keyfile <FILE.pk8>] [--certs <FILE>] [--storepass <String>] [--keypass <String>]

SignatureTools.jar is the signature tool. The parameter definitions: