How to Sign Apps
APK signature and verification
In a standard Android system, all applications should be signed before they are installed on the system. Please refer to Google's resource for details.
In the wizarpos terminal, in addition to the normal Android signature check, the system will also verify the APK signature through the root certificate chain. Terminal only allows APK signed by root certificate or its child certificate to be installed successfully. So developers should apply for the signing certificate issued by wizarPOS. Please refer to this document wizarPOSDevCertificateApplyGuide_en.pdf to apply for signing certificate.
After receiving the CSR reply from wizarPOS, please import the certificate chain file into the key store. Then the APK signed by the keystore can be installed to the wizarPOS terminal.
By default, development mode terminals do not require additional signature verification. So you can use ADB to install and debug Android programs in development mode.
The certificate chain issued by wizarpos can also be updated to the customer's own certificate chain, so that the terminal owner can fully control the terminal application.
How to sign APK
Use IDE to sign APK
Please refer to Google Sign APP
- Click Build>Generate Signed Bundle/APK
- Select APK
- Choose keystore and input the info in the follow picture, click Next.
- Keep Default settings, set stored path of the signed APK, then click Finish.
Use command line tool to sign APK
WizarPOS provides a Java signature tool to help developers sign APK. You can use it on the command line. Please download the signature tool v2.5-4. Make sure you have JRE 1.6 or later installed on your PC.
Run signature tool
In PC, run the follow command:
- Use jks:java -jar <File Path>/SignatureTools.jar sign --keytype jks --apk <File Path>/<in name>.apk --out <File Path>/<out name>.apk --keystore <File Path>/<name>.jks --alias androiddebugkey --storepass wizarpos(Optional) --sigAlg SHA1withRSA(SHA1withRSA/MD5withRSA/SHA256withRSA, Optional) --signatureScheme v2(v1/v2)
Replace the real parameter value, and change the key password and store password to your real password.
- Use pk8:java -jar <File Path>/SignatureTools.jar sign --keytype pk8 --apk <File Path>/<in name>.apk --out <File Path>/<out name>.apk --keyfile <File Path>/private_pwd.pk8(With or Without password) --certs <File Path>/cert.x509_pwd.pem --keypass android(Optional) --storepass android(Optional) --sigAlg SHA1withRSA(SHA1withRSA/MD5withRSA/SHA256withRSA, Optional) --signatureScheme v2(v1/v2)
Replace the real parameter value, and change the key password and store password to your real password.
| Parameter | Value | Specification |
|---|---|---|
| --keytype | jks or pk8 | The type of the keystore which used to sign the APK. |
| --keystore | The path of the jks key store file | It must be defined when using jks keystore |
| --keyfile | The path of the pk8 file | It must be defined when using pk8 file as keystore. |
| --apk | The file path of the apk before signed | The file path of the apk before signed |
| --out | The file path of the apk after signed | The file path of the apk after signed |
| --alias | Alias name of private key | Alias name of private key in jks file |
| --certs | Certificates file path | When keytype is pk8, this is the certificate chain |
| --storepass | Password of keystore file | Password of keystore file |
| --keypass | password of private key | password of private key in jks file or pk8 file |
| --sigAlg | signature algorithm | SHA1withRSA/MD5withRSA/SHA256withRSA |
| --signatureScheme | signature scheme | v1/v2 |