How to Sign Apps: Difference between revisions

From wizarPOS
Line 22: Line 22:
   '''java -jar SignatureTools.jar signapk [--keytype jks|pk8] [--apk <FILE>] [--out <FILE>] [--keystore <FILE.jks>] [--alias <String>] [--keyfile <FILE.pk8>] [--certs <FILE>] [--storepass <String>] [--keypass <String>]'''
   '''java -jar SignatureTools.jar signapk [--keytype jks|pk8] [--apk <FILE>] [--out <FILE>] [--keystore <FILE.jks>] [--alias <String>] [--keyfile <FILE.pk8>] [--certs <FILE>] [--storepass <String>] [--keypass <String>]'''
SignatureTools.jar is the signature tool.
SignatureTools.jar is the signature tool.
The follow table shows the parameters and their illustrations.
The following table shows the parameters and their illustrations.
{| class="wikitable"
{| class="wikitable"
|-
|-
! Parameter !!Value !! Specification
! Parameter !!Value !! Specification
|-
|-
| --keytype || jks or pk8|| the store path of the jks file or pk8 file
| --keytype || Jks or pk8|| The store path of the jks file or pk8 file
|-
|-
| --apk|| the file path of the apk before signed|| the file path of the apk before signed
| --apk|| The file path of the apk before signed|| The file path of the apk before signed
|-
|-
| --out|| the file path of the apk after signed|| the file path of the apk after signed  
| --out|| The file path of the apk after signed|| The file path of the apk after signed  
|-
|-
| --keystore|| the file path of the jks file|| when keytype is jks, this must be assigned
| --keystore|| The file path of the jks file|| When keytype is jks, this must be assigned
|-
|-
| --alias|| alias name of private key|| alias name of private key in jks file
| --alias|| Alias name of private key|| Alias name of private key in jks file
|-
|-
| --keyfile|| the file path of the pk8 file|| when keytype is pk8, this is the private key file path
| --keyfile|| The file path of the pk8 file|| When keytype is pk8, this is the private key file path
|-
|-
| --certs|| certificates file path|| when keytype is pk8, this is the certificate chain
| --certs|| Certificates file path|| When keytype is pk8, this is the certificate chain
|-
|-
| --storepass|| password of keystore file|| password of keystore file
| --storepass|| Password of keystore file|| Password of keystore file
|-
|-
| --keypass || password of private key|| password of private key in jks file or pk8 file
| --keypass || password of private key|| password of private key in jks file or pk8 file
|}
|}

Revision as of 06:21, 19 November 2018

WizarPOS sign necessity

Basicly, In Android system, all the application should be signed before installed to terminal. The key used to sign apk is the private key of a RSA key pair in a keystore. So in the keystore, there is a key pair (private key/ public key) and the public key's certificate. Please refer to Google's resource for detail. In the signed apk, the certificate relevant to the signing private key is included in the package. WizarPOS terminals are based on Android System. There are two mode of terminal:

  • Production/User mode terminal

In the production terminal, the public key of the signing private key of the apk will be checked, it should be issued by the app root public key. By default, there is default wizarpos root public key in the terminal. So you can request production public key to us for your keystore (which will be used to sign apk). The appling step is describe in the document wizarPOSDevCertificateApplyGuide_en.pdf.After get the response certificate file from us, you should import the certificate file to your keystore, then all the apk signed by this keystore can be installed to production terminal.

  • Developing/Engineer mode terminal

The developing terminal do not check public key. It's for the developer to debug their app, so it has USB connection and can use adb debug.

Please notice, because of this difference, if your developing terminal switch to production terminal, all the application you installed in terminal, which is also not signed by above keystore, will be removed automatically. Of cause, the default wizarpos root public key can be updated to terminal owner's root public key in future. So the terminal owner can control there apk certificate by themselves.

How to sign app

Sign in an application project

Please refer to Google Sign APP

Sign an apk

Wizarpos provide a signature tool, it is a tool running in PC, and help the devceloper to sign their apk. Please download the signature tool. Before running it, please make sure that you have installed the JDK enviroment in your PC.

Run signature tool

In PC, run the follow command:

 java -jar SignatureTools.jar signapk [--keytype jks|pk8] [--apk <FILE>] [--out <FILE>] [--keystore <FILE.jks>] [--alias <String>] [--keyfile <FILE.pk8>] [--certs <FILE>] [--storepass <String>] [--keypass <String>]

SignatureTools.jar is the signature tool. The following table shows the parameters and their illustrations.

Parameter Value Specification
--keytype Jks or pk8 The store path of the jks file or pk8 file
--apk The file path of the apk before signed The file path of the apk before signed
--out The file path of the apk after signed The file path of the apk after signed
--keystore The file path of the jks file When keytype is jks, this must be assigned
--alias Alias name of private key Alias name of private key in jks file
--keyfile The file path of the pk8 file When keytype is pk8, this is the private key file path
--certs Certificates file path When keytype is pk8, this is the certificate chain
--storepass Password of keystore file Password of keystore file
--keypass password of private key password of private key in jks file or pk8 file