How to Sign Apps: Difference between revisions
No edit summary |
No edit summary |
||
Line 94: | Line 94: | ||
=== Use Android apksigner to sign APK === | === Use Android apksigner to sign APK === | ||
[https://developer.android.com/tools/apksigner apksigner tool]. | Please read this [https://developer.android.com/tools/apksigner apksigner tool]. | ||
For Example: | |||
Sign an APK using release.jks, which is the only key in the KeyStore: | |||
$ apksigner sign --ks release.jks app.apk | |||
=== Use command line tool to sign APK(Deprecated) === | === Use command line tool to sign APK(Deprecated) === | ||
WizarPOS provides a Java signature tool to help developers sign APK. You can use it on the command line. Please download the [http://ftp.wizarpos.com/advanceSDK/SignatureTools_v2.5-81-g1e5b0ac.zip signature tool v2.5-81]. Make sure you have JRE 1.6 or later installed on your PC. | WizarPOS provides a Java signature tool to help developers sign APK. You can use it on the command line. Please download the [http://ftp.wizarpos.com/advanceSDK/SignatureTools_v2.5-81-g1e5b0ac.zip signature tool v2.5-81]. Make sure you have JRE 1.6 or later installed on your PC. |
Revision as of 09:14, 28 February 2024
APK Signature and Verification Process
Standard Android System Requirements
- Application Signing:
- All applications must be signed before installation on a standard Android system.
- For detailed instructions, refer to Google's official resources on application signing.
wizarPOS Terminal Specifics
- Enhanced Signature Checks:
- In addition to standard Android signature verification, wizarPOS terminals conduct additional checks using the root certificate chain.
- Only APKs signed with the root certificate or a child certificate are permitted for installation.
- Obtaining a Signing Certificate:
- Developers must acquire a signing certificate issued by wizarPOS.
- Refer to wizarPOSDevCertificateApplyGuide_en.pdf for instructions on applying for this certificate.
- Importing the Certificate Chain:
- After receiving the CSR reply from wizarPOS, import the certificate chain file into your keystore.
- APKs signed with this keystore will be installable on wizarPOS terminals.
Development Mode Terminals
- Relaxed Signature Requirements:
- Terminals in development mode do not require the additional signature verification.
- This allows for the use of ADB to install and debug Android applications in development mode.
Custom Certificate Chains
- Terminal Control:
- The certificate chain issued by wizarpos can be replaced with the terminal owner's own certificate chain.
- This enables terminal owners to have full control over the applications installed on their terminals.
How to sign APK
Use IDE to sign APK
Please refer to Google Sign APP
- Click Build>Generate Signed Bundle/APK
- Select APK
- Choose keystore and input the info in the follow picture, click Next.
- Keep Default settings, set stored path of the signed APK, then click Finish.
Use Android apksigner to sign APK
Please read this apksigner tool.
For Example: Sign an APK using release.jks, which is the only key in the KeyStore:
$ apksigner sign --ks release.jks app.apk
Use command line tool to sign APK(Deprecated)
WizarPOS provides a Java signature tool to help developers sign APK. You can use it on the command line. Please download the signature tool v2.5-81. Make sure you have JRE 1.6 or later installed on your PC.
Run signature tool
In PC, run the follow command:
- Use jks:java -jar <File Path>/SignatureTools.jar sign --keytype jks --apk <File Path>/<in name>.apk --out <File Path>/<out name>.apk --keystore <File Path>/<name>.jks --alias androiddebugkey --storepass wizarpos([Optional]) --sigAlg SHA1withRSA(SHA1withRSA/MD5withRSA/SHA256withRSA, [Optional]) --signatureScheme v2(v1/v2,[Optional]) --zipalign
Replace the real parameter value, and change the key password and store password to your real password.
For Example: java -jar SignatureTools_v2.5-81-g1e5b0ac sign --keytype jks --apk bcare_wallet_beta_andorid6.apk --out bcare_wallet_beta_andorid6_signed3.apk --keystore E:\...\XXX.jks --alias XXX--keypass XXX --storepass XXX --zipalign --quiet
- Use pk8:java -jar <File Path>/SignatureTools.jar sign --keytype pk8 --apk <File Path>/<in name>.apk --out <File Path>/<out name>.apk --keyfile <File Path>/private_pwd.pk8(With or Without password) --certs <File Path>/cert.x509_pwd.pem --keypass android(Optional) --storepass android(Optional) --sigAlg SHA1withRSA(SHA1withRSA/MD5withRSA/SHA256withRSA, Optional) --signatureScheme v2(v1/v2)
Replace the real parameter value, and change the key password and store password to your real password.
Parameter | Value | Specification |
---|---|---|
--keytype | jks or pk8 | The type of the keystore which used to sign the APK. |
--keystore | The path of the jks key store file | It must be defined when using jks keystore |
--keyfile | The path of the pk8 file | It must be defined when using pk8 file as keystore. |
--apk | The file path of the apk before signed | The file path of the apk before signed |
--out | The file path of the apk after signed | The file path of the apk after signed |
--alias | Alias name of private key | Alias name of private key in jks file |
--certs | Certificates file path | When keytype is pk8, this is the certificate chain |
--storepass | Password of keystore file | Password of keystore file |
--keypass | password of private key | password of private key in jks file or pk8 file |
--sigAlg | SHA1withRSA or MD5withRSA or SHA256withRSA | signature algorithm |
--signatureScheme | v1 or v2 or v1v2 | signature scheme |
--zipalign | apk zipalign | |
--quiet | suppress informational messages, only show warnings and errors. |