How to Sign Apps: Difference between revisions

From wizarPOS
No edit summary
(Replaced content with "{{Migrating|https://smartpossdk.gitbook.io/cloudpossdk/faq/other-development/app-signing-process}}")
Tag: Replaced
 
Line 1: Line 1:
== APK Signature and Verification Process ==
{{Migrating|https://smartpossdk.gitbook.io/cloudpossdk/faq/other-development/app-signing-process}}
=== Standard Android System Requirements ===
* '''Application Signing:'''
** All applications must be signed before installation on a standard Android system.
** For detailed instructions, refer to [https://developer.android.com/studio/publish/app-signing.html Google's official resources] on application signing.
=== wizarPOS Terminal Specifics ===
* '''Enhanced Signature Checks:'''
** In addition to standard Android signature verification, wizarPOS terminals conduct additional checks using the root certificate chain.
** Only APKs signed with the root certificate or a child certificate are permitted for installation.
* '''Obtaining a Signing Certificate:'''
** Developers must acquire a signing certificate issued by wizarPOS.
** Refer to [http://ftp.wizarpos.com/wizarPOSDevCertificateApplyGuide_en.pdf wizarPOSDevCertificateApplyGuide_en.pdf] for instructions on applying for this certificate.
* '''Importing the Certificate Chain:'''
** After receiving the CSR reply from wizarPOS, import the certificate chain file into your keystore.
** APKs signed with this keystore will be installable on wizarPOS terminals.
=== Development Mode Terminals ===
* '''Relaxed Signature Requirements:'''
** Terminals in development mode do not require the additional signature verification.
** This allows for the use of ADB to install and debug Android applications in development mode.
=== Custom Certificate Chains ===
* '''Terminal Control:'''
** The certificate chain issued by wizarpos can be replaced with the terminal owner's own certificate chain.
** This enables terminal owners to have full control over the applications installed on their terminals.
 
== How to sign APK ==
=== Use IDE to sign APK===
Please refer to [https://developer.android.com/studio/publish/app-signing.html Google Sign APP]
* Click Build>Generate Signed Bundle/APK
* Select APK
[[File:Signtargetselect.png|frameless|left|thumb|caption]]
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Choose keystore and input the info in the follow picture, click Next.
[[File:Signjksinput.png|frameless|left|thumb|caption]]
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Keep Default settings, set stored path of the signed APK, then click Finish.
[[File:Signnext.png|frameless|left|thumb|caption]]
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
=== Use Android apksigner to sign APK ===
Please read this [https://developer.android.com/tools/apksigner apksigner tool].
 
For Example:
Sign an APK using release.jks, which is the only key in the KeyStore:
  $ apksigner sign --ks release.jks app.apk
=== Use command line tool to sign APK(Deprecated) ===
WizarPOS provides a Java signature tool to help developers sign APK. You can use it on the command line. Please download the [http://ftp.wizarpos.com/advanceSDK/SignatureTools_v2.5-81-g1e5b0ac.zip signature tool v2.5-81]. Make sure you have JRE 1.6 or later installed on your PC.
 
==== Run signature tool ====
In PC, run the follow command:
 
* Use jks:'''java -jar <File Path>/SignatureTools.jar sign --keytype jks  --apk <File Path>/<in name>.apk  --out <File Path>/<out name>.apk --keystore <File Path>/<name>.jks --alias  androiddebugkey --storepass wizarpos([Optional]) --sigAlg SHA1withRSA(SHA1withRSA/MD5withRSA/SHA256withRSA, [Optional]) --signatureScheme v2(v1/v2,[Optional]) --zipalign'''
Replace the real parameter value, and change the key password and store password to your real password.
 
For Example: java -jar SignatureTools_v2.5-81-g1e5b0ac sign --keytype jks  --apk bcare_wallet_beta_andorid6.apk  --out bcare_wallet_beta_andorid6_signed3.apk --keystore E:\...\XXX.jks --alias XXX--keypass XXX --storepass XXX --zipalign --quiet
* Use pk8:'''java -jar <File Path>/SignatureTools.jar sign --keytype pk8  --apk <File Path>/<in name>.apk  --out <File Path>/<out name>.apk --keyfile <File Path>/private_pwd.pk8(With or Without password) --certs <File Path>/cert.x509_pwd.pem --keypass android(Optional) --storepass android(Optional) --sigAlg SHA1withRSA(SHA1withRSA/MD5withRSA/SHA256withRSA, Optional) --signatureScheme v2(v1/v2)'''
Replace the real parameter value, and change the key password and store password to your real password.
 
{| class="wikitable"
|-
! Parameter !!Value !! Specification
|-
| --keytype || jks or pk8|| The type of the keystore which used to sign the APK.
|-
| --keystore|| The path of the jks key store file|| It must be defined when using jks keystore
|-
| --keyfile|| The path of the pk8 file|| It must be defined when using pk8 file as keystore.
|-
| --apk|| The file path of the apk before signed|| The file path of the apk before signed
|-
| --out|| The file path of the apk after signed|| The file path of the apk after signed
|-
| --alias|| Alias name of private key|| Alias name of private key in jks file
|-
| --certs|| Certificates file path|| When keytype is pk8, this is the certificate chain
|-
| --storepass|| Password of keystore file|| Password of keystore file
|-
| --keypass || password of private key|| password of private key in jks file or pk8 file
|-
| --sigAlg || SHA1withRSA or MD5withRSA or SHA256withRSA|| signature algorithm
|-
| --signatureScheme || v1 or v2 or v1v2|| signature scheme
|-
| --zipalign|| || apk zipalign
|-
| --quiet|| || suppress informational messages, only show warnings and errors.
|}

Latest revision as of 03:16, 8 April 2024

Please visit new link of same subject:

https://smartpossdk.gitbook.io/cloudpossdk/faq/other-development/app-signing-process

We're making a move! Our site's content is migrating to a new URL, to provide you with an enhanced browsing experience. Please update your bookmarks accordingly. Thank you for your continuous support!