Signing APKs with Java KeyTool

by Posted on

For publishing an APK  in Google Play app signing by Google Play is not mandatory and we can use our own keys. This example shows how a Cordova generated APK can be signed and published to Google Play using Java Keytool.

Java Keytool is a key and certificate management tool that is used to manipulate Java Keystores, and is included with Java. A Java Keystore is a container for authorization certificates or public key certificates, and is often used by Java-based applications for encryption, authentication, and serving over HTTPS. Its entries are protected by a keystore password. A keystore entry is identified by an alias, and it consists of keys and certificates that form a trust chain.

Generate release build in Cordova

C:\CORDOVA\app01> cordova build --release

The unsigned APK file will be generated in \platforms\android\app\build\outputs\apk\release. In this example the file name is app-release-unsigned.apk

Generate Self-Signed Certificate in New Keystore

This command generates a 2048-bit RSA key pair, valid for 1000 days, under the specified alias (domain), in the specified keystore file (keystore.jks):

C:\CORDOVA\app01>keytool -genkey -v -keystore APPNAME-mobileapps.keystore -alias APPNAMEmobileapps -keyalg RSA -keysize 2048 -validity 1000

Enter the following details

keystore password? : <Your Password>
What is your first and last name? : <Name>
What is the name of your organizational unit? : <OU>
What is the name of your organization? : <Organization>
What is the name of your City or Locality? : <City>
What is the name of your State or Province? : <State>
What is the two-letter country code for this unit? : <Two Letter Country Name>

Once the keystore is generated, copy it into the \platforms\android\app\build\outputs\apk\release folder.

To sign the unsigned APK, run the jarsigner tool which is also included in the JDK

Syntax: jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore <keystorename> <Unsigned APK file> <Keystore Alias name>

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore APPNAME-mobileapps.keystore app-release-unsigned.apk APPNAMEmobileapps

Optimize the APK using zip align tool

zipalign -v 4 app-release-unsigned.apk app01.apk

The final release binary  app01.apk will be generated which is ready to be released in the Google Play Store.

Published by Sumesh MS