Signing APKs with Java KeyTool
For publishing an APK in Google Play app signing by Google Play is not mandatory and we can use our own keys. This example shows how a Cordova generated APK can be signed and published to Google Play using Java Keytool.
Java Keytool is a key and certificate management tool that is used to manipulate Java Keystores, and is included with Java. A Java Keystore is a container for authorization certificates or public key certificates, and is often used by Java-based applications for encryption, authentication, and serving over HTTPS. Its entries are protected by a keystore password. A keystore entry is identified by an alias, and it consists of keys and certificates that form a trust chain.
Generate release build in Cordova
C:\CORDOVA\app01> cordova build --release
The unsigned APK file will be generated in \platforms\android\app\build\outputs\apk\release. In this example the file name is app-release-unsigned.apk
Generate Self-Signed Certificate in New Keystore
This command generates a 2048-bit RSA key pair, valid for 1000 days, under the specified alias (domain), in the specified keystore file (keystore.jks):
C:\CORDOVA\app01>keytool -genkey -v -keystore APPNAME-mobileapps.keystore -alias APPNAMEmobileapps -keyalg RSA -keysize 2048 -validity 1000
Enter the following details
keystore password? : <Your Password> What is your first and last name? : <Name> What is the name of your organizational unit? : <OU> What is the name of your organization? : <Organization> What is the name of your City or Locality? : <City> What is the name of your State or Province? : <State> What is the two-letter country code for this unit? : <Two Letter Country Name>
Once the keystore is generated, copy it into the \platforms\android\app\build\outputs\apk\release folder.
To sign the unsigned APK, run the jarsigner tool which is also included in the JDK
Syntax: jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore <keystorename> <Unsigned APK file> <Keystore Alias name>
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore APPNAME-mobileapps.keystore app-release-unsigned.apk APPNAMEmobileapps
Optimize the APK using zip align tool
zipalign -v 4 app-release-unsigned.apk app01.apk
The final release binary app01.apk will be generated which is ready to be released in the Google Play Store.