For publishing an APK in Google Play app signing by Google Play is not mandatory and we can use our own keys. This example shows how a Cordova generated APK can be signed and published to Google Play using Java Keytool.
Java Keytool is a key and certificate management tool that is used to manipulate Java Keystores, and is included with Java. A Java Keystore is a container for authorization certificates or public key certificates, and is often used by Java-based applications for encryption, authentication, and serving over HTTPS. Its entries are protected by a keystore password. A keystore entry is identified by an alias, and it consists of keys and certificates that form a trust chain.
Generate release build in Cordova
C:\CORDOVA\app01> cordova build --release
The unsigned APK file will be generated in \platforms\android\app\build\outputs\apk\release. In this example the file name is app-release-unsigned.apk
Generate Self-Signed Certificate in New Keystore
This command generates a 2048-bit RSA key pair, valid for 1000 days, under the specified alias (domain), in the specified keystore file (keystore.jks):
C:\CORDOVA\app01>keytool -genkey -v -keystore APPNAME-mobileapps.keystore -alias APPNAMEmobileapps -keyalg RSA -keysize 2048 -validity 1000
Enter the following details
keystore password? : <Your Password> What is your first and last name? : <Name> What is the name of your organizational unit? : <OU> What is the name of your organization? : <Organization> What is the name of your City or Locality? : <City> What is the name of your State or Province? : <State> What is the two-letter country code for this unit? : <Two Letter Country Name>
Once the keystore is generated, copy it into the \platforms\android\app\build\outputs\apk\release folder.
To sign the unsigned APK, run the jarsigner tool which is also included in the JDK
Syntax: jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore <keystorename> <Unsigned APK file> <Keystore Alias name>
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore APPNAME-mobileapps.keystore app-release-unsigned.apk APPNAMEmobileapps
Optimize the APK using zip align tool
zipalign -v 4 app-release-unsigned.apk app01.apk
The final release binary app01.apk will be generated which is ready to be released in the Google Play Store.