I. Introduction to the tool
Jarsigner is a universal tool provided by JDK for signing jar packages.
Located at JDK/bin/jarsigner.exe.
Apksigner is a special tool provided by Google for Android apk signature and verification.
Located at androidsdk/build-tools/sdkversion/apksigner.bat.
Apk package and jar package are essentially compressed packages in zip format, so their signature processes are similar (only for V 1 signature).
Both tools can sign Android apk packages.
The difference between 1.V 1 and V2 signature.
Click menu build-> in Android Studio. Generate signed apk ... There are two signature options for packaging signature: V 1 (jar signature) V2 (complete apk signature).
Since Android 7.0, Google has added a new signature scheme V2 (APK signature).
However, for versions below Android 7.0, only the old signature scheme V 1 scheme (JAR signature) can be used.
Signature of V 1
V2 signature:
The advantages of V2 signature are obvious:
Note: By default, the apksigner tool uses V 1 and V2 signatures to be compatible with Android versions below 7.0.
2.zipalign and V2 signatures
It is located in androidsdk/build-tools/sdkversion/zipalign.exe.
Zipalign is a tool for aligning Zip packages, which makes the uncompressed data in APK packages orderly aligned, thus reducing the memory consumption when the APP runs.
Zipalign -v 4 in.apk out.apk //4 byte alignment optimization
Zipalign -c -v 4 inches. APK // Check whether the apk is aligned.
Zipalign can be executed after the signature of V 1.
However, zipalign cannot be executed after V2 is signed, but only before V2 is signed! ! !
Two. Signature step
1. Generate key pair (existing keystore, which can be ignored)
When debugging, Android Studio will use the default keystore for application signing:
1. Generate key pair
Enter JDK/bin, and then enter the command.
Parameters:
Tip: You can use this command repeatedly to create multiple key pairs in the same keystore.
For example, add a pair of keys to debug.keystore, alias as release.
keytool-genkey pair-keystore debug . keystore-alias release-validity 30000
2. Check the keystore
Enter JDK/bin, and then enter the command.
Key tool list keystore name
Parameters:
For example:
keytool-list-v-keystore debug . keystore
Now there are two pairs of keys in the debug.keystore keystore, and the alias is androiddebugkey release.
sign
1. method 1 (jarsigner, only V 1 signature is supported)
Enter JDK/bin, and then enter the command.
Starting from JDK7, jarsigner's default algorithm is SHA256, but it is not supported below Android 4.2.
Therefore, it is necessary to modify the algorithm and increase the parameter-digest algsha1-sigalgsha1with RSA.
Parameters:
For example:
Signed by jarsigner of JDK7 or above, which is not supported below Android 4.2.
jarsigner-keystore debug . keystore myapp . apk androiddebugkey
Signed with JDK7 and above jarsigner, compatible with Android below 4.2.
jarsigner-keystore debug . keystore-digestalg sha 1-sigalg sha 1 with RSA myapp . apk androiddebugkey
2. Method 2 (apksigner, with V 1 and V2 signatures by default).
Enter the Android SDK/build-tools/SDK version and enter the command.
If there are multiple key pairs in the keystore, you must specify a key alias.
Disable V2 signature
Apk signer sign-v2- false-ks keystore name xxx.apk with signature enabled.
Parameters:
For example:
There is only one key pair in the debug.keystore keystore.
apk signer sign-ks debug . keystore myapp . apk
There are multiple key pairs in the debug.keystore keystore, so you must specify a key alias.
apk signer sign-ks debug . keystore-ks-key-alias androiddebugkey myapp . apk
3. Signature verification
1. method 1 (keytool, which only supports signature verification of V 1
Enter JDK/bin, and then enter the command.
Keytool-printcert-jarfilemyapp.apk (display signing certificate information)
Parameters:
2. Method 2 (apksigner, supporting signature verification of V 1 and V2)
Enter the Android SDK/build-tools/SDK version and enter the command.
apk signer verify-v-print-certs XXX . apk
Parameters:
For example:
Apk signer verification -v MyApp.apk