Sign an APK for uploading to Google Play Store
For our app on http://FussballimFreeTV.de we have versions for iOS, Android and WindowsPhone. Now we wanted to deploy a new Android Version, but on my new notebook I did not have Eclipse installed anymore. So I needed to find out how to sign the provided APK with Android Studio.
But as documentation says: You do not need Android Studio to sign your app!
Install JDK
So just download the latest JDK from Oracle. For me this is currently JDK 1.8.0_65 for Windows x64. I’ve installed it to C:\Program Files\Java\jdk1.8.0_65 as proposed. The bin-folder contains all the files we need.
Signing the APK
I have my APK in a separate directory, containing a subdirectory ‘keys’ where I have my key stored from Google Play Store. So I opened a command prompt in the directory where my APK is located. According to the documentation mentioned above, this would be the line to be executed at the command prompt:
"C:\Program Files\Java\jdk1.8.0_65\bin\jarsigner.exe" -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore keys\my.key my.file.apk myalias
Of course you have to modify the last 3 parameters of this line:
- keys\my.key: That’s the key I use to sign. It’s located in a subdirectory ‘keys’.
- my.file.apk: That’s the apk you want to sign. It’s located in current path.
- myalias: That’s the alias set in your key.
Hmm, my alias? Fortunately there is an easy way to find out, as Umitk has described on stackoverflow:
keytool -keystore keys\my.key -list -v
The first value is ‘Aliasname’, and that’s the one you have to use when you want to sign your apk.
OK, so now we are ready to sign the apk. But then…
jarsigner: unable to sign jar: java.util.zip.ZipException: invalid entry compressed size (expected 948 but got 960 bytes)
The following error message was thorugh by jarsigner:
jarsigner: unable to sign jar: java.util.zip.ZipException: invalid entry compressed size (expected 948 but got 960 bytes)
Hmm.. Fortunately joerg has given the answer here:
- Open the apk in a zip program (like 7-zip)
- delete the folder ‘META-INF’
- save the apk and try to sign again
And as a result it should work fine now: jar signed 🙂
Use ZipAlign on APK
As the above mentioned documentation describes you should afterwards verify the signature and then zipalign the apk, otherwise you cannot upload it to Google Play Store.So where do you find zipalign? It’s part of the Android SDK, so it’s located somewhere like C:\Program Files (x86)\Android\android-sdk\build-tools\23.0.1. To zipalign your apk this would be the command to execute:
"C:\Program Files (x86)\Android\android-sdk\build-tools\23.0.1\zipalign.exe" -v 4 your.existing.apk your.new.apk
This will zipalign your.existing.apk and then save the result as your.new.apk.
Now you are ready to upload your new signed and zipaligned apk to Google Play Store via Google Play Developer Console.
Additionally here is a short CMD which uses 7-Zip to delete the META-INF-Directory, then signs the app and finally calls zipalign. Maybe you need to adjust the directories to your needs.
SET UNSIGNED=my.unsigned.apk SET ALIAS=myalias SET SIGNED=my.signed.apk DEL %SIGNED% rename "%UNSIGNED%" "%UNSIGNED%.zip" "C:\Program Files\7-Zip\7z.exe" d "%UNSIGNED%.zip" META-INF rename "%UNSIGNED%.zip" "%UNSIGNED%" "C:\Program Files\Java\jdk1.8.0_65\bin\jarsigner.exe" -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore keys\my.key %UNSIGNED% %ALIAS% "C:\Program Files (x86)\Android\android-sdk\build-tools\23.0.1\zipalign.exe" -v 4 %UNSIGNED% %SIGNED%