How to sign an apk through command line

Asked 5/6, 2018 at 17:19 Answered 26/10, 2022 at 9:1

Be informed that we have created an apk file through command line with the help of Android SDK. Now since uploading it to google play store needs the apk to be signed. How shall we do this.

Arleta answered 5/6, 2018 at 17:19 Comment(0)

First you need a keystore to begin the process. You will be signing your apk with this keystore and you need to sign with same keystore for future updates. Know more about keystore here: https://developer.android.com/studio/publish/app-signing#generate-key
Once you generate the keystore, you should jarsigner utility (which is available in JDK folder)

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore your-release-key.keystore android-release-unsigned.apk alias -storepass password

Next step is to use zipalign tool(available in android SDK folder) to verify the apk.

path-to-android-sdk/build-tools/version/zipalign -v 4 android-release-unsigned.apk android-prod-released-signed.apk

Last step is to verify with apksigner tool (available in android SDK folder)

path-to-android-sdk/build-tools/version/apksigner verify android-prod-released-signed.apk

PS: Replace paths, files and passwords with actual values

Protohuman answered 5/6, 2018 at 17:55 Comment(1)

What is the purpose of step number 2? – Undrape 30/8, 2022 at 12:49

Step 1

First you need to generate a private signing key

keytool -genkey -v -keystore my-release-key.keystore -alias my-key-alias -keyalg RSA -keysize 2048 -validity 10000

This command will prompt you for a password for your keystore and key (also for some additional fields). Please remember to keep your keystore file private at anytime.

Step 2

Next you need to setup gradle

Place my-release-key.keystore which you generated in Step 1 under android/app

Update your ~/.gradle/gradle.properties under android/app and add the following

MYAPP_RELEASE_STORE_FILE=my-release-key.keystore
MYAPP_RELEASE_KEY_ALIAS=my-key-alias
MYAPP_RELEASE_STORE_PASSWORD=<The password you choose earlier with the keytool>
MYAPP_RELEASE_KEY_PASSWORD=<The password you choose earlier with the keytool>

Step 3

Finally you need to update your android/app/build.gradle.

android {
    ...
    defaultConfig { ... }
    signingConfigs {
        release {
            if (project.hasProperty('MYAPP_RELEASE_STORE_FILE')) {
                storeFile file(MYAPP_RELEASE_STORE_FILE)
                storePassword MYAPP_RELEASE_STORE_PASSWORD
                keyAlias MYAPP_RELEASE_KEY_ALIAS
                keyPassword MYAPP_RELEASE_KEY_PASSWORD
            }
        }
    }
    buildTypes {
        release {
            ...
            signingConfig signingConfigs.release
        }
    }
}

Now you can simply generate a signed release via the command line by running the following command in your android directory

./gradlew assembleRelease

The generated apk can then be found under your build/outputs/apk/release directory.

Garboard answered 5/6, 2018 at 17:50 Comment(3)

The other two steps can be done for sure. But the first step, when i run that command in cli, it is saying it is not recognized internal command. What shall i do. – Arleta 5/6, 2018 at 18:6

I assume you are on windows, if this is the case you need to run the key tool from C:\Program Files\Java\jdkx.x.x_x\bin – Garboard 6/6, 2018 at 7:56

not all android apk's are create in Android Studio, so this only applies to 60% of dev teams. The other answers are better. I doubt this could even be achieved on a pipeline without hosting it yourself – Sadowski 7/5, 2021 at 17:21

Follow these commands to make the apk play store ready:

Step 1: Create an unsigned apk:

./gradlew assembleRelease

Step 2: Create a signed apk:

jarsigner -keystore YOUR_KEYSTORE_PATH -storepass YOUR_KEYSTORE_PASSWORD app/build/outputs/apk/release/app-release-unsigned.apk YOUR_KEY_ALIAS

Step 3: Zipaligning the apk:

your_android-sdk_path/android-sdk/build-tools/your_build_tools_version/zipalign -v 4 app/build/outputs/apk/release/app-release-unsigned.apk release.apk

Lona answered 5/6, 2018 at 17:52 Comment(1)

Please note: If you use apksigner, zipalign must only be performed before the APK file has been signed. – Undrape 30/8, 2022 at 12:44

In case it help in future.

From android developer doc, remember that:

If you want to sign an app bundle from the command line, you can use jarsigner. If instead you want to sign an APK, you need to use zipalign and apksigner as described below.

So for an apk:

apk not signed in 'C:\Users\User\Downloads\unsigned.apk'
zipalign.exe in 'C:\android\android-sdk\build-tools\$version$\zipalign.exe'
apksigner.bat in 'C:\android\android-sdk\build-tools\$version$\apksigner.bat'
keystore in 'C:\Keystores\my.keystore'

To align: $.\zipalign.exe -v -p 4 'C:\Users\User\Downloads\unsigned.apk' 'C:\Users\User\Downloads\aligned.apk'
- To verify: $.\zipalign.exe -v -c 4 'C:\Users\User\Downloads\aligned.apk'
To sign: $.\apksigner.bat sign --ks 'C:\Keystores\my.keystore' --out 'C:\Users\User\Downloads\signed.apk' 'C:\Users\User\Downloads\aligned.apk'
- Insert keystore password
- To verify: $.\apksigner.bat verify 'C:\Users\User\Downloads\signed.apk'

For an aab:

aab not signed in 'C:\Users\User\Downloads\unsigned.aab'
jarsigner.exe in 'C:\Program Files\Java\jdk-18.0.2\bin\jarsigner.exe'
keystore in 'C:\Keystores\my.keystore'

To sign: $jarsigner -verbose -sigalg SHA256withRSA -digestalg SHA-256 -keystore 'C:\Keystores\my.keystore' -signedjar 'C:\Users\User\Downloads\signed.aab' 'C:\Users\User\Downloads\unsigned.aab' '<my keystore alias>'
- Insert keystore password

Redbug answered 26/10, 2022 at 9:1 Comment(0)

Step 1

Step 2

Step 3

Recommended topics

Hot tags