As an experiment, I would like to use the platform key of my custom built Android platform to sign an arbitrary APK, that is built via the NDK. What is the process to go about doing this?
Generate an upload key and keystoreIn the menu bar, click Build > Generate Signed Bundle/APK. In the Generate Signed Bundle or APK dialog, select Android App Bundle or APK and click Next. Below the field for Key store path, click Create new.
To submit an Android app to the Google Play store, it must be signed with a release key. That means you generate the key on your computer, then upload it to our build platform. If your plan includes app store submission, we will create this key for you.
The signed apk is simply the unsigned apk that has been signed via the JDK jarsigner tool. If you want to generate a signed apk then refer to How to Generate Signed Apk in Android Studio?
It is used to verify a package has been signed by the corresponding private key. The standard Android build uses five keys, all of which reside in build/target/product/security : testkey. Generic default key for packages that do not otherwise specify a key.
If you have your platform key/certificate pair (.pk8 + x509.pem). Which can be found under build/target/product/security in the pulbic sdk.
You can use the SignApk.jar from the command line
java -jar SignApk.jar platform.x509.pem platform.pk8 Application.apk Application_signed.apk
Or to make automation easier, you can import the key/cert pair into your java keystore file, with the keytool-importkeypair, and use an ant makefile or eclipse for signing.
keytool-importkeypair -k ~/.android/debug.keystore -p android -pk8 platform.pk8 -cert platform.x509.pem -alias platform
The signapk.jar (all lowercase) file mentioned in aprock' answer can be found at prebuilts/sdk/tools/lib/signapk.jar
(or out/host/linux-x86/framework/signapk.jar
).
Below I will describe how to manage the keystore used by Eclipse and ant release
.
The following command takes the key file platform.pk8 and X509 certificate platform.x509.pem and outputs the decrypted key material in tmp.p12. The name platformkey is used to
openssl pkcs8 -inform DER -nocrypt -in platform.pk8 | \ openssl pkcs12 -export -in platform.x509.pem -inkey /dev/stdin \ -name platformkey -password pass: -out tmp.p12
Eclipse and ant debug
use the keystore at ~/.android/debug.keystore which is locked with the password android
. (You can also specify an other keystore file if you want to, e.g. ~/.android/mykeys.keystore
.) The next command stores the key material from tmp.p12 in the keystore (without a password for the keys, if you want one, edit -srcstorepass ''
below):
keytool -importkeystore -deststorepass android -srckeystore tmp.p12 \ -srcstoretype PKCS12 -srcstorepass '' -destkeystore ~/.android/debug.keystore
At this point, you can delete the tmp.p12 file because it is no longer needed.
In order to check what is in your keystore, you can run the next keytool
command (the output it shown on the line thereafter):
$ keytool -list -keystore ~/.android/debug.keystore -storepass android ... platformkey, Nov 23, 2013, PrivateKeyEntry, Certificate fingerprint (SHA1): 12:34:56:(stripped):AB:CD:EF
When you no longer need the key, it can be removed with:
keytool -delete -keystore ~/.android/debug.keystore -storepass android -alias platformkey
In your local.properties
file, put (if you omit the key.*.password
options, you have to enter it every time you sign the APK):
key.store=${user.home}/.android/debug.keystore key.alias=platformkey key.store.password=android key.alias.password=
Now you can run ant release
to sign your APK using the platform key you stored in a keystore.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With