Trying to manually sign android package with jarsigner.exe and install with adb.exe

Question

I've been trying to use the jarsigner.exe and adb.exe to manually sign an android package and install it on a API V8 emulator. I created a simple HelloAndroid project and it would generate a signed HelloAndroid.apk using the debug.keystore located in the user's .android directory. When launching from Eclipse, it builds and installs the apk on the emulator without a problem.

I used the android tools to export an unsigned application package to a separate directory. I signed and zipAligned the package and used adb to install it but received the error:

Failure [INSTALL_PARSE_FAILED_NO_CERTIFICATES]

I used the following command to sign it.

jarsigner -verbose -keystore c:\users\jhwong\.android\debug.keystore
     -storepass android -keypass android -digestalg SHA-1 -sigalg SHA1withRSA
     -sigfile CERT -signedjar temp\HelloWorld2.apk
      temp\HelloWorld.unsigned.apk androiddebugkey
   adding: META-INF/MANIFEST.MF
   adding: META-INF/CERT.SF
   adding: META-INF/CERT.RSA
  signing: res/layout/main.xml
  signing: AndroidManifest.xml
  signing: resources.arsc
  signing: res/drawable-hdpi/icon.png
  signing: res/drawable-ldpi/icon.png
  signing: res/drawable-mdpi/icon.png
  signing: classes.dex

That did not give me any errors and just to makes sure I ran:

jarsigner -verify -verbose temp\HelloWorld2.apk

It showed the jar was verified and each file signed and part of the manifest.

I ran zipalign -v 4 temp\HelloWorld2.apk temp\HelloWorld3.apk which finished without an error. Then used adb install -r temp\HelloWorld3.apk.

I've seen several related threads and articles suggesting these directions but I'm perplexed as to why it doesn't work manually verses using Eclipse to build the signed package. I've even taken the package built from Eclipse and was able to use adb.exe to install it so I've narrowed it to signing the package. I've tried keystores that I've generated from the keytool but they didn't work as well which is why I tried the debug.keystore.

I'd appreciate any advice if they noticed anything wrong with my jarsigner code.

Answer 1

We had this exact same problem. Try using the following parameter values:

jarsigner ... -digestalg SHA1 -sigalg MD5withRSA ...

By the way, using explicit sigalg and digestalg seems to be mandatory with JDK 7.

Answer 2

To sign apks using JDK 1.7 one has to use these keywords "-sigalg MD5withRSA -digestalg SHA1 "

Reason: As of JDK 7, the default signing algorithim has changed, requiring you to specify the signature and digest algorithims (-sigalg and -digestalg) when you sign an APK.

Command:

jarsigner -verbose -sigalg MD5withRSA -digestalg SHA1 -keystore [keystorefile]
[originalapk] alias_name