Menu
As ApkSigner is available in revision 24.0.3 and higher of the Android SDK Build Tools, I have a question: What is the difference between ApkSigner and JarSigner? Why do we need ApkSigner?
Can I sign Apk in the command line for both signers?
456
A tool that helps signing, zip aligning and verifying multiple Android application packages (APKs) with either debug or provided release certificates (or multiple). It supports v1, v2 and v3 Android signing scheme.
Verifying an APK signature The correct way to verify an APK file is to use apksigner . apksigner is part of the Android build tools, therefore you may find multiple versions installed, one for each build-tools version installed. For more details on how to get apksigner see last chapter of this answer.
APK signing has been a part of Android from the beginning. It is based on signed JAR. For details on using this scheme, see the Android Studio documentation on Signing your app. v1 signatures do not protect some parts of the APK, such as ZIP metadata.
jarsigner is designed for signing JAR files and does not know anything about APKs and Android, whereas apksigner is designed for signing APK files and knows what requirements Android places on APK signatures.
For example, jarsigner does not produce APK Signature Scheme v2 signatures introduced in Android 7.0 (Nougat), whereas apksigner does. Another example is that jarsigner does not know that APKs which need to run on API Level 17 or lower must not use SHA-256 digests in their signatures, whereas apksigner knows that.
If you want to sign an APK using one of these tools, use apksigner.
Here's the official documentation about signing from command-line: Sign your app
152
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
