Disclaimer: I know the basics of signing an APKs and I have a problem with only one of my projects and only when signing with Microsoft Windows as the OS.
I am building my APK with Maven and sign them with the maven-jarsigner-plugin:
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jarsigner-plugin</artifactId>
<executions>
<execution>
<id>signing</id>
<goals>
<goal>sign</goal>
</goals>
<phase>package</phase>
<inherited>true</inherited>
<configuration>
<archive>target/${project.build.finalName}.apk</archive>
<sigfile>CERT</sigfile>
<keystore>${env.HOME}/.keystore</keystore>
<storepass>${env.KEY_STOREPASS}</storepass>
<keypass>${env.KEY_KEYPASS}</keypass>
<alias>${env.KEY_ALIAS}</alias>
</configuration>
</execution>
</executions>
</plugin>
Now with one of my projects I get the following error when trying to install and start the application:
1360 KB/s (2057872 bytes in 1.477s)
pkg: /data/local/tmp/FX-602P-Droid-5.0.0.apk
Failure [INSTALL_PARSE_FAILED_NO_CERTIFICATES]
As I said in the first sentence: It works fine when signing with Mac OS X. It only fails when using Windows 7 to sign.
Using --debug
when calling Maven I see that the jarsigner is called ok and reports no error:
[INFO]
[INFO] --- maven-jarsigner-plugin:1.2:sign (signing) @ FX-602P-Droid ---
[DEBUG] org.apache.maven.plugins:maven-jarsigner-plugin:jar:1.2:
[DEBUG] org.apache.maven:maven-plugin-api:jar:2.0.6:compile
[DEBUG] org.apache.maven:maven-project:jar:2.0.6:compile
[DEBUG] org.apache.maven:maven-settings:jar:2.0.6:compile
[DEBUG] org.apache.maven:maven-profile:jar:2.0.6:compile
[DEBUG] org.apache.maven:maven-model:jar:2.0.6:compile
[DEBUG] org.apache.maven:maven-artifact-manager:jar:2.0.6:compile
[DEBUG] org.apache.maven:maven-repository-metadata:jar:2.0.6:compile
[DEBUG] org.apache.maven:maven-plugin-registry:jar:2.0.6:compile
[DEBUG] org.codehaus.plexus:plexus-container-default:jar:1.0-alpha-9-stable-1:compile
[DEBUG] junit:junit:jar:3.8.1:compile
[DEBUG] classworlds:classworlds:jar:1.1-alpha-2:compile
[DEBUG] org.apache.maven:maven-artifact:jar:2.0.6:compile
[DEBUG] org.codehaus.plexus:plexus-utils:jar:1.5.15:compile
[DEBUG] Created new class realm plugin>org.apache.maven.plugins:maven-jarsigner-plugin:1.2
[DEBUG] Importing foreign packages into class realm plugin>org.apache.maven.plugins:maven-jarsigner-plugin:1.2
[DEBUG] Imported: < project>net.sourceforge.uiq3:FX-602P-Droid:5.0.0
[DEBUG] Populating class realm plugin>org.apache.maven.plugins:maven-jarsigner-plugin:1.2
[DEBUG] Included: org.apache.maven.plugins:maven-jarsigner-plugin:jar:1.2
[DEBUG] Included: junit:junit:jar:3.8.1
[DEBUG] Included: org.codehaus.plexus:plexus-utils:jar:1.5.15
[DEBUG] Excluded: org.apache.maven:maven-plugin-api:jar:2.0.6
[DEBUG] Excluded: org.apache.maven:maven-project:jar:2.0.6
[DEBUG] Excluded: org.apache.maven:maven-settings:jar:2.0.6
[DEBUG] Excluded: org.apache.maven:maven-profile:jar:2.0.6
[DEBUG] Excluded: org.apache.maven:maven-model:jar:2.0.6
[DEBUG] Excluded: org.apache.maven:maven-artifact-manager:jar:2.0.6
[DEBUG] Excluded: org.apache.maven:maven-repository-metadata:jar:2.0.6
[DEBUG] Excluded: org.apache.maven:maven-plugin-registry:jar:2.0.6
[DEBUG] Excluded: org.codehaus.plexus:plexus-container-default:jar:1.0-alpha-9-stable-1
[DEBUG] Excluded: classworlds:classworlds:jar:1.1-alpha-2
[DEBUG] Excluded: org.apache.maven:maven-artifact:jar:2.0.6
[DEBUG] Configuring mojo org.apache.maven.plugins:maven-jarsigner-plugin:1.2:sign from plugin realm ClassRealm[plugin>org.apache.maven.plugins:maven-jarsigner-plugin:1.
2, parent: sun.misc.Launcher$AppClassLoader@214c4ac9]
[DEBUG] Configuring mojo 'org.apache.maven.plugins:maven-jarsigner-plugin:1.2:sign' with basic configurator -->
[DEBUG] (f) alias = krischik
[DEBUG] (f) archive = C:\Work\uiq3\Java\FX-602P-Droid\target\FX-602P-Droid-5.0.0.apk
[DEBUG] (f) arguments = []
[DEBUG] (f) keypass = Atlan.
[DEBUG] (f) keystore = C:\Users\martin.krischik/.keystore
[DEBUG] (f) processAttachedArtifacts = true
[DEBUG] (f) processMainArtifact = true
[DEBUG] (f) project = MavenProject: net.sourceforge.uiq3:FX-602P-Droid:5.0.0 @ C:\Work\uiq3\Java\FX-602P-Droid\pom.xml
[DEBUG] (f) removeExistingSignatures = false
[DEBUG] (f) sigfile = CERT
[DEBUG] (f) skip = false
[DEBUG] (f) storepass = !AtlanRhodan!
[DEBUG] (f) verbose = false
[DEBUG] -- end configuration --
[DEBUG] Verarbeite C:\Work\uiq3\Java\FX-602P-Droid\target\FX-602P-Droid-5.0.0.apk
[DEBUG] 'cmd.exe /X /C "C:\opt\Java\jdk\1.7.0\bin\jarsigner.exe -keystore C:\Users\martin.krischik/.keystore -storepass '*****' -keypass '*****' -sigfile CERT C:\Work\u
iq3\Java\FX-602P-Droid\target\FX-602P-Droid-5.0.0.apk krischik"'
[INFO] 1 Archiv(e) verarbeitet
[INFO]
What else could have gone wrong?
PS: I just noted C:\opt\Java\jdk\1.7.0\bin\jarsigner.exe
— Has there been a change to the jarsigner from 1.6 to 1.7? And why would Maven use the 1.7 signer for a 1.6 project?
APK Signature Scheme v2 is a whole-file signature scheme that increases verification speed and strengthens integrity guarantees by detecting any changes to the protected parts of the APK.
The solution is add this to the <configuration>
of the maven-jarsigner-plugin:
<arguments>
<argument>-sigalg</argument><argument>MD5withRSA</argument>
<argument>-digestalg</argument><argument>SHA1</argument>
</arguments>
Ant already has direct support for this, but the Maven plugin does not.
It is very tricky to find info on the usage with 1.7, but once found it is reasonable simple:
For keytool
include:
-sigalg SHA1withDSA -keyalg DSA -keysize 1024
For jarsigner
include:
-sigalg SHA1withDSA -digestalg SHA1
(1024 is the maximum and works, less might do the trick)
The solution from Baqueta works also for me.
Use these arguments in the keytool:
-sigalg MD5withRSA -keyalg RSA -keysize 1024
I am still using there in jarsigner:
-sigalg MD5withRSA -digestalg SHA1
Thank you, the APK compiled and installed on a device using Java 7, finally!
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With