Simple Guide to Signing Apps for Google Android Programmers

Self-Signed Certificate

Following our recent article regarding the Android signing overview here is the process regarding how to actually sign your Android application using a self signed certificate. This is a procedure for release mode signing, and after following this you can directly publish your application on Android Market. You will however need to obtain a key from a certification authority like VeriSign for a fee, or you can create a self signed one yourself at no cost.

To create a self signed key using KEYTOOL, you need to have JDK installed. Both the KEYTOOL and JARSIGNER tools are bundled with the JDK.

KEYTOOL parameters:

-genkey – Generates a key pair

-v – Enables verbose output

-keystore <name-of-keystore>.keystore – Creates a new Keystore

-alias <name-of-alias> – Creates an alias for the key

-keyalg <name-of-algorithm> – Specifies the encryption algorithm used to generate the key. Ex: RSA, DSA

-validity <no-of-days> – Specifies the validity in days (As a standard, keep it more than 10,000)

-storepass <password> – Specifies the keystore password

-keypass <password> – Specifies the key password

-dname <name> – Specifies the creator of the key

Here is the command you should run to create a key.

> keytool -genkey -v -keystore mykeystore.keystore -alias aliasname -keyalg RSA -validity 10000

You don't specify the -storepass, -keypass for security reasons. The KEYTOOL application will prompt your for the Keystore password Key password. It will also ask for other details like your name, organisation, address (CN, OU, O, L, ST etc). If the command runs without errors, a new keystore will be created as mykeystore.keystore

Now to sign your unsigned APK using this key, use the JARSIGNER tool.

JARSIGNER parameters:

-keystore <name-of-keystore>.keystore Specifies the name of the keystore containing your private key

-verbose – Enable verbose output

-storepass <password> – Specifies the password for the keystore

-keypass <password> – Specifies the password for the private key

Here is the command to run to sign your application APK

> jarsigner -verbose -keystore mykeystore.keystore myapplication.apk aliasname

myapplication.apk is the name of your APK file. aliasname is the alias of the key you created. Don't specify the -keypass and -storepass attributes and it will prompt you for the passwords. Enter the passwords correctly, and your signing process is complete. You can now publish your application on the Android Market.

This post is part of the series: Programmers Guide: Signing Google Android Applications

Learn what signing is and how you can implement signing to authenticate your Google Android created applications. 2 Part Series.
  1. What Signing Means if You Are a Google Android Application Developer
  2. How To Sign Your Android Applications