Android 如何签署一个已经编译好的 Apk
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/10930331/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to Sign an Already Compiled Apk
提问by svarog
I've decoded an APK with apktool (as the original source code was lost) so I could fix some issues with the layout xml files. I've then rebuilt it back up with apktool and when I tried to install it on my device (using adb: adb install appname.apk) it gave me this error:
我已经用 apktool 解码了一个 APK(因为原始源代码丢失了)所以我可以解决布局 xml 文件的一些问题。然后我用 apktool 重新构建了它,当我尝试在我的设备上安装它时(使用 adb: adb install appname.apk),它给了我这个错误:
[INSTALL_PARSE_FAILED_NO_CERTIFICATES]
the original apk however was signed by a keystore (on eclipse IDE), this one isn't, how can I sign it properly with it's original keystone file outside Eclipse!?
然而,原始 apk 是由密钥库(在 Eclipse IDE 上)签名的,这个不是,我如何在 Eclipse 之外使用它的原始 keystone 文件正确签名!?
回答by user3854546
create a key using
使用创建密钥
keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
then sign the apk using :
然后使用以下命令签署apk:
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore my_application.apk alias_name
回答by Patrick Favre
Automated Process:
自动化流程:
Use this tool (uses the new apksigner from Google):
使用此工具(使用来自 Google 的新 apksigner):
https://github.com/patrickfav/uber-apk-signer
https://github.com/patrickfav/uber-apk-signer
Disclaimer: Im the developer :)
免责声明:我是开发人员:)
Manual Process:
手动流程:
Step 1: Generate Keystore (only once)
第 1 步:生成密钥库(仅一次)
You need to generate a keystore once and use it to sign your unsignedapk.
Use the keytoolprovided by the JDKfound in %JAVA_HOME%/bin/
您需要生成一次密钥库并使用它来签署您的unsignedapk。使用由JDK提供的发现keytool%JAVA_HOME%/bin/
keytool -genkey -v -keystore my.keystore -keyalg RSA -keysize 2048 -validity 10000 -alias app
Step 2 or 4: Zipalign
第 2 步或第 4 步:Zipalign
zipalignwhich is a tool provided by the Android SDKfound in e.g. %ANDROID_HOME%/sdk/build-tools/24.0.2/is a mandatory optimization step if you want to upload the apk to the Play Store.
zipalign这是由Android SDK中提供的工具在如发现%ANDROID_HOME%/sdk/build-tools/24.0.2/是一个强制性的优化步骤,如果你要上传的APK Play商店。
zipalign -p 4 my.apk my-aligned.apk
Note:when using the old jarsigneryou need to zipalign AFTERsigning. When using the new apksignermethod you do it BEFOREsigning (confusing, I know). Invoking zipalign before apksigner works finebecause apksigner preserves APK alignment and compression (unlike jarsigner).
注意:使用旧版本时,jarsigner您需要在签名后进行 zipalign 。使用新apksigner方法时,请在签名之前进行(令人困惑,我知道)。在 apksigner 之前调用 zipalign 工作正常,因为 apksigner 保留了 APK 对齐和压缩(与 jarsigner 不同)。
You can verifythe alignment with
您可以验证对齐方式
zipalign -c 4 my-aligned.apk
Step 3: Sign & Verify
第 3 步:签名和验证
Using build-tools 24.0.2 and older
使用 24.0.2 及更早版本的构建工具
Use jarsignerwhich, like the keytool, comes with the JDK distributionfound in %JAVA_HOME%/bin/and use it like so:
使用jarsigner它,就像 keytool 一样,随 JDK 发行版一起提供, %JAVA_HOME%/bin/并像这样使用它:
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my.keystore my-app.apk my_alias_name
and can be verified with
并且可以验证
jarsigner -verify -verbose my_application.apk
Using build-tools 24.0.3 and newer
使用构建工具 24.0.3 及更新版本
Android 7.0 introduces APK Signature Scheme v2, a new app-signing scheme that offers faster app install times and more protection against unauthorized alterations to APK files (See hereand herefor more details). Therefore, Google implemented their own apk signer called apksigner(duh!)
The script file can be found in %ANDROID_HOME%/sdk/build-tools/24.0.3/(the .jar is in the /libsubfolder). Use it like this
Android 7.0 引入了 APK 签名方案 v2,这是一种新的应用签名方案,可提供更快的应用安装时间和更多保护,防止对 APK 文件进行未经授权的更改(有关更多详细信息,请参阅此处和此处)。因此,Google 实现了自己的 apk 签名器,称为apksigner(duh!) 脚本文件可以在%ANDROID_HOME%/sdk/build-tools/24.0.3/(.jar 位于/lib子文件夹中)中找到。像这样使用它
apksigner sign --ks my.keystore my-app.apk --ks-key-alias alias_name
and can be verified with
并且可以验证
apksigner verify my-app.apk
回答by Pellet
fastest way is by signing with the debug keystore:
最快的方法是使用调试密钥库签名:
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore ~/.android/debug.keystore app.apk androiddebugkey -storepass android
or on Windows:
或在 Windows 上:
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore %USERPROFILE%/.android/debug.keystore test.apk androiddebugkey -storepass android
回答by Nikolay Elenkov
You use jarsigner to sign APK's. You don't have to sign with the original keystore, just generate a new one. Read up on the details: http://developer.android.com/guide/publishing/app-signing.html
您使用 jarsigner 来签署 APK。您不必使用原始密钥库进行签名,只需生成一个新密钥库即可。阅读详细信息:http: //developer.android.com/guide/publishing/app-signing.html
回答by shereifhawary
Updated answer
更新答案
Check https://shatter-box.com/knowledgebase/android-apk-signing-tool-apk-signer/
检查https://shatter-box.com/knowledgebase/android-apk-signing-tool-apk-signer/
Old answer
旧答案
check apk-signera nice way to sign your app
检查apk-signer一种签署应用程序的好方法
回答by Luke Alderton
For those of you who don't want to create a bat file to edit for every project, or dont want to remember all the commands associated with the keytools and jarsigner programs and just want to get it done in one process use this program:
对于那些不想为每个项目创建一个 bat 文件来编辑的人,或者不想记住与 keytools 和 jarsigner 程序相关的所有命令而只想在一个过程中完成它的人,请使用这个程序:
http://lukealderton.com/projects/programs/android-apk-signer-aligner.aspx
http://lukealderton.com/projects/programs/android-apk-signer-aligner.aspx
I built it because I was fed up with the lengthy process of having to type all the file locations every time.
我构建它是因为我厌倦了每次都必须键入所有文件位置的冗长过程。
This program can save your configuration so the next time you start it, you just need to hit Generate an it will handle it for you. That's it.
这个程序可以保存你的配置,所以下次你启动它时,你只需要点击生成它就会为你处理它。就是这样。
No install required, it's completely portable and saves its configurations in a CSV in the same folder.
无需安装,它完全可移植,并将其配置保存在同一文件夹中的 CSV 文件中。
