How To Manually Sign APK’s With Jarsigner & Zipalign

How To Manually Sign APK’s

Why sign?

All Android applications must be digitally signed with a certificate. To ensure the authenticity of the application. The private key is held with the developer so that only he can release versions of the app with a verifiable certificate.

In essence, signing an apk ensures it’s authenticity from the developer.

Tools we will be using: Keytool, Jarsigner, and Zipalign

 

What is a keystore?

Also know as the Java keystore (JKS) is a repository of security certificates  (Public and private keys) that are used to digitally sign android applications and each keystore is unique to the developer.

A keystore essentially stores your security certificates.

Keytool

Keytool allows you to create keystores and comes pre-packaged with the Java JDK

Let us generate our own keystore that we will use to sign our apk/payload.

 

Keytool -genkey -V -keystore /root/Desktop/key.keystore -alias alexis -keyalg RSA -keysize 2048 -validity 1000

 

Alias – keypair alias name

Keyalg – the algorithm used to generate the keypair

keysize – keypair size in bits

validity – keypair validity duration in days

 

Using JARsigner

 

We will use jarsigner to sign the apk with our keystore.

Jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore /root/Desktop/key.keystore com.android.apk alexis(alias)

 

Sigalg – signature algorithm

Digestalg – digest algorithm

What is zipalign?

Zipalign is an optimization process that is performed on an application that allows it to run more efficiently after signing.
Zipalign will restructure the resources in an APK along 4-byte boundaries. This alignment allows Android to quickly load the resources from the APK, increasing the performance of the application and potentially reducing memory use.

 

Let us zipalign the application

Zipalign -v 4 com.android.apk signed.apk

 

-v : Verbose

4: 32 bit alignment

Liked it? Take a second to support Alexis on Patreon!
Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *