How to sign the Android Build APK



How to sign the Android Build APK



The urgent elements to realize about signing Android applications are given below:
  • All apps must be signed in. The systems will never configure any applications on an emulators or a devices if it is not signed in.
  • To test and debug our applications, the building tools signing our applications with a special debugging key that is developed by the build tools of Android SDK.
  • When we are fit to release our applications for end users, we must sign it with a appropriate private key. We can not publish any applications that is signed with the debug key generated by the tools of SDK.
  • We can use self signed certificate to sign our application. No certificates authority is required.
  • The systems test a signer expiration date of certificate only at the time of install. If any signer certificate application expire after the applications are installed, the applications will continue to normal functionality.
  • We can use standard tools — Jarsigner and Keytool — to creat keys and sign our .apk files of applications .
  • After We sign our applications for release, we recommend that we use the zipalign tools to optimize the final APK packages.

Signing Process for Android APK:
The Android develop processes signs our applications differently based on which build mode we use to build our applications. There are two modes of builds: release mode and debug mode . We use debug mode when we are developing and testing our applications. We uses release mode when we like to build a version of release of our applications that we can distribute directly to another users, customers or publish on an applications at marketplace like as Google Play.
When We build in the debug mode the Android SDK build tool uses the utility of Keytool (containing in the JDK) to develop a debug key. Because the SDK tools to build and developed the debug key, they aware the debug alias of key and password. Each and every time we compile our applications in debug mode, the build tools uses the debug key along with the utility of Jarsigner (also containing in the JDK) to sign our .apk file of application . Because the password and alias are well known to the SDK build tools, the tools do not require to prompt us for the debug alias of key and password each and every time we compiles.
When we builds in release mode we use our own private key to sign our applications. If we do not have a private key, we can use the utility of Keytool to develop one for us. When we compile our applications in release mode, the build tools uses our private key along with the utility of Jarsigner to sign our .apk file of application. Because the certificates and private keys we use are our own, we must give the password for the keystore and alias of key.
The debug process of signing take place automatically when we execute or debug our applications with the help of Eclipse with the plugin of ADT. Debug signing also take places automatically when we use the Ant build scripts with the option of debug. We can automates the release process of signing by using the Eclipse Export Wizard or by editing the Ant build scripts and building with the option of release.

Basic Setup for Signing:
Before We begin, Confirm that the Keytool utility and Jarsigner utility are present to the SDK build tool. Both of those tools are present in the JDK. In mostly cases, we can tell the SDK build tools how to search those utilities by setting our JAVA_HOME environment variables so it reference a appropriate JDK. As an alternative, we can add the JDK version of Keytool and Jarsigner to our PATH variables.
If we are creating on a versions of Linux that originally came with GNU Compilers for Java, confirm that the systems are using the JDK versions of Keytool, rather than the versions of gcj. If Keytool is already in our PATH, it might be targeting to a symlink at /usr/bin/keytool. In such case, test the symlink point to become confirm it points to the Keytool under the JDK.

Signing in Debug Mode:
http://developer.android.com/tools/publishing/app-signing.html
Signing in Release Mode:
http://developer.android.com/tools/publishing/app-signing.html


Following is the simple process for sign the Android Build APK:

A small overview, without reference or eclipse around, so leave some space for errors, but it works like this
  • open our projects in eclipse
  • press right mouse, tools (androids tools?) - > export signed applications (apk?)
  • go trough the wizard:
  • create a new key store. confirm that password
  • sign our apps
  • save it etc. Done
Also, from the link:

Compile and sign using Eclipse ADT

If we are working Eclipse with the ADT plug in, we can use the Export Wizard to export a signed .apk (and even develop a new key store, if required). The Export Wizard perform all the interactions with the Jarsigner and Keytool for you, which permits us to sign the packages using GUI instead of performing the manual procedure to compile the sign, and aligns, as explained above. Once the wizards have compiled and signed our packages, it will also processes packages alignment with zipalign. Because the Export Wizard use both Jarsigner and Keytool, we should confirm that they are accessible on our computers, as explained above in the Basic Setup for Signing.

To develop signed and aligned .apk under Eclipse:
  1. Choose the projects in the Package Explorer and then select File → Export.
  2. Now access the Android folder, select Export Android Applications, and click on Next.
    The Export Android Applications wizard now start, which will lead us through the processes of signing our applications, containing steps for choosing the private key with which to sign the .apk (or developing a new private key and keystore).
  3. Completed the Export Wizard and our applications will be compiled, signed, aligned, and now prepared for distributions.

More details can be found on following url:
http://developer.android.com/tools/publishing/app-signing.html


No comments:

Post a Comment

Popular Posts