apksigner | lightweight APK signing tool that can be run on Android | Emulator library
kandi X-RAY | apksigner Summary
kandi X-RAY | apksigner Summary
It is available as a package in [Termux] which can be installed with pkg install apksigner.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- Reads a central end entry from a ZIP file
- Read an int
- Read a length string from the stream
- Read a short
- Main entry point for testing
- Signs a zip file using the given public key and signature block template
- Write a local entry
- Adds the SHA1 to the manifest
- Persist the engine to the specified output stream
- Converts a password array to a byte array
- Writes a certificate
- Sets the encoded key
- Encrypt a key using the passwd
- Set a new key
- Encrypt a key using the passwd
- Closes the file
- Writes the information in the ZIP file
- Loads a keystore from an input stream
- Read a certificate
- Returns the data for this entry
- Returns an input stream for this entry
- Returns the key associated with the specified alias
- Decrypt a private key
- Get the time in milliseconds
- Sets an alias for an alias
- Read a byte
- Returns the certificate associated with the specified alias
apksigner Key Features
apksigner Examples and Code Snippets
Community Discussions
Trending Discussions on apksigner
QUESTION
Problem is my app apk is signed with sha1 signer #1 and sha1 signer #2 using jarsigner. meaning multisigned using both first-release-key.jks and second-release-key.jks which i believe now is wrong. Apk shows both certs. Now trying to sign apk with apksigner using sha2 signer #1 and then sha2 signer #2 is failing.
https://developer.android.com/studio/command-line/apksigner
Usually, you sign an APK using only one signer. In the event that you need to sign an APK using multiple signers, use the --next-signer option to separate the set of general options to apply to each signer:
...ANSWER
Answered 2021-Apr-19 at 21:13Try with the flag --v3-signing-enabled=false
.
As mentioned in the error message, v3 signing does not support signing with multiple keys so I suspect that disabling it would fix this error.
Note that v3 signing is an extension of v2 signing that supports key rotation, so you're not losing in security (well, besides key rotation which you may never be able to use).
QUESTION
I know how to check signatures of apk files, but cannot figure out how to check the trustworthyness of app bundles (apkm). Does anyone have a hint for me?
When e.g. checking the signature of a google camera bundle from apkmirror, it shows that the bundle is signed by apkmirror and not - as expected - by google.
I figured out that I can simply extract the apk files in the bundle and verify their signature (then I get a google signature, as intended). This does not work for all apks though: The "base.apk" does not have a signature. Is there a reason for this? Is the signature for the base.apk maybe included in the other signatures somehow?
Edit: After reading Pierres answer I figured out that the base.apk indeed is also signed. The problem in my case was that the apksigner version in ubuntu 18.04 is outdated and does not support the used signature format.
...ANSWER
Answered 2021-May-01 at 09:16All APKs should have a signature, including the base. Make sure you use apksigner and not jarsigner.
There is no way to check who it was signed by. The certificate has some information but it can easily be spoofed so it's not reliable.
You have to trust the source you're downloading the APKs from basically and the best way is usually to ask the developers where they publish their app and download it from there. For Google apps, that's the Play Store.
If you know the certificate the app should be signed with, you can also compare the certificate from the signature with the one you expect.
QUESTION
I am trying to set up a build pipeline for the Xamarin Android app using AzureDevops Pipeline.
The step that is causing my hair to go thin and grey is Signing and Zipaligning.
For signing, I have created a self-signed key using:
keytool -genkeypair -v -keystore keystore.keystore -alias keyAlias -keyalg RSA -keysize 2048 -validity 10000
Then I have added keystore.keystore
to azureDevOps secure files location and enabled it for all pipelines
I then set the signing step in the following way:
...ANSWER
Answered 2021-Apr-15 at 14:07The cause was a lack of internal mental capacity as usual. I didn't set the output dir. After changing apkFiles: '**/*.apk'
to apkFiles: '$(outputDirectory)/*.apk'
it all worked.
QUESTION
I have created an application using angular and processed it using Cordova.
Now, when I use cordova build android
or cordova build --release android
I get the desired result i.e. the app is running on my device, even after signing it (with my.keystore) using the below
ANSWER
Answered 2021-Apr-03 at 17:09If you have landed here .. my issue was resolved importing the project to Android studio and generating build from there.
check the referenced question --> Error while trying to upload APK to Google Play
QUESTION
I am create my app in ionic v3 with Target SDK version 30 when i am upload my apk on google play console i am getting error "You uploaded an APK with an invalid signature (learn more about signing). Error from apksigner: ERROR: MIN_SIG_SCHEME_FOR_TARGET_SDK_NOT_MET: Target SDK version 30 requires a minimum of signature scheme v2; the APK is not signed with this or a later signature scheme"
When i am making apk with Target SDK version 29 and upload on google play console its upload without any error
i don't no whay google give me an error
create sign in apk proccess are same in Target SDK version 30 or Target SDK version 29 same keystore and all command are same for create sign apk
My command are ionic cordova build --release android
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore myappname.keystore app-release-unsigned.apk myapp
zipalign -v 4 app-release-unsigned.apk myappname.apk
Please Check what is wrong on about command and let me know it's argent my client are waiting a Target SDK version 30
...ANSWER
Answered 2021-Mar-31 at 06:50Solution
i am use this solution for ionic app only using cmd
After zipalign command success apply this command for conver sign apk with signature scheme v2
apksigner sign --v2-signing-enabled false --ks keystore name.keystore signapkname.apk
apksigner sign --ks keystore name.keystore signapkname.apk
apksigner sign --ks keystore name.keystore --ks-key-alias aliasname BuildingManagement.apk
keytool -printcert -jarfile signapkname.apk
apksigner verify -v --print-certs signapkname.apk
apksigner verify -v signapkname.apk
QUESTION
I am trying to test an apk file using Eclipse, Java, Selenium, Cucumber, and Appium.
In Windows Environment Variables, under System Variables, I have the value of JAVA_HOME set to "C:\Program Files\Java\jdk-15.0.2".
In Eclipse, I'm using the latest JDK 15.0.2 in my run configuration. When I execute a cucumber test, I get the following error:
C:\Users\x\AppData\Local\Programs\Appium\resources\app\node_modules\appium\node_modules\appium-uiautomator2-server\apks\appium-uiautomator2-server-v4.17.4.apk'. Original error: java.lang.UnsupportedClassVersionError: com/android/apksigner/ApkSignerTool has been compiled by a more recent version of the Java Runtime (class file version 53.0), this version of the Java Runtime only recognizes class file versions up to 52.0
I'm using the latest version of JDK so why am I getting this error and how can I resolve it?
...ANSWER
Answered 2021-Mar-07 at 00:35List of Java class file format major version numbers? shows which jdk versions use which class file versions. If you are indeed using java 15, then your jdk should recognize class files up to 59. But your error message indicates that it only recognized versions up to 52, which suggests that you're actually using java 8.
QUESTION
The Android developer documentation explained that there is an option --v4-no-merkle-tree
but the option does not exist. I'm doing this way to sign via CMD
ANSWER
Answered 2021-Mar-04 at 20:53This is a documentation error. The flag does not exist nor has ever existed.
Edit: Now removed from documentation.
QUESTION
We are currently signing our Android apps using jarsigner
but we want to migrate to using apksigner
so we can take advantage of it's additional benefits such as the v2 signing algorithm.
Are there any considerations we need to factor into this migration or is it as simple as changing which tool we are using? Our main concern is obviously to avoid any complications when pushing updated apps to the Play Store.
...ANSWER
Answered 2021-Mar-04 at 20:00This should be a simple switch without complications.
QUESTION
Is it possible given a released APK file to know the Android build tools version used, especially with utilities like zipalign
and apksigner
that has been applied to the APK file?
ANSWER
Answered 2021-Feb-28 at 05:50You should run different commands to get some information:
1: \build-tools\version\aapt dump badging your_app.apk
this command gives you some information about sdkVersion, versionCode compileSdkVersion and etc.
2: \build-tools\version\zipalign -c -v 4 your_app.apk
this command at the end of outputs verifies that your_app is zipaligned or not.
3: \bin\jarsinger -verify -verbose -certs your_app.apk
In the output of this command you'll find CN tag. It shows that your apk is signed with your keysign or it is debug version.
QUESTION
For context, I am trying to use an Azure build pipeline to build multiple flavors of an Android app. Each flavor has its own separate signing keystore, and all of those keystores are stored in my 'secure files' in the library.
However, when I try to dereference the $(Keystore) variable during the 'android signing' task, it doesn't seem to recognize that that is a variable that exists, and tries instead to locate a file called '$(Keystore)'
Am I doing something wrong here? This seems like it should work.
A sanitized example looks like this:
...ANSWER
Answered 2021-Feb-16 at 21:11You're missing the step to download the Secure File. Unlike variable groups, you need to explicitly download them to have access via the secure file name.
You'll want to add something similar to the example task below to your steps to pull the secure file. Then, you'll access your secure file via NAME_PARAMETER.secureFilePath:
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install apksigner
You can use apksigner like any standard Java library. Please include the the jar files in your classpath. You can also use any IDE and you can run and debug the apksigner component as you would do with any other Java program. Best practice is to use a build tool that supports dependency management such as Maven or Gradle. For Maven installation, please refer maven.apache.org. For Gradle installation, please refer gradle.org .
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page