Apksigner

Use APK signer to sign and verify the signature of APK files. Android package signing uses the apksigner utility available as part of the Android Studio command line utilities. Apksigner is available in version 24.0.3 and higher of the Android SDK Build Tools.

Integrate Apksigner with Signing Manager Controller (SMCTL) for simplified signing. Alternatively, you can sign directly with Apksigner and reference your private key stored in Software Trust Manager.

Sugerencia

Apksigner is compatible for signing on Windows, Linux, macOS.

What files can you sign with Apksigner and PKCS11?

.aab
.apk

Prerequisites

Configure Software Trust Manager KPCS11 library
Install Java
Install build tools
Install Apksigner

Install Apksigner

There are two ways to install Apksigner. The easiest method is to download the Android SDK because Apksigner is included in the download, however the Android SDK is a big file. Alternatively, you can install Apksigner by using installing build tools and downloading Android Studio.

ejemplo 1. Android SDK (recommended)

To download the Android SDK:

Download Android Studio.
Run the android-studio file that was downloaded.
Follow the steps in the Android Studio Setup wizard to complete the installation.
Launch Android Studio.
Complete the steps in the wizard.
Nota
Apksigner should now be available in file path: C:\Users\John.Doe\AppData\Local\Android\Sdk\build-tools\33.0.2\lib

ejemplo 2. Build tools procedure for Windows

Install command line utilities

To install the command line utilities:

Download the Android Studio command line utilities: https://developer.android.com/studio
Extract the files into a “cmdline-tools” folder.
Create a subfolder named latest.
Move the bin and lib folders into the latest folder.
Example:
.\cmdline-tools\latest\bin
.\cmdline-tools\latest\lib
Set an environment variable called ANDROID_HOME and set it to the path where you extracted the command line tools.
```
set ANDROID_HOME=c:\cmdline-tools\latest
```
To install the build tools, run this command from the ANDROID_HOME folder:
```
.\bin\sdkmanager --channel=0 --install "build-tools;31.0.0" 
```
Nota
Accept the license agreement to start the download and installation of the build tools at the same level as the cmdline-tools.

ejemplo 3. Build tools procedure for Linux and macOS

Install command line utilities

To install the command line utilities:

Download the Android Studio command line utilities: https://developer.android.com/studio
Extract the files into a “cmdline-tools” folder.
Create a subfolder named latest.
Move the bin and lib folders into the latest folder.
Example:
.\cmdline-tools\latest\bin
.\cmdline-tools\latest\lib
Set an environment variable called ANDROID_HOME and set it to the path where you extracted the command line tools.
```
export ANDROID_HOME=/home/<user>/cmdline-tools/
```

To install the build tools, run this command from the ANDROID_HOME folder:

$ANDROID_HOME/latest/bin/sdkmanager --channel=0 --install "build-tools;31.0.0”

Nota

channel=0 means “stable” channel.

For Java version 8-16:

No additional prerequisite.

For Java version 17 or higher:

Find the apksigner file in your Android build tools location.
Open the apksigner.bat file in a Integrated development environment (IDE) or plain text editor.

Edit the value for set javaOpts= in line 68, to match the following:

javaOpts="--add-exports=jdk.crypto.cryptoki/sun.security.pkcs11=ALL-UNNAMED"

Save the file.

Set PATH environment variables

Operating systems use the environment variable called PATH to determine where executable files are stored on your system. Use the PATH environment variable to store the file path to your signing tools to ensure that the CLI can reference these signing tools.

ejemplo 4. Windows

You can set the PATH environment variable using command line or via the environment variables.

To set the path to your signing tools via command line:

set PATH=%path%;<path to Apksigner>

Command sample:

set PATH=%path%;C:\Users\John.Doe\AppData\Local\Android\Sdk\build-tools\33.0.2\lib

To set the path to your signing tools for your system or account:

Search for environment variables in the Windows start menu.
Select Edit environment variables for your account or Edit system environment variables.
Double click on the Path variable.
Click New.
Select Browse.
Select the path to the signing tool.
Click OK to save the path.
Click on OK to close the dialog.

ejemplo 5. Linux

To set the path to your signing tools via command line:

Launch the Terminal application.
Open the file in an editor:
```
nano ~/.profile
```
Add any exports definitions you need:
```
export PATH=<Path to Apksigner>
```
Click CTRL+X to exit.
Click Y to save.
Click Enter to keep the same file name.
Execute the new .profile by restarting Terminal or using:
```
 source ~/.profile
```

ejemplo 6. macOS

To set the path to your signing tools via command line:

Launch the Terminal application.
Create a profile file:
```
touch ~/.zprofile
```
Open the file in an editor:
```
open ~/.zprofile
```
Add any exports definitions you need, such as:
```
export PATH=<Path to Apksigner>
```
To save the new .zprofile, click File > Save (CMD + S).
Close the terminal window and reopen to use new saved variables.

Download Software Trust Manager PKCS11 library

Apksigner uses a configuration file to integrate with Software Trust Manager PKCS11 library.

Follow these instructions to download Software Trust Manager PKCS11 library and create the configuration file.

Sign with Apksigner

You can sign with Apksigner directly or via DigiCert's signing tools integrated with Apksigner:

En esta sección:

Apksigner

Sugerencia

What files can you sign with Apksigner and PKCS11?

Prerequisites

Install Apksigner

Nota

Nota

Nota

Set PATH environment variables

Download Software Trust Manager PKCS11 library

Sign with Apksigner

Resultados de la búsqueda