APK署名
Androidのパッケージ署名には、Android Studio のコマンドラインユーティリティの一部として提供されているApksigner ユーティリティを使用します。Apksignerは、当社のPKCS11ライブラリを使用します。
Follow these instructions to sign directly using Apksigner and securely reference your private key stored in Software Trust Manager. Alternatively, integrate Apksigner with Signing Manager Controller (SMCTL) for simplified signing.
Prerequisites
Windows or Linux operating system
Keypair alias
Sign with Apksigner
To sign an individual APK file using apksigner:
$ANDROID_HOME/build-tools/31.0.0/apksigner sign --provider-class sun.security.pkcs11.SunPKCS11 --provider-arg <your_pkcs11.cfg_file> --ks NONE --ks-type PKCS11 --ks-pass pass:<anything> --ks-key-alias <keypair_alias> --in <unsigned.apk> --out <signed.apk>
ヒント
Multiple signatures may occur for different Android signing versions when you sign with Apksigner. To avoid multiple signatures add the following parameters to your sign command and only enable the version that you want to sign with:
--v1-signing-enabled <true or false> --v2-signing-enabled <true or false> --v3-signing-enabled <true or false> --v4-signing-enabled <true or false>
Sample command:
To sign using only Android version 3:
$ANDROID_HOME/build-tools/31.0.0/apksigner sign --provider-class sun.security.pkcs11.SunPKCS11 --provider-arg <your_pkcs11.cfg_file> --ks NONE --ks-type PKCS11 --ks-pass pass:<anything> --ks-key-alias <keypair_alias> --in <unsigned.apk> --out <signed.apk> --v1-signing-enabled false --v2-signing-enabled false --v3-signing-enabled true --v4-signing-enabled false
Verify signature with Apksigner
To verify the signature on an individual APK file:
$ANDROID_HOME/build-tools/31.0.0/apksigner verify -verbose <signed.apk>