Sign Android files with Apksigner

Apksigner is a command-line tool provided by the Android SDK (Software Development Kit). It is used to sign and verify Android application packages (APKs).

Follow these instructions to sign directly using Apksigner and securely reference your private key stored in Software Trust Manager. Alternatively, integrate Apksigner with Signing Manager Controller (SMCTL) for simplified signing.

Prerequisites

Windows or Linux operating system
Configure Software Trust Manager PKCS11 library
Install Apksigner
Keypair alias

Sign with Apksigner

To sign an individual APK file using apksigner:

$ANDROID_HOME/build-tools/31.0.0/apksigner sign --provider-class sun.security.pkcs11.SunPKCS11 --provider-arg <your_pkcs11.cfg_file> --ks NONE --ks-type PKCS11 --ks-pass pass:<anything> --ks-key-alias <keypair_alias> --in <unsigned.apk> --out <signed.apk>

Tip

Multiple signatures may occur for different Android signing versions when you sign with Apksigner. To avoid multiple signatures add the following parameters to your sign command and only enable the version that you want to sign with:

--v1-signing-enabled <true or false> --v2-signing-enabled <true or false> --v3-signing-enabled <true or false> --v4-signing-enabled <true or false>

Sample command:

To sign using only Android version 3:

$ANDROID_HOME/build-tools/31.0.0/apksigner sign --provider-class sun.security.pkcs11.SunPKCS11 --provider-arg <your_pkcs11.cfg_file> --ks NONE --ks-type PKCS11 --ks-pass pass:<anything> --ks-key-alias <keypair_alias> --in <unsigned.apk> --out <signed.apk> --v1-signing-enabled false --v2-signing-enabled false --v3-signing-enabled true --v4-signing-enabled false

Verify signature with Apksigner

To verify the signature on an individual APK file:

  $ANDROID_HOME/build-tools/31.0.0/apksigner verify -verbose <signed.apk>

Sign Android files with Apksigner

Prerequisites

Sign with Apksigner

Tip

Verify signature with Apksigner

Related articles