Can I re-sign an .apk with a different certificate than what it came with?
AndroidSigningApkAndroid Problem Overview
If I have an apk can I remove the current signing and some how re-sign it with a different .keystore file and still have the application install?
Update: I managed to get it to work with Jorgesys' solution and where I messed up before was that I unzipped the .apk then rezipped it after removing the META-INF folder and changed the file extension back into .apk. What I should have done is simply opened it with winzip and delete the folder inside of winzip.
Android Solutions
Solution 1 - Android
try this
>### 1) Change the extension of your .apk to .zip > >### 2) Open and remove the folder META-INF > >### 3) Change the extension to .apk > >### 4) Use the jarsigner and zipalign with your new keystore.
hope it helps
Solution 2 - Android
If you are looking for a quick simple solution, you can use Google's apksigner
command line tool which is available in revision 24.0.3 and higher.
> apksigner sign --ks release.jks application.apk
You can find more information about apksigner tool, at the developer Android site.
https://developer.android.com/studio/command-line/apksigner.html
Or, alternatively, you may use an open-source apk-resigner script
Open Source apk-resigner script https://github.com/onbiron/apk-resigner
All you have to do is, download the script and just type:
> ./signapk.sh application.apk keystore key-pass alias
Solution 3 - Android
Note if you use v2 signing schema (which you will automatically if you use build-tools 24.0.3+ in AS) you cannot just remove the META-INF folder from the APK since v2 adds its signing data to a zip meta block.
Google's new apksigner introduced in build-tools 24.03 (Android 7) is however able to resign APKs. You can just repeat the signing command to sign with a new keystore/cert (the old ones will be removed).
apksigner sign --ks keystore.jks signed_app.apk
Shameless plug: if you want a easier tool that can sign multiple apks and has better log output use: https://github.com/patrickfav/uber-apk-signer (uses Google's apksigner.jar in the background)
Solution 4 - Android
zip -d my_application.apk META-INF/\*
keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore my_application.apk alias_name
zipalign -v 4 your_project_name-unaligned.apk your_project_name.apk
Solution 5 - Android
Signing for release: $1.apk -> $1_release.apk" GeneralMills&GoogleApps#2012 Step 1: Removing any previous signing Change the extension of your .apk to .zip Open and delete the folder META-INF Change the extension to .apk Or Command: • zip [originalapk] Example: • zip "$1".apk -d
Step 2: Signing with release.keystore.. Command: • jarsigner –verbose –keystore [keystorefile] –signedjar [unalignedapk] [originalapk] alias_name Example: • C:\Program Files\Java\jdk1.6.0_43\bin> jarsigner -verbose -keystore release.keystore -signedjar "$1"_unaligned.apk "$1".apk release
Step 3: Aligning Command: • zipalign -f 4 [unalignedapk] [releaseapk] Example: • C:\Users\G535940\Downloads\adt-bundle-windows-x86\adt-bundle-windows-x86\sdk\too ls>zipalign -f 4 "$1"_unaligned.apk "$1"_release.apk
Step 4: Cleaning up Command: • rm 4 [unalignedapk] Example: • rm "$1"_unaligned.apk
Additional Commands might help:
-
To generate new key with keytool keytool -genkey -alias
-keystore -
To list keys keytool -list -keystore
Command to generate a keyhash for the Facebook features
Command: • keytool -exportcert -alias alias_name -keystore [keystorefile] | openssl sha1 -binary | openssl base64
Example: • C:\Program Files\Java\jdk1.6.0_43\bin>keytool -exportcert -alias release -keyst ore release.keystore |opens l sha1 -binary | openssl base64
Note: To sign our apks we have downgraded JDK from 1.7 to 1.6.0_43 update.
Reason: As of JDK 7, the default signing algorithim has changed, requiring you to specify the signature and digest algorithims (-sigalg and -digestalg) when you sign an APK.
Command: jarsigner -verbose -sigalg MD5withRSA -digestalg SHA1 -keystore [keystorefile] [originalapk] alias_name
Solution 6 - Android
All the solutions above work. Just a note why it didn't work for you when you re-zipped:
Some of the files inside the .apk need to remain stored (compression at 0%). This is because Android will use memory mapping (mmap) to read the contents without unpacking into memory. Such files are .ogg and some of the icons.
Solution 7 - Android
Assuming your keys are stored in keys.keystore
, you can run:
$ keytool -list -keystore keys.keystore
Your keystore contains 1 entry
your_key_alias, Jan 3, 2013, PrivateKeyEntry,
Certificate fingerprint (SHA1): 8C:C3:6A:DC:7E:B6:12:F1:4C:D5:EE:F1:AE:17:FB:90:89:73:50:53
to determine the alias of your key. Then run:
zip -d your_app.apk "META-INF/*"
jarsigner -verbose -keystore keys.keystore \
-sigalg MD5withRSA -digestalg SHA1 -sigfile CERT \
your_app.apk your_key_alias
to re-sign your_app.apk
with the key named your_key_alias
.
The extra -sigfile CERT
option seems to be necessary as of JDK 8.