Skip to main content
This section shows how to sign an APK with APKSigner and provides a demonstration.

Sign an APK

Find the apksigner module at /Android/sdk/build-tools/<version>/ and perform the following steps to sign an APK with APKSigner:
1
To sign an APK with Android APKSigner, run the following command:
Adjust the values for the following arguments to match your environment:
  • —ks-pass: The password set for the keystore when you created it in the previous section,
  • —ks-key-alias: The key alias you provided in the previous section, such as apksignerdemo.
  • —in: The .apk file you want to sign, including the full path to the file if necessary.
  • —out: The name of the signed .apk file, including the full path if necessary.
Shell
sudo ./apksigner sign -providerclass sun.security.pkcs11.SunPKCS11 -providerName SunPKCS11-Futurex  --ks NONE --ks-type PKCS11 --ks-pass pass:<keystore password> --ks-key-alias <key alias> --in <unsigned.apk> --out <signed.apk>
2
To verify the signature of the output file, run the following command:
Shell
sudo ./apksigner verify -verbose <signed.apk>
You should see output similar to the following example:
Shell
Verifies
Verified using v1 scheme (JAR signing): false
Verified using v2 scheme (APK Signature Scheme v2): true
Verified using v3 scheme (APK Signature Scheme v3): true
Verified using v3.1 scheme (APK Signature Scheme v3.1): false
Verified using v4 scheme (APK Signature Scheme v4): false
Verified for SourceStamp: false
Number of signers: 1
In the preceding example, multiple signatures occurred for different Android signing versions. To only sign with one signing version type, add the following flags to your command and enable only the version you want to use to sign:
Shell
--v1-signing-enabled <true or false> --v2-signing-enabled <true or false> --v3-signing-enabled <true or false> --v4-signing-enabled <true or false>

APKSigner demonstration

The following command demonstrates a signing command with APKSigner:
Shell
sudo ./apksigner sign --provider-class "sun.security.pkcs11.SunPKCS11" -providerName SunPKCS11-Futurex --ks NONE --ks-type PKCS11 --ks-pass pass:safest --ks-key-alias apksigner --in /root/AndroidStudioProjects/MyApplication/app/build/outputs/apk/debug/app-debug.apk --out /root/AndroidStudioProjects/MyApplication/app/build/outputs/apk/debug/signed-app-debug.apk
The following command demonstrates a verification command with APKSigner:
Shell
sudo ./apksigner verify -verbose /root/AndroidStudioProjects/MyApplication/app/build/outputs/apk/debug/signed-app-debug.apk
For more information on APKSigner and its functions, refer to the Android Developer Documentation.