Sign APKs with Android APKSigner by using Futurex PKCS #11

this section shows how to sign an apk with apksigner and provides a demonstration sign an apk find the apksigner module at /android/sdk/build tools/\<version>/ and perform the following steps to sign an apk with apksigner if using java jdk version newer than 17 , run the following command sudo nano /android/sdk/build tools/\<version>/apksigner and replace javaopts="" with the following line javaopts=" add opens=jdk crypto cryptoki/sun security pkcs11=all unnamed" to sign an apk with android apksigner, run the following command adjust the values for the following arguments to match your environment ks key alias the key alias you provided in the previous section, such as android apk signer\ apksignerdemo\ c note if there are spaces in the key alias, make sure to wrap the entire alias in double quotes in the apk file you want to sign, including the full path to the file if necessary out the name of the signed apk file, including the full path if necessary sudo /apksigner sign provider class sun security pkcs11 sunpkcs11 ks none ks type pkcs11 ks key alias \<key alias> in \<unsigned apk> out \<signed apk> when prompted for the keystore password for signer #1 , enter the identity password configured inside the \<crypto opr pass> tag in the fxpkcs11 cfg file to verify the signature of the output file, run the following command sudo /apksigner verify verbose \<signed apk> you should see output similar to the following example verifies verified using v1 scheme (jar signing) false verified using v2 scheme (apk signature scheme v2) true verified using v3 scheme (apk signature scheme v3) true verified using v3 1 scheme (apk signature scheme v3 1) false verified using v4 scheme (apk signature scheme v4) false verified for sourcestamp false number of signers 1 in the preceding example, multiple signatures occurred for different android signing versions to only sign with one signing version type, add the following flags to your command and enable only the version you want to use to sign v1 signing enabled \<true or false> v2 signing enabled \<true or false> v3 signing enabled \<true or false> v4 signing enabled \<true or false> apksigner demonstration the following example demonstrates a signing command with apksigner sudo /apksigner sign provider class "sun security pkcs11 sunpkcs11" ks none ks type pkcs11 ks key alias "android apk signer\ apksignerdemo\ c" in /root/androidstudioprojects/myapplication/app/build/outputs/apk/debug/app debug apk out /root/androidstudioprojects/myapplication/app/build/outputs/apk/debug/signed app debug apk the following example demonstrates a verification command with apksigner sudo /apksigner verify verbose /root/androidstudioprojects/myapplication/app/build/outputs/apk/debug/signed app debug apk for more information on apksigner and its functions, refer to the android developer documentation ( developer android com/tools/apksigner )