Sign APKs with Android APKSigner by using Futurex PKCS #11

this section shows how to sign an apk with apksigner and provides a demonstration sign an apk find the apksigner module at /android/sdk/build tools/\<version>/ and perform the following steps to sign an apk with apksigner to sign an apk with android apksigner, run the following command adjust the values for the following arguments to match your environment ks pass the password set for the keystore when you created it in the previous section, ks key alias the key alias you provided in the previous section, such as apksignerdemo in the apk file you want to sign, including the full path to the file if necessary out the name of the signed apk file, including the full path if necessary sudo /apksigner sign providerclass sun security pkcs11 sunpkcs11 providername sunpkcs11 futurex ks none ks type pkcs11 ks pass pass \<keystore password> ks key alias \<key alias> in \<unsigned apk> out \<signed apk> to verify the signature of the output file, run the following command sudo /apksigner verify verbose \<signed apk> you should see output similar to the following example verifies verified using v1 scheme (jar signing) false verified using v2 scheme (apk signature scheme v2) true verified using v3 scheme (apk signature scheme v3) true verified using v3 1 scheme (apk signature scheme v3 1) false verified using v4 scheme (apk signature scheme v4) false verified for sourcestamp false number of signers 1 in the preceding example, multiple signatures occurred for different android signing versions to only sign with one signing version type, add the following flags to your command and enable only the version you want to use to sign v1 signing enabled \<true or false> v2 signing enabled \<true or false> v3 signing enabled \<true or false> v4 signing enabled \<true or false> apksigner demonstration the following command demonstrates a signing command with apksigner sudo /apksigner sign provider class "sun security pkcs11 sunpkcs11" providername sunpkcs11 futurex ks none ks type pkcs11 ks pass pass\ safest ks key alias apksigner in /root/androidstudioprojects/myapplication/app/build/outputs/apk/debug/app debug apk out /root/androidstudioprojects/myapplication/app/build/outputs/apk/debug/signed app debug apk the following command demonstrates a verification command with apksigner sudo /apksigner verify verbose /root/androidstudioprojects/myapplication/app/build/outputs/apk/debug/signed app debug apk for more information on apksigner and its functions, refer to the android developer documentation