NAME

       signapk - JAR and APK signing tool

SYNOPSIS

       Command line tool for signing Android ZIP/JAR/APK files:

       signapk [-w] [-a alignment] [-providerClass className] publickey.x509[.pem] privatekey.pk8
       [publickey2.x509[.pem] privatekey2.pk8 ...] input.jar output.jar signapk file.jar

       input.jar is an existing file to sign.

DESCRIPTION

       Signs ZIP files, including JARs, APKs and Over-The-Air (OTA) updates, in a way  compatible
       with  Android's mincrypt verifier, using EC or RSA keys and SHA1 or SHA-256.  The tool can
       additionally sign APKs using APK Signature Scheme v2.  It is the  standard  tool  used  to
       sign APK and JAR files distributed as part of Android ROMs.

HISTORICAL NOTE

       Prior  to  the  KitKat  (aka  4.4.2 aka android-19) release, signapk ignored the signature
       algorithm specified in the certificate and always used SHA1withRSA.

       Starting with JellyBean-MR2 (aka 4.3 aka android-18), the platform supports SHA256withRSA,
       so we use the signature algorithm in the certificate to select which to use (SHA256withRSA
       or SHA1withRSA).  Also in JellyBean-MR2, EC keys are supported.

       Because there are old keys still in use  whose  certificate  actually  says  “MD5withRSA”,
       those are treated as though they say “SHA1withRSA” for compatibility with older releases.

SEE ALSO

       JAR(1)

       ZIP(1)

       ZIPALIGN(1)

       https://source.android.com/devices/tech/ota/sign_builds.html

AUTHORS

       The Android Open Source Project.

                                                                                       SIGNAPK(1)