1 page.title=Signing Your Applications 2 @jd:body 3 4 <div id="qv-wrapper"> 5 <div id="qv"> 6 7 <h2>Quickview</h2> 8 9 <ul> 10 <li>All Android apps <em>must</em> be signed</li> 11 <li>You can sign with a self-signed key</li> 12 <li>How you sign your apps is critical — read this document carefully</li> 13 <li>Determine your signing strategy early in the development process</li> 14 </ul> 15 16 <h2>In this document</h2> 17 18 <ol> 19 <li><a href="#signing">Signing Process</a></li> 20 <li><a href="#strategies">Signing Strategies</a></li> 21 <li><a href="#setup">Basic Setup for Signing</a></li> 22 <li><a href="#debugmode">Signing in Debug Mode</a></li> 23 <li><a href="#releasemode">Signing Release Mode</a> 24 <ol> 25 <li><a href="#cert">Obtain a suitable private key</a></li> 26 <li><a href="#releasecompile">Compile the application in release mode</a></li> 27 <li><a href="#signapp">Sign your application with your private key</a></li> 28 <li><a href="#align">Align the final APK package</a></li> 29 <li><a href="#ExportWizard">Compile and sign with Eclipse ADT</a></li> 30 </ol> 31 </li> 32 <li><a href="#secure-key">Securing Your Private Key</a></li> 33 34 </ol> 35 36 <h2>See also</h2> 37 38 <ol> 39 <li><a href="{@docRoot}tools/publishing/versioning.html">Versioning Your Applications</a></li> 40 <li><a href="{@docRoot}tools/publishing/preparing.html">Preparing to Publish</a></li> 41 </ol> 42 43 </div> 44 </div> 45 46 <p>The Android system requires that all installed applications be digitally signed with a 47 certificate whose private key is held by the application's developer. The Android system uses the 48 certificate as a means of identifying the author of an application and establishing trust 49 relationships between applications. The certificate is not used to control which applications the 50 user can install. The certificate does not need to be signed by a certificate authority: it is 51 perfectly allowable, and typical, for Android applications to use self-signed certificates.</p> 52 53 <p>The important points to understand about signing Android applications are:</p> 54 55 <ul> 56 <li>All applications <em>must</em> be signed. The system will not install an application 57 on an emulator or a device if it is not signed.</li> 58 <li>To test and debug your application, the build tools sign your application with a special debug 59 key that is created by the Android SDK build tools.</li> 60 <li>When you are ready to release your application for end-users, you must sign it with a suitable 61 private key. You cannot publish an application that is signed with the debug key generated 62 by the SDK tools.</li> 63 <li>You can use self-signed certificates to sign your applications. No certificate authority is 64 needed.</li> 65 <li>The system tests a signer certificate's expiration date only at install time. If an 66 application's signer certificate expires after the application is installed, the application 67 will continue to function normally.</li> 68 <li>You can use standard tools — Keytool and Jarsigner — to generate keys and 69 sign your application {@code .apk} files.</li> 70 <li>After you sign your application for release, we recommend that you use the 71 <code>zipalign</code> tool to optimize the final APK package.</li> 72 </ul> 73 74 <p>The Android system will not install or run an application that is not signed appropriately. This 75 applies wherever the Android system is run, whether on an actual device or on the emulator. 76 For this reason, you must <a href="#setup">set up signing</a> for your application before you can 77 run it or debug it on an emulator or device.</p> 78 79 <h2 id="signing">Signing Process</h3> 80 81 <p>The Android build process signs your application differently depending on which build mode you 82 use to build your application. There are two build modes: <em>debug mode</em> and <em>release 83 mode</em>. You use debug mode when you are developing and testing your application. You use 84 release mode when you want to build a release version of your application that you can 85 distribute directly to users or publish on an application marketplace such as Google Play.</p> 86 87 <p>When you build in <em>debug mode</em> the Android SDK build tools use the Keytool utility 88 (included in the JDK) to create a debug key. Because the SDK build tools created the debug key, 89 they know the debug key's alias and password. Each time you compile your application in debug mode, 90 the build tools use the debug key along with the Jarsigner utility (also included in the JDK) to 91 sign your application's <code>.apk</code> file. Because the alias and password are known to the SDK 92 build tools, the tools don't need to prompt you for the debug key's alias and password each time 93 you compile.</p> 94 95 <p>When you build in <em>release mode</em> you use your own private key to sign your application. If 96 you don't have a private key, you can use the Keytool utility to create one for you. When you 97 compile your application in release mode, the build tools use your private key along with the 98 Jarsigner utility to sign your application's <code>.apk</code> file. Because the certificate and 99 private key you use are your own, you will have to provide the password for the keystore and key 100 alias.</p> 101 102 <p>The debug signing process happens automatically when you run or debug your application using 103 Eclipse with the ADT plugin. Debug signing also happens automatically when you use the Ant build 104 script with the <code>debug</code> option. You can automate the release signing process by using the 105 Eclipse Export Wizard or by modifying the Ant build script and building with the 106 <code>release</code> option.</p> 107 108 <h2 id="strategies">Signing Strategies</h2> 109 110 <p>Some aspects of application signing may affect how you approach the development 111 of your application, especially if you are planning to release multiple 112 applications. </p> 113 114 <p>In general, the recommended strategy for all developers is to sign 115 all of your applications with the same certificate, throughout the expected 116 lifespan of your applications. There are several reasons why you should do so: </p> 117 118 <ul> 119 <li>Application upgrade – As you release updates to your application, you 120 will want to continue to sign the updates with the same certificate or set of 121 certificates, if you want users to upgrade seamlessly to the new version. When 122 the system is installing an update to an application, it compares the 123 certificate(s) in the new version with those in the existing version. If the 124 certificates match exactly, including both the certificate data and order, then 125 the system allows the update. If you sign the new version without using matching 126 certificates, you will also need to assign a different package name to the 127 application — in this case, the user installs the new version as a 128 completely new application. </li> 129 130 <li>Application modularity – The Android system allows applications that 131 are signed by the same certificate to run in the same process, if the 132 applications so requests, so that the system treats them as a single application. 133 In this way you can deploy your application in modules, and users can update 134 each of the modules independently if needed.</li> 135 136 <li>Code/data sharing through permissions – The Android system provides 137 signature-based permissions enforcement, so that an application can expose 138 functionality to another application that is signed with a specified 139 certificate. By signing multiple applications with the same certificate and 140 using signature-based permissions checks, your applications can share code and 141 data in a secure manner. </li> 142 143 </ul> 144 145 <p>Another important consideration in determining your signing strategy is 146 how to set the validity period of the key that you will use to sign your 147 applications.</p> 148 149 <ul> 150 <li>If you plan to support upgrades for a single application, you should ensure 151 that your key has a validity period that exceeds the expected lifespan of 152 that application. A validity period of 25 years or more is recommended. 153 When your key's validity period expires, users will no longer be 154 able to seamlessly upgrade to new versions of your application.</li> 155 156 <li>If you will sign multiple distinct applications with the same key, 157 you should ensure that your key's validity period exceeds the expected 158 lifespan of <em>all versions of all of the applications</em>, including 159 dependent applications that may be added to the suite in the future. </li> 160 161 <li>If you plan to publish your application(s) on Google Play, the 162 key you use to sign the application(s) must have a validity period 163 ending after 22 October 2033. Google Play enforces this requirement 164 to ensure that users can seamlessly upgrade applications when 165 new versions are available. </li> 166 </ul> 167 168 <p>As you design your application, keep these points in mind and make sure to 169 use a <a href="#cert">suitable certificate</a> to sign your applications. </p> 170 171 <h2 id="setup">Basic Setup for Signing</h2> 172 173 <p>Before you begin, make sure that the Keytool utility and Jarsigner utility are available to 174 the SDK build tools. Both of these tools are available in the JDK. In most cases, you can tell 175 the SDK build tools how to find these utilities by setting your <code>JAVA_HOME</code> environment 176 variable so it references a suitable JDK. Alternatively, you can add the JDK version of Keytool and 177 Jarsigner to your <code>PATH</code> variable.</p> 178 179 <p>If you are developing on a version of Linux that originally came with GNU Compiler for 180 Java, make sure that the system is using the JDK version of Keytool, rather than the gcj 181 version. If Keytool is already in your <code>PATH</code>, it might be pointing to a symlink at 182 <code>/usr/bin/keytool</code>. In this case, check the symlink target to be sure it points 183 to the Keytool in the JDK.</p> 184 185 <h2 id="debugmode">Signing in Debug Mode</h2> 186 187 <p>The Android build tools provide a debug signing mode that makes it easier for you 188 to develop and debug your application, while still meeting the Android system 189 requirement for signing your APK. 190 When using debug mode to build your app, the SDK tools invoke Keytool to automatically create 191 a debug keystore and key. This debug key is then used to automatically sign the APK, so 192 you do not need to sign the package with your own key.</p> 193 194 <p>The SDK tools create the debug keystore/key with predetermined names/passwords:</p> 195 <ul> 196 <li>Keystore name: "debug.keystore"</li> 197 <li>Keystore password: "android"</li> 198 <li>Key alias: "androiddebugkey"</li> 199 <li>Key password: "android"</li> 200 <li>CN: "CN=Android Debug,O=Android,C=US"</li> 201 </ul> 202 203 <p>If necessary, you can change the location/name of the debug keystore/key or 204 supply a custom debug keystore/key to use. However, any custom debug 205 keystore/key must use the same keystore/key names and passwords as the default 206 debug key (as described above). (To do so in Eclipse/ADT, go to 207 <strong>Windows</strong> > <strong>Preferences</strong> > 208 <strong>Android</strong> > <strong>Build</strong>.) </p> 209 210 <p class="caution"><strong>Caution:</strong> You <em>cannot</em> release your application 211 to the public when signed with the debug certificate.</p> 212 213 <h3>Eclipse Users</h3> 214 215 <p>If you are developing in Eclipse/ADT (and have set up Keytool and Jarsigner as described above in 216 <a href="#setup">Basic Setup for Signing</a>), 217 signing in debug mode is enabled by default. When you run or debug your 218 application, ADT signs the {@code .apk} file with the debug certificate, runs {@code zipalign} on 219 the package, then installs it on 220 the selected emulator or connected device. No specific action on your part is needed, 221 provided ADT has access to Keytool.</p> 222 223 <h3>Ant Users</h3> 224 225 <p>If you are using Ant to build your {@code .apk} file, debug signing mode 226 is enabled by using the <code>debug</code> option with the <code>ant</code> command 227 (assuming that you are using a <code>build.xml</code> file generated by the 228 <code>android</code> tool). When you run <code>ant debug</code> to 229 compile your app, the build script generates a keystore/key and signs the APK for you. 230 The script then also aligns the APK with the <code>zipalign</code> tool. 231 No other action on your part is needed. Read 232 <a href="{@docRoot}tools/building/building-cmdline.html#DebugMode">Building and Running Apps 233 on the Command Line</a> for more information.</p> 234 235 236 <h3 id="debugexpiry">Expiry of the Debug Certificate</h3> 237 238 <p>The self-signed certificate used to sign your application in debug mode (the default on 239 Eclipse/ADT and Ant builds) will have an expiration date of 365 days from its creation date.</p> 240 241 <p>When the certificate expires, you will get a build error. On Ant builds, the error 242 looks like this:</p> 243 244 <pre>debug: 245 [echo] Packaging bin/samples-debug.apk, and signing it with a debug key... 246 [exec] Debug Certificate expired on 8/4/08 3:43 PM</pre> 247 248 <p>In Eclipse/ADT, you will see a similar error in the Android console.</p> 249 250 <p>To fix this problem, simply delete the <code>debug.keystore</code> file. 251 The default storage location for AVDs is in <code>~/.android/</code> on OS X and Linux, 252 in <code>C:\Documents and Settings\<user>\.android\</code> on Windows XP, and in 253 <code>C:\Users\<user>\.android\</code> on Windows Vista and Windows 7.</p> 254 255 256 <p>The next time you build, the build tools will regenerate a new keystore and debug key.</p> 257 258 <p>Note that, if your development machine is using a non-Gregorian locale, the build 259 tools may erroneously generate an already-expired debug certificate, so that you get an 260 error when trying to compile your application. For workaround information, see the 261 troubleshooting topic <a href="{@docRoot}resources/faq/troubleshooting.html#signingcalendar"> 262 I can't compile my app because the build tools generated an expired debug 263 certificate</a>. </p> 264 265 266 <h2 id="releasemode">Signing in Release Mode</h2> 267 268 <p>When your application is ready for release to other users, you must:</p> 269 <ol> 270 <li><a href="#cert">Obtain a suitable private key</a></li> 271 <li><a href="#releasecompile">Compile the application in release mode</a></li> 272 <li><a href="#signapp">Sign your application with your private key</a></li> 273 <li><a href="#align">Align the final APK package</a></li> 274 </ol> 275 276 <p>If you are developing in Eclipse with the ADT plugin, you can use the Export Wizard 277 to perform the compile, sign, and align procedures. The Export Wizard even allows you to 278 generate a new keystore and private key in the process. So if you use Eclipse, you can 279 skip to <a href="#ExportWizard">Compile and sign with Eclipse ADT</a>.</p> 280 281 282 283 <h3 id="cert">1. Obtain a suitable private key</h3> 284 285 <p>In preparation for signing your application, you must first ensure that 286 you have a suitable private key with which to sign. A suitable private 287 key is one that:</p> 288 289 <ul> 290 <li>Is in your possession</li> 291 <li>Represents the personal, corporate, or organizational entity to be identified 292 with the application</li> 293 <li>Has a validity period that exceeds the expected lifespan of the application 294 or application suite. A validity period of more than 25 years is recommended. 295 <p>If you plan to publish your application(s) on Google Play, note that a 296 validity period ending after 22 October 2033 is a requirement. You can not upload an 297 application if it is signed with a key whose validity expires before that date. 298 </p></li> 299 <li>Is not the debug key generated by the Android SDK tools. </li> 300 </ul> 301 302 <p>The key may be self-signed. If you do not have a suitable key, you must 303 generate one using Keytool. Make sure that you have Keytool available, as described 304 in <a href="#setup">Basic Setup</a>.</p> 305 306 <p>To generate a self-signed key with Keytool, use the <code>keytool</code> 307 command and pass any of the options listed below (and any others, as 308 needed). </p> 309 310 <p class="warning"><strong>Warning:</strong> Keep your private key secure. 311 Before you run Keytool, make sure to read 312 <a href="#secure-key">Securing Your Private Key</a> for a discussion of how to keep 313 your key secure and why doing so is critically important to you and to users. In 314 particular, when you are generating your key, you should select strong passwords 315 for both the keystore and key.</p> 316 317 <table> 318 <tr> 319 <th>Keytool Option</th> 320 <th>Description</th> 321 </tr> 322 <tr> 323 <td><code>-genkey</code></td><td>Generate a key pair (public and private 324 keys)</td> 325 </tr> 326 <tr> 327 <td><code>-v</code></td><td>Enable verbose output.</td> 328 </tr> 329 <tr> 330 <td><code>-alias <alias_name></code></td><td>An alias for the key. Only 331 the first 8 characters of the alias are used.</td> 332 </tr> 333 <tr> 334 <td><code>-keyalg <alg></code></td><td>The encryption algorithm to use 335 when generating the key. Both DSA and RSA are supported.</td> 336 </tr> 337 <tr> 338 <td><code>-keysize <size></code></td><td>The size of each generated key 339 (bits). If not supplied, Keytool uses a default key size of 1024 bits. In 340 general, we recommend using a key size of 2048 bits or higher. </td> 341 </tr> 342 <tr> 343 <td><code>-dname <name></code></td><td><p>A Distinguished Name that describes 344 who created the key. The value is used as the issuer and subject fields in the 345 self-signed certificate. </p><p>Note that you do not need to specify this option 346 in the command line. If not supplied, Jarsigner prompts you to enter each 347 of the Distinguished Name fields (CN, OU, and so on).</p></td> 348 </tr> 349 <tr> 350 <td><code>-keypass <password></code></td><td><p>The password for the 351 key.</p> <p>As a security precaution, do not include this option in your command 352 line. If not supplied, Keytool prompts you to enter the password. In this way, 353 your password is not stored in your shell history.</p></td> 354 </tr> 355 <tr> 356 <td><code>-validity <valdays></code></td><td><p>The validity period for the 357 key, in days. </p><p><strong>Note:</strong> A value of 10000 or greater is recommended.</p></td> 358 </tr> 359 <tr> 360 <td><code>-keystore <keystore-name>.keystore</code></td><td>A name 361 for the keystore containing the private key.</td> 362 </tr> 363 <tr> 364 <td><code>-storepass <password></code></td><td><p>A password for the 365 keystore.</p><p>As a security precaution, do not include this option in your 366 command line. If not supplied, Keytool prompts you to enter the password. In 367 this way, your password is not stored in your shell history.</p></td> 368 </tr> 369 </table> 370 371 <p>Here's an example of a Keytool command that generates a private key:</p> 372 373 <pre>$ keytool -genkey -v -keystore my-release-key.keystore 374 -alias alias_name -keyalg RSA -keysize 2048 -validity 10000</pre> 375 376 <p>Running the example command above, Keytool prompts you to provide 377 passwords for the keystore and key, and to provide the Distinguished 378 Name fields for your key. It then generates the keystore as a file called 379 <code>my-release-key.keystore</code>. The keystore and key are 380 protected by the passwords you entered. The keystore contains 381 a single key, valid for 10000 days. The alias is a name that you — 382 will use later, to refer to this keystore when signing your application. </p> 383 384 <p>For more information about Keytool, see the documentation at 385 <a 386 href="http://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html"> 387 http://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html</a></p> 388 389 390 391 <h3 id="releasecompile">2. Compile the application in release mode</h3> 392 393 <p>In order to release your application to users, you must compile it in release mode. 394 In release mode, the compiled application is not signed by default and you will need 395 to sign it with your private key.</p> 396 397 <p class="caution"><strong>Caution:</strong> 398 You can not release your application unsigned, or signed with the debug key.</p> 399 400 <h4>With Eclipse</h4> 401 402 <p>To export an <em>unsigned</em> APK from Eclipse, right-click the project in the Package 403 Explorer and select <strong>Android Tools</strong> > <strong>Export Unsigned Application 404 Package</strong>. Then specify the file location for the unsigned APK. 405 (Alternatively, open your <code>AndroidManifest.xml</code> file in Eclipse, select 406 the <strong>Manifest</strong> tab, and click <strong>Export an unsigned APK</strong>.)</p> 407 408 <p>Note that you can combine the compiling and signing steps with the Export Wizard. See 409 <a href="#ExportWizard">Compiling and signing with Eclipse ADT</a>.</p> 410 411 <h4>With Ant</h4> 412 413 <p>If you are using Ant, you can enable release mode by using the <code>release</code> option 414 with the <code>ant</code> command. For example, if you are running Ant from the 415 directory containing your {@code build.xml} file, the command would look like this:</p> 416 417 <pre>$ ant release</pre> 418 419 <p>By default, the build script compiles the application APK without signing it. The output file 420 in your project {@code bin/} will be <code><em><your_project_name></em>-unsigned.apk</code>. 421 Because the application APK is still unsigned, you must manually sign it with your private 422 key and then align it using {@code zipalign}.</p> 423 424 <p>However, the Ant build script can also perform the signing 425 and aligning for you, if you have provided the path to your keystore and the name of 426 your key alias in the project's {@code ant.properties} file. With this information provided, 427 the build script will prompt you for your keystore and alias password when you perform 428 <code>ant release</code>, it will sign the package and then align it. The final output 429 file in {@code bin/} will instead be 430 <code><em><your_project_name></em>-release.apk</code>. With these steps 431 automated for you, you're able to skip the manual procedures below (steps 3 and 4). 432 To learn how to specify your keystore and alias in the {@code ant.properties} file, 433 see <a href="{@docRoot}tools/building/building-cmdline.html#ReleaseMode"> 434 Building and Running Apps on the Command Line</a>.</p> 435 436 437 438 <h3 id="signapp">3. Sign your application with your private key</h3> 439 440 <p>When you have an application package that is ready to be signed, you can do sign it 441 using the Jarsigner tool. Make sure that you have Jarsigner available on your 442 machine, as described in <a href="#setup">Basic Setup</a>. Also, make sure that 443 the keystore containing your private key is available.</p> 444 445 <p>To sign your application, you run Jarsigner, referencing both the 446 application's APK and the keystore containing the private key with which to 447 sign the APK. The table below shows the options you could use. </p> 448 449 <table> 450 <tr> 451 <th>Jarsigner Option</th> 452 <th>Description</th> 453 </tr> 454 <tr> 455 <td><code>-keystore <keystore-name>.keystore</code></td><td>The name of 456 the keystore containing your private key.</td> 457 </tr> 458 <tr> 459 <td><code>-verbose</code></td><td>Enable verbose output.</td> 460 </tr> 461 <tr> 462 <td><code>-sigalg</code></td><td>The name of the signature algorithim to use in signing the APK. 463 Use the value {@code MD5withRSA}.</td> 464 </tr> 465 <tr> 466 <td><code>-digestalg</code></td><td>The message digest algorithim to use in processing the entries 467 of an APK. Use the value {@code SHA1}.</td> 468 </tr> 469 <tr> 470 <td><code>-storepass <password></code></td><td><p>The password for the 471 keystore. </p><p>As a security precaution, do not include this option 472 in your command line unless you are working at a secure computer. 473 If not supplied, Jarsigner prompts you to enter the password. In this 474 way, your password is not stored in your shell history.</p></td> 475 </tr> 476 <tr> 477 <td><code>-keypass <password></code></td><td><p>The password for the private 478 key. </p><p>As a security precaution, do not include this option 479 in your command line unless you are working at a secure computer. 480 If not supplied, Jarsigner prompts you to enter the password. In this 481 way, your password is not stored in your shell history.</p></td> 482 </tr> 483 </table> 484 485 <p>Here's how you would use Jarsigner to sign an application package called 486 <code>my_application.apk</code>, using the example keystore created above. 487 </p> 488 489 <pre>$ jarsigner -verbose -sigalg MD5withRSA -digestalg SHA1 -keystore my-release-key.keystore 490 my_application.apk alias_name</pre> 491 492 <p>Running the example command above, Jarsigner prompts you to provide 493 passwords for the keystore and key. It then modifies the APK 494 in-place, meaning the APK is now signed. Note that you can sign an 495 APK multiple times with different keys.</p> 496 497 <p class="caution"><strong>Caution:</strong> As of JDK 7, the default signing algorithim has 498 changed, requiring you to specify the signature and digest algorithims ({@code -sigalg} and {@code 499 -digestalg}) when you sign an APK.</p> 500 501 <p>To verify that your APK is signed, you can use a command like this:</p> 502 503 <pre>$ jarsigner -verify my_signed.apk</pre> 504 505 <p>If the APK is signed properly, Jarsigner prints "jar verified". 506 If you want more details, you can try one of these commands:</p> 507 508 <pre>$ jarsigner -verify -verbose my_application.apk</pre> 509 510 <p>or</p> 511 512 <pre>$ jarsigner -verify -verbose -certs my_application.apk</pre> 513 514 <p>The command above, with the <code>-certs</code> option added, will show you the 515 "CN=" line that describes who created the key.</p> 516 517 <p class="note"><strong>Note:</strong> If you see "CN=Android Debug", this means the APK was 518 signed with the debug key generated by the Android SDK. If you intend to release 519 your application, you must sign it with your private key instead of the debug 520 key.</p> 521 522 <p>For more information about Jarsigner, see the documentation at 523 <a href="http://docs.oracle.com/javase/6/docs/technotes/tools/windows/jarsigner.html"> 524 http://docs.oracle.com/javase/6/docs/technotes/tools/windows/jarsigner.html</a></p> 525 526 527 <h3 id="align">4. Align the final APK package</h3> 528 529 <p>Once you have signed the APK with your private key, run <code>zipalign</code> on the file. 530 This tool ensures that all uncompressed data starts with a particular byte alignment, 531 relative to the start of the file. Ensuring alignment at 4-byte boundaries provides 532 a performance optimization when installed on a device. When aligned, the Android 533 system is able to read files with {@code mmap()}, even if 534 they contain binary data with alignment restrictions, rather than copying all 535 of the data from the package. The benefit is a reduction in the amount of 536 RAM consumed by the running application.</p> 537 538 <p>The <code>zipalign</code> tool is provided with the Android SDK, inside the 539 <code>tools/</code> directory. To align your signed APK, execute:</p> 540 541 <pre>$ zipalign -v 4 <em>your_project_name</em>-unaligned.apk <em>your_project_name</em>.apk</pre> 542 543 <p>The {@code -v} flag turns on verbose output (optional). {@code 4} is the 544 byte-alignment (don't use anything other than 4). The first file argument is 545 your signed {@code .apk} file (the input) and the second file is the destination {@code .apk} file 546 (the output). If you're overriding an existing APK, add the {@code -f} flag.</p> 547 548 <p class="caution"><strong>Caution:</strong> Your input APK must be signed with your 549 private key <strong>before</strong> you optimize the package with {@code zipalign}. 550 If you sign it after using {@code zipalign}, it will undo the alignment.</p> 551 552 <p>For more information, read about the 553 <a href="{@docRoot}tools/help/zipalign.html">zipalign</a> tool. 554 555 556 <h3 id="ExportWizard">Compile and sign with Eclipse ADT</h3> 557 558 <p>If you are using Eclipse with the ADT plugin, you can use the Export Wizard to 559 export a <em>signed</em> APK (and even create a new keystore, 560 if necessary). The Export Wizard performs all the interaction with 561 the Keytool and Jarsigner for you, which allows you to sign the package using a GUI 562 instead of performing the manual procedures to compile, sign, 563 and align, as discussed above. Once the wizard has compiled and signed your package, 564 it will also perfom package alignment with {@code zipalign}. 565 Because the Export Wizard uses both Keytool and Jarsigner, you should 566 ensure that they are accessible on your computer, as described above 567 in the <a href="#setup">Basic Setup for Signing</a>.</p> 568 569 <p>To create a signed and aligned APK in Eclipse:</p> 570 571 <ol> 572 <li>Select the project in the Package 573 Explorer and select <strong>File > Export</strong>.</li> 574 <li>Open the Android folder, select Export Android Application, 575 and click <strong>Next</strong>. 576 <p>The Export Android Application wizard now starts, which will 577 guide you through the process of signing your application, 578 including steps for selecting the private key with which to sign the APK 579 (or creating a new keystore and private key).</p> 580 <li>Complete the Export Wizard and your application will be compiled, 581 signed, aligned, and ready for distribution.</li> 582 </ol> 583 584 585 586 <h2 id="secure-key">Securing Your Private Key</h2> 587 588 <p>Maintaining the security of your private key is of critical importance, both 589 to you and to the user. If you allow someone to use your key, or if you leave 590 your keystore and passwords in an unsecured location such that a third-party 591 could find and use them, your authoring identity and the trust of the user 592 are compromised. </p> 593 594 <p>If a third party should manage to take your key without your knowledge or 595 permission, that person could sign and distribute applications that maliciously 596 replace your authentic applications or corrupt them. Such a person could also 597 sign and distribute applications under your identity that attack other 598 applications or the system itself, or corrupt or steal user data. </p> 599 600 <p>Your reputation as a developer entity depends on your securing your private 601 key properly, at all times, until the key is expired. Here are some tips for 602 keeping your key secure: </p> 603 604 <ul> 605 <li>Select strong passwords for the keystore and key.</li> 606 <li>When you generate your key with Keytool, <em>do not</em> supply the 607 <code>-storepass</code> and <code>-keypass</code> options at the command line. 608 If you do so, your passwords will be available in your shell history, 609 which any user on your computer could access.</li> 610 <li>Similarly, when signing your applications with Jarsigner, 611 <em>do not</em> supply the <code>-storepass</code> and <code>-keypass</code> 612 options at the command line. </li> 613 <li>Do not give or lend anyone your private key, and do not let unauthorized 614 persons know your keystore and key passwords.</li> 615 </ul> 616 617 <p>In general, if you follow common-sense precautions when generating, using, 618 and storing your key, it will remain secure. </p>
