Upload key: A new key you generate during your enrollment in the program. You will use the upload key to sign all future APKs prior to uploading them to the Play Console. You will use the upload key to sign all future APKs prior to uploading them to the Play Console.
- Oct 09, 2017 How to generate signed apk for google play production distribution upload Android Studio - Duration: 3:47. John's Android Studio Tutorials 56,566 views.
- Sep 05, 2017 For new apps, we can generate your app signing key. Once enrolled in app signing, you sign your APK with an upload key, which we use to authenticate your identity. We’ll then strip that.
- App signing in the Play Console allows us to offer help in such circumstances. For existing apps, it requires transferring your app signing key to Google Play. For new apps, we can generate your app signing key. Once enrolled in app signing, you sign your APK with an upload key, which we use to authenticate your identity.
After the application has been built for release, the APK must be signed prior to distribution so that it can be run on an Android device. This process is typically handled with the IDE, however there are some situations where it is necessary to sign the APK manually, at the command line. The following steps are involved with signing an APK:
- Create a Private Key – This step needs to be performedonly once. A private key is necessary to digitally sign the APK.After the private key has been prepared, this step can be skippedfor future release builds.
- Zipalign the APK – Zipalign is an optimization processthat is performed on an application. It enables Android to interactmore efficiently with the APK at runtime. Xamarin.Android conductsa check at runtime, and will not allow the application to run ifthe APK has not been zipaligned.
- Sign the APK – This step involves using the apksigner utility from the Android SDK and signing the APK with the private key that was created in the previous step. Applications that are developed with older versions of the Android SDK build tools prior to v24.0.3 will use the jarsigner app from the JDK. Both of these tools will be discussed in more detail below.
The order of the steps is important and is dependent on which tool used to sign the APK. When using apksigner, it is important to first zipalign the application, and then to sign it with apksigner. If it is necessary to use jarsigner to sign the APK, then it is important to first sign the APK and then run zipalign.
Prerequisites
This guide will focus on using apksigner from the Android SDK buildtools, v24.0.3 or higher. It assumes that an APK has already beenbuilt.
Applications that are built using an older version of the Android SDKBuild Tools must use jarsigner as described inSign the APK with jarsigner below.
Create a Private Keystore
A keystore is a database of security certificates that is createdby using the programkeytoolfrom the Java SDK. A keystore is critical to publishing aXamarin.Android application, as Android will not run applications thathave not been digitally signed.
During development, Xamarin.Android uses a debug keystore to sign theapplication, which allows the application to be deployed directly tothe emulator or to devices configured to use debuggable applications.However, this keystore is not recognized as a valid keystore for thepurposes of distributing applications.
For this reason, a private keystore must be created and used forsigning applications. This is a step that should only be performedonce, as the same key will be used for publishing updates and can thenbe used to sign other applications.
It is important to protect this keystore. If it is lost, then it willnot be possible to publish updates to the application with Google Play.The only solution to the problem caused by a lost keystore would be tocreate a new keystore, re-sign the APK with the new key, and thensubmit a new application. Then the old application would have to beremoved from Google Play. Likewise, if this new keystore is compromisedor publicly distributed, then it is possible for unofficial ormalicious versions of an application to be distributed.
Create a New Keystore
Creating a new keystore requires the command line toolkeytoolfrom the Java SDK. The following snippet is an example of how to usekeytool (replace
<my-filename>
with the file name for the keystoreand <key-name>
with the name of the key within the keystore):The first thing that keytool will ask for is the password for thekeystore. Then it will ask for some information to help with creatingthe key. The following snippet is an example of creating a new keycalled
publishingdoc
that will be stored in the filexample.keystore
:To list the keys that are stored in a keystore, use the keytool withthe –
list
option:Zipalign the APK
Before signing an APK with apksigner, it is important to first optimize the file using the zipalign tool from the Android SDK. zipalign will restructure the resources in an APK along 4-byte boundaries. This alignment allows Android to quickly load the resources from the APK, increasing the performance of the application and potentially reducing memory use. Xamarin.Android will conduct a run-time check to determine if the APK has been zipaligned. If the APK is not zipaligned, then the application will not run.
The follow command will use the signed APK and produce a signed, zipaligned APK called helloworld.apk that is ready for distribution.
Sign the APK
After zipaligning the APK, it is necessary to sign it using a keystore. This is done with the apksigner tool, found in the build-tools directory of the version of the SDK build tools. For example, if the Android SDK build tools v25.0.3 is installed, then apksigner can be found in the directory:
The following snippet assumes that apksigner is accessible by the
PATH
environment variable. It will sign an APK using the key aliaspublishingdoc
that is contained in the file xample.keystore:When this command is run, apksigner will ask for the password to the keystore if necessary.
See Google's documentation for more details on the use of apksigner.
![Upload Upload](/uploads/1/2/6/0/126040639/458211035.png)
![Android app signing generate an upload keys Android app signing generate an upload keys](https://www.ybierling.com/images/large/google//android-app-bundle-apk/android-app-bundle-apk4.png)
Note
According to Google issue 62696222, apksigner is 'missing' from the Android SDK. The workaround for this is to install the Android SDK build tools v25.0.3 and use that version of apksigner.
Sign the APK with jarsigner
Warning
This section only applies if it is nececssary to sign the APK with the jarsigner utility. Developers are encouraged to use apksigner to sign the APK.
This technique involves signing the APK file using the jarsigner command from the Java SDK. The jarsigner tool is provided by the Java SDK.
The following shows how to sign an APK by using jarsigner and the key
publishingdoc
that is contained in a keystore file named xample.keystore :Note
When using jarsigner, it is important to sign the APK first, and then to use zipalign.