Torbjorn Zetterlund

Fri 15 2012

Signing your Android application for release to Google Play with Eclipse

by bernt & torsten

When you want to release your Android application to Google Play, you need to first sign your app. To do that there are some prerequisites. My examples are for Eclipse users.

Before you can sign your application, you must first ensure that you have a suitable private key with which to sign. A suitable private key is one that:

  • Is in your possession
  • Represents the personal, corporate, or organizational entity to be identified with the application
  • Has a validity period that exceeds the expected lifespan of the application or application suite. A validity period of more than 25 years is recommended. If you plan to publish your application(s) on Google Play, note that a validity period ending after 22 October 2033 is a requirement. You can not upload an application if it is signed with a key whose validity expires before that date.
  • It is not the debug key generated by the Android SDK tools.

Generate your Key

To generate a self-signed key with Keytool, use the  keytool  command and pass any of the options listed below (and any others, as needed). Keytool is a tool that comes with your Java installation, you often tool here. C:Program FilesJava<Java Release>bin

Keytool OptionDescription
-genkeyGenerate a key pair (public and private keys)
-vEnable verbose output.
-alias <alias_name>An alias for the key. Only the first 8 characters of the alias are used.
-keyalg <alg>The encryption algorithm to use when generating the key. Both DSA and RSA are supported.
-keysize <size>The size of each generated key (bits). If not supplied, Keytool uses a default key size of 1024 bits. In general, we recommend using a key size of 2048 bits or higher.
-dname <name>

A Distinguished Name that describes who created the key. The value is used as the issuer and subject fields in the self-signed certificate.

Note that you do not need to specify this option in the command line. If not supplied, Jarsigner prompts you to enter each of the Distinguished Name fields (CN, OU, and so on).

-keypass <password>

The password for the key.

As a security precaution, do not include this option in your command line. If not supplied, Keytool prompts you to enter the password. In this way, your password is not stored in your shell history.

-validity <valdays>

The validity period for the key, in days.

Note:  A value of 10000 or greater is recommended.

-keystore  <keystore-name>.keystoreA name for the keystore containing the private key.
-storepass <password>

A password for the keystore.

As a security precaution, do not include this option in your command line. If not supplied, Keytool prompts you to enter the password. In this way, your password is not stored in your shell history.

Here’s an example of a Keytool command that generates a private key:

$ keytool -genkey -v -keystore myApp.keystore
-alias MyApp -keyalg RSA -keysize 2048-validity 10000

I store MyApp key in the directory C://Users/<PCName>/.Android – it is just easier to remember.

Compile the application in release mode

In order to release your application to users, you must compile it in release mode. In release mode, the compiled application is not signed by default and you will need to sign in with your private key.

Caution: You can not release your application unsigned, or signed with the debug key.

Using Eclipse with the ADT plugin, you can use the Export Wizard to export a  signed  APK (and even create a new keystore, if necessary). The Export Wizard performs all the interaction with the Keytool and Jarsigner for you, which allows you to sign the package using a GUI instead of performing the manual procedures to compile, sign, and align. Once the wizard has compiled and signed your package, it will also perform package alignment with  zipalign. Because the Export Wizard uses both Keytool and Jarsigner, you should ensure that they are accessible on your computer.

To create a signed and aligned APK in Eclipse:

  • Select the project in the Package Explorer and select  – File > Export.
  • Open the Android folder, select the Export Android Application, and click Next. The Export Android Application wizard now starts, which will guide you through the process of signing your application, including steps for selecting the private key with which to sign the APK (or creating a new keystore and private key).
  • Complete the Export Wizard and your application will be compiled, signed, aligned, and ready for distribution.

That’s it – you should know have a signed .apk that you can move to the Google Play.