How To Manually Sign APK's With Jarsigner & Zipalign

Video Tutorial

# How To Manually Sign APK’s

## Why sign?

All Android applications must be digitally signed with a certificate. To ensure the authenticity of the application. The private key is held with the developer so that only he can release versions of the app with a verifiable certificate.

In essence, signing an apk ensures it’s authenticity from the developer.

Tools we will be using: Keytool, Jarsigner, and Zipalign

## What is a keystore?

Also know as the Java keystore (JKS) is a repository of security certificates (Public and private keys) that are used to digitally sign android applications and each keystore is unique to the developer.

A keystore essentially stores your security certificates.

## Keytool

Keytool allows you to create keystores and comes pre-packaged with the Java JDK

Let us generate our own keystore that we will use to sign our apk/payload.

Keytool -genkey -V -keystore /root/Desktop/key.keystore -alias alexis -keyalg RSA -keysize 2048 -validity 1000

Alias - keypair alias name

Keyalg - the algorithm used to generate the keypair

keysize - keypair size in bits

validity - keypair validity duration in days

## Using JARsigner

We will use jarsigner to sign the apk with our keystore.

Jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore /root/Desktop/key.keystore alexis(alias)

Sigalg - signature algorithm

Digestalg - digest algorithm

## What is zipalign?

Zipalign is an optimization process that is performed on an application that allows it to run more efficiently after signing.
Zipalign will restructure the resources in an APK along 4-byte boundaries. This alignment allows Android to quickly load the resources from the APK, increasing the performance of the application and potentially reducing memory use.

Let us zipalign the application

Zipalign -v 4 signed.apk

-v : Verbose

4: 32 bit alignment


@HackerSploit Fantastic share. I have not played around with phones to much but it seems everything is headed this way. With some of your most recent posts/videos have been enticing me to dig deeper. Soon I will have to take the plunge. So much work ahead. :rofl:

1 Like

Excellent, yup it is getting very interesting.

1 Like