apksigner
Sign and verify Android APK files
TLDR
SYNOPSIS
apksigner sign [options] apkapksigner verify [options] apkapksigner rotate [options]apksigner lineage [options]
DESCRIPTION
apksigner is the official Android SDK tool for signing APK files. It supports multiple signature schemes (v1/JAR, v2, v3, v4) and can sign aligned APKs produced by zipalign.The tool ensures APKs meet Android's signing requirements for installation and updates, with newer schemes providing better security and verification speed.
PARAMETERS
sign
Sign an APK.verify
Verify APK signatures.rotate
Rotate a signing key, producing a new lineage from an old key to a new one.lineage
Inspect or update a signing certificate lineage.--ks file
Keystore file. Use NONE for a keystore type that needs no file (e.g. some PKCS #11).--ks-key-alias alias
Key alias in keystore.--ks-pass spec
Keystore password (pass:, env:, file:, or stdin).--key-pass spec
Key password (same input formats as --ks-pass).--key file
PKCS #8 private key file (alternative to --ks).--cert file
X.509 certificate chain file (used with --key).--out file
Signed APK output path.--min-sdk-version int
Lowest API level for which the signature is verified. Defaults to the manifest minSdkVersion.--max-sdk-version int
Highest API level for which the signature is verified.--v1-signing-enabled bool
Enable JAR signing (v1).--v2-signing-enabled bool
Enable APK Signature Scheme v2.--v3-signing-enabled bool
Enable APK Signature Scheme v3.--v4-signing-enabled bool|only
Enable APK Signature Scheme v4, producing a separate .idsig file.--verbose, -v
Verbose output.--print-certs
Print certificate details (verify only).
CAVEATS
APK must be zipaligned before signing with v2+. v1-only signing is deprecated for Android 11+. Key rotation requires v3 signing. Private key security is critical.
HISTORY
apksigner was introduced in Android SDK Build Tools 24.0.3 (2016) alongside APK Signature Scheme v2, replacing jarsigner as the recommended signing tool.