LinuxCommandLibrary
GitHub F-Droid Google Play Store

apksigner

Sign and verify Android APK files

TLDR

Sign an APK
$ apksigner sign --ks [keystore.jks] [app.apk]
copy
Sign with specific key alias
$ apksigner sign --ks [keystore.jks] --ks-key-alias [alias] [app.apk]
copy
Verify APK signature
$ apksigner verify [app.apk]
copy
Verify with details
$ apksigner verify --verbose --print-certs [app.apk]
copy
Sign with a PKCS #8 key and certificate (no keystore)
$ apksigner sign --key [key.pk8] --cert [cert.x509.pem] [app.apk]
copy
Sign targeting a minimum SDK version
$ apksigner sign --ks [keystore.jks] --min-sdk-version [21] [app.apk]
copy

SYNOPSIS

apksigner sign [options] apkapksigner verify [options] apkapksigner rotate [options]apksigner lineage [options]

DESCRIPTION

apksigner is the official Android SDK tool for signing APK files. It supports multiple signature schemes (v1/JAR, v2, v3, v4) and can sign aligned APKs produced by zipalign.The tool ensures APKs meet Android's signing requirements for installation and updates, with newer schemes providing better security and verification speed.

PARAMETERS

sign

Sign an APK.
verify
Verify APK signatures.
rotate
Rotate a signing key, producing a new lineage from an old key to a new one.
lineage
Inspect or update a signing certificate lineage.
--ks file
Keystore file. Use NONE for a keystore type that needs no file (e.g. some PKCS #11).
--ks-key-alias alias
Key alias in keystore.
--ks-pass spec
Keystore password (pass:, env:, file:, or stdin).
--key-pass spec
Key password (same input formats as --ks-pass).
--key file
PKCS #8 private key file (alternative to --ks).
--cert file
X.509 certificate chain file (used with --key).
--out file
Signed APK output path.
--min-sdk-version int
Lowest API level for which the signature is verified. Defaults to the manifest minSdkVersion.
--max-sdk-version int
Highest API level for which the signature is verified.
--v1-signing-enabled bool
Enable JAR signing (v1).
--v2-signing-enabled bool
Enable APK Signature Scheme v2.
--v3-signing-enabled bool
Enable APK Signature Scheme v3.
--v4-signing-enabled bool|only
Enable APK Signature Scheme v4, producing a separate .idsig file.
--verbose, -v
Verbose output.
--print-certs
Print certificate details (verify only).

CAVEATS

APK must be zipaligned before signing with v2+. v1-only signing is deprecated for Android 11+. Key rotation requires v3 signing. Private key security is critical.

HISTORY

apksigner was introduced in Android SDK Build Tools 24.0.3 (2016) alongside APK Signature Scheme v2, replacing jarsigner as the recommended signing tool.

SEE ALSO

zipalign(1), keytool(1), jarsigner(1), aapt(1)

RESOURCES

Source code · Documentation

Copied to clipboard
Kai

AltStyle によって変換されたページ (->オリジナル) /