diff --git a/docs/html/guide/publishing/app-signing.jd b/docs/html/guide/publishing/app-signing.jd index e86ec301c25c0..5bd9be5594976 100644 --- a/docs/html/guide/publishing/app-signing.jd +++ b/docs/html/guide/publishing/app-signing.jd @@ -66,7 +66,7 @@ on an emulator or a device if it is not signed. application's signer certificate expires after the application is installed, the application will continue to function normally.
  • You can use standard tools — Keytool and Jarsigner — to generate keys and -sign your application .apk files.
    • +sign your application {@code .apk} files.
  • After you sign your application for release, we recommend that you use the zipalign tool to optimize the final APK package.
    • @@ -186,9 +186,9 @@ to the Keytool in the JDK.

    The Android build tools provide a debug signing mode that makes it easier for you to develop and debug your application, while still meeting the Android system -requirement for signing your .apk. +requirement for signing your APK. When using debug mode to build your app, the SDK tools invoke Keytool to automatically create -a debug keystore and key. This debug key is then used to automatically sign the .apk, so +a debug keystore and key. This debug key is then used to automatically sign the APK, so you do not need to sign the package with your own key.

    The SDK tools create the debug keystore/key with predetermined names/passwords:

    @@ -215,19 +215,19 @@ to the public when signed with the debug certificate.

    If you are developing in Eclipse/ADT (and have set up Keytool and Jarsigner as described above in Basic Setup for Signing), signing in debug mode is enabled by default. When you run or debug your -application, ADT signs the .apk with the debug certificate, runs {@code zipalign} on the -package, then installs it on +application, ADT signs the {@code .apk} file with the debug certificate, runs {@code zipalign} on +the package, then installs it on the selected emulator or connected device. No specific action on your part is needed, provided ADT has access to Keytool.

    Ant Users

    -

    If you are using Ant to build your .apk files, debug signing mode +

    If you are using Ant to build your {@code .apk} file, debug signing mode is enabled by using the debug option with the ant command (assuming that you are using a build.xml file generated by the android tool). When you run ant debug to -compile your app, the build script generates a keystore/key and signs the .apk for you. -The script then also aligns the .apk with the zipalign tool. +compile your app, the build script generates a keystore/key and signs the APK for you. +The script then also aligns the APK with the zipalign tool. No other action on your part is needed. Read Building and Running Apps on the Command Line for more information.

    @@ -383,8 +383,8 @@ will use later, to refer to this keystore when signing your application.

    For more information about Keytool, see the documentation at -http://java.sun.com/j2se/1.5.0/docs/tooldocs/#security

    +href="http://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html"> +http://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html

    @@ -399,11 +399,11 @@ You can not release your application unsigned, or signed with the debug key.

    With Eclipse

    -

    To export an unsigned .apk from Eclipse, right-click the project in the Package +

    To export an unsigned APK from Eclipse, right-click the project in the Package Explorer and select Android Tools > Export Unsigned Application -Package. Then specify the file location for the unsigned .apk. -(Alternatively, open your AndroidManifest.xml file in Eclipse, open -the Overview tab, and click Export an unsigned .apk.)

    +Package. Then specify the file location for the unsigned APK. +(Alternatively, open your AndroidManifest.xml file in Eclipse, select +the Manifest tab, and click Export an unsigned APK.)

    Note that you can combine the compiling and signing steps with the Export Wizard. See Compiling and signing with Eclipse ADT.

    @@ -414,11 +414,11 @@ the Overview tab, and click Export an unsigned .apk.)< with the ant command. For example, if you are running Ant from the directory containing your {@code build.xml} file, the command would look like this:

    -
    ant release
    +
    $ ant release
    -

    By default, the build script compiles the application .apk without signing it. The output file +

    By default, the build script compiles the application APK without signing it. The output file in your project {@code bin/} will be <your_project_name>-unsigned.apk. -Because the application .apk is still unsigned, you must manually sign it with your private +Because the application APK is still unsigned, you must manually sign it with your private key and then align it using {@code zipalign}.

    However, the Ant build script can also perform the signing @@ -443,8 +443,8 @@ machine, as described in Basic Setup. Also, make sure that the keystore containing your private key is available.

    To sign your application, you run Jarsigner, referencing both the -application's .apk and the keystore containing the private key with which to -sign the .apk. The table below shows the options you could use.

    +application's APK and the keystore containing the private key with which to +sign the APK. The table below shows the options you could use.

    @@ -459,6 +459,14 @@ the keystore containing your private key. + + + + + +my_application.apk, using the example keystore created above.

    -
    $ jarsigner -verbose -keystore my-release-key.keystore
+
    $ jarsigner -verbose -sigalg MD5withRSA -digestalg SHA1 -keystore my-release-key.keystore
 my_application.apk alias_name
    
 
 
    Running the example command above, Jarsigner prompts you to provide
-passwords for the keystore and key. It then modifies the .apk
-in-place, meaning the .apk is now signed. Note that you can sign an
-.apk multiple times with different keys.
    
+passwords for the keystore and key. It then modifies the APK
+in-place, meaning the APK is now signed. Note that you can sign an
+APK multiple times with different keys.
    
 
-
    To verify that your .apk is signed, you can use a command like this:
    
+
    Caution: As of JDK 7, the default signing algorithim has
+changed, requiring you to specify the signature and digest algorithims ({@code -sigalg} and {@code
+-digestalg}) when you sign an APK.
    
+
+
    To verify that your APK is signed, you can use a command like this:
    
 
 
    $ jarsigner -verify my_signed.apk
    
 
-
    If the .apk is signed properly, Jarsigner prints "jar verified".
+
    If the APK is signed properly, Jarsigner prints "jar verified".
 If you want more details, you can try one of these commands:
    
 
 
    $ jarsigner -verify -verbose my_application.apk
    
@@ -502,19 +514,19 @@ If you want more details, you can try one of these commands:
    
 
    The command above, with the -certs option added, will show you the
 "CN=" line that describes who created the key.
    
 
-
    Note: If you see "CN=Android Debug", this means the .apk was
+
    Note: If you see "CN=Android Debug", this means the APK was
 signed with the debug key generated by the Android SDK. If you intend to release
 your application, you must sign it with your private key instead of the debug
 key.
    
 
 
    For more information about Jarsigner, see the documentation at
-
-http://java.sun.com/j2se/1.5.0/docs/tooldocs/#security
    
+
+http://docs.oracle.com/javase/6/docs/technotes/tools/windows/jarsigner.html
    
 
 
 
    4. Align the final APK package
    
 
-
    Once you have signed the .apk with your private key, run zipalign on the file.
+
    Once you have signed the APK with your private key, run zipalign on the file.
 This tool ensures that all uncompressed data starts with a particular byte alignment,
 relative to the start of the file. Ensuring alignment at 4-byte boundaries provides
 a performance optimization when installed on a device. When aligned, the Android
@@ -524,16 +536,16 @@ of the data from the package. The benefit is a reduction in the amount of
 RAM consumed by the running application.
    
 
 
    The zipalign tool is provided with the Android SDK, inside the
-tools/ directory. To align your signed .apk, execute:
    
+tools/ directory. To align your signed APK, execute:
    
 
-
    zipalign -v 4 your_project_name-unaligned.apk your_project_name.apk
    
+
    $ zipalign -v 4 your_project_name-unaligned.apk your_project_name.apk
    
 
 
    The {@code -v} flag turns on verbose output (optional). {@code 4} is the
 byte-alignment (don't use anything other than 4). The first file argument is
-your signed .apk (the input) and the second file is the destination .apk file (the output).
-If you're overriding an existing .apk, add the {@code -f} flag.
    
+your signed {@code .apk} file (the input) and the second file is the destination {@code .apk} file
+(the output). If you're overriding an existing APK, add the {@code -f} flag.
    
 
-
    Caution: Your input .apk must be signed with your
+
    Caution: Your input APK must be signed with your
 private key before you optimize the package with {@code zipalign}.
 If you sign it after using {@code zipalign}, it will undo the alignment.
    
 
@@ -544,7 +556,7 @@ If you sign it after using {@code zipalign}, it will undo the alignment.
    
 
    Compile and sign with Eclipse ADT
    
 
 
    If you are using Eclipse with the ADT plugin, you can use the Export Wizard to
-export a signed .apk (and even create a new keystore,
+export a signed APK (and even create a new keystore,
 if necessary). The Export Wizard performs all the interaction with
 the Keytool and Jarsigner for you, which allows you to sign the package using a GUI
 instead of performing the manual procedures to compile, sign,
@@ -554,7 +566,7 @@ Because the Export Wizard uses both Keytool and Jarsigner, you should
 ensure that they are accessible on your computer, as described above
 in the Basic Setup for Signing.
    
 
-
    To create a signed and aligned .apk in Eclipse:
    
+
    To create a signed and aligned APK in Eclipse:
    
 
 
      
   
    1. Select the project in the Package
@@ -563,7 +575,7 @@ Explorer and select File > Export.
      2. 
   and click Next.
   
      The Export Android Application wizard now starts, which will
   guide you through the process of signing your application,
-  including steps for selecting the private key with which to sign the .apk
+  including steps for selecting the private key with which to sign the APK
   (or creating a new keystore and private key).
      
   
    2. Complete the Export Wizard and your application will be compiled,
   signed, aligned, and ready for distribution.
      3.
    -verboseEnable verbose output.
    -sigalgThe name of the signature algorithim to use in signing the APK. +Use the value {@code MD5withRSA}.
    -digestalgThe message digest algorithim to use in processing the entries +of an APK. Use the value {@code SHA1}.
    -storepass <password>

    The password for the keystore.

    As a security precaution, do not include this option in your command line unless you are working at a secure computer. @@ -478,19 +486,23 @@ way, your password is not stored in your shell history.