App Signing Process

APK Signature and Verification Process

Standard Android System Requirements

Application Signing:
- All applications must be signed before installation on a standard Android system.
- For detailed instructions, refer to Google's official resources on application signing.

wizarPOS Terminal Specifics

Enhanced Signature Checks:
- In addition to standard Android signature verification, wizarPOS terminals conduct additional checks using the root certificate chain.
- Only APKs signed with the root certificate or a child certificate are permitted for installation.
Obtaining a Signing Certificate:
- Developers must acquire a signing certificate issued by wizarPOS.
- Refer to wizarPOSDevCertificateApplyGuide_en.pdf for instructions on applying for this certificate.
Importing the Certificate Chain:
- After receiving the CSR reply from wizarPOS, import the certificate chain file into your keystore.
- APKs signed with this keystore will be installable on wizarPOS terminals.

Development Mode Terminals

Relaxed Signature Requirements:
- Terminals in development mode do not require the additional signature verification.
- This allows for the use of ADB to install and debug Android applications in development mode.

Custom Certificate Chains

Terminal Control:
- The certificate chain issued by wizarpos can be replaced with the terminal owner's own certificate chain.
- This enables terminal owners to have full control over the applications installed on their terminals.

How to sign APK

Use IDE to sign APK

Please refer to Google Sign APP

Click Build>Generate Signed Bundle/APK
Select APK
Choose keystore and input the info in the follow picture, click Next
Keep Default settings, set stored path of the signed APK, then click Finish

Please read this apksigner tool.

For Example: Sign an APK using release.jks, which is the only key in the KeyStore:

 $ apksigner sign --ks release.jks --out <out path>/<out name>.apk app.apk

Use command line tool to sign APK(Deprecated)

WizarPOS provides a Java signature tool to help developers sign APK. You can use it on the command line. Please download the signature tool v2.5-81. Make sure you have JRE 1.6 or later installed on your PC.

Run signature tool

In PC, run the follow command:

Use jks：java -jar <File Path>/SignatureTools.jar sign --keytype jks --apk <File Path>/<in name>.apk --out <File Path>/<out name>.apk --keystore <File Path>/<name>.jks --alias androiddebugkey --storepass wizarpos([Optional]) --sigAlg SHA1withRSA(SHA1withRSA/MD5withRSA/SHA256withRSA, [Optional]) --signatureScheme v1v2(v1/v2,[Optional]) --zipalign

Replace the real parameter value, and change the key password and store password to your real password.

For Example: java -jar SignatureTools_v2.5-81-g1e5b0ac sign --keytype jks --apk bcare_wallet_beta_andorid6.apk --out bcare_wallet_beta_andorid6_signed3.apk --keystore E:\...\XXX.jks --alias XXX--keypass XXX --storepass XXX --signatureScheme v1v2 --zipalign --quiet

Use pk8：java -jar <File Path>/SignatureTools.jar sign --keytype pk8 --apk <File Path>/<in name>.apk --out <File Path>/<out name>.apk --keyfile <File Path>/private_pwd.pk8(With or Without password) --certs <File Path>/cert.x509_pwd.pem --keypass android(Optional) --storepass android(Optional) --sigAlg SHA1withRSA(SHA1withRSA/MD5withRSA/SHA256withRSA, Optional) --signatureScheme v2(v1/v2)

Replace the real parameter value, and change the key password and store password to your real password.

Parameter	Value	Specification
--keytype	jks or pk8	The type of the keystore which used to sign the APK.
--keystore	The path of the jks key store file	It must be defined when using jks keystore
--keyfile	The path of the pk8 file	It must be defined when using pk8 file as keystore.
--apk	The file path of the apk before signed	The file path of the apk before signed
--out	The file path of the apk after signed	The file path of the apk after signed
--alias	Alias name of private key	Alias name of private key in jks file
--certs	Certificates file path	When keytype is pk8, this is the certificate chain
--storepass	Password of keystore file	Password of keystore file
--keypass	password of private key	password of private key in jks file or pk8 file
--sigAlg	SHA1withRSA or MD5withRSA or SHA256withRSA	signature algorithm
--signatureScheme	v1 or v2 or v1v2	signature scheme
--zipalign		apk zipalign
--quiet		suppress informational messages, only show warnings and errors.

Parameter

Value

Specification

--keytype

jks or pk8

The type of the keystore which used to sign the APK.

--keystore

The path of the jks key store file

It must be defined when using jks keystore

--keyfile

The path of the pk8 file

It must be defined when using pk8 file as keystore.

--apk

The file path of the apk before signed

--out

The file path of the apk after signed

--alias

Alias name of private key

Alias name of private key in jks file

--certs

Certificates file path

When keytype is pk8, this is the certificate chain

--storepass

Password of keystore file

--keypass

password of private key

password of private key in jks file or pk8 file

--sigAlg

SHA1withRSA or MD5withRSA or SHA256withRSA

signature algorithm

--signatureScheme

v1 or v2 or v1v2

signature scheme

--zipalign

apk zipalign

--quiet

suppress informational messages, only show warnings and errors.

PreviousSetup ANDROID HOME NextInstall POS Applications

Last updated 3 months ago