2013-09-21

How I turn my website into an Android App - Part 3

In part 3 of this blog post, we are going to prepare the release version of the apk and publish it to Google Play store.

In order to publish an app to Google Play, the apk has to be signed and zip aligned. We are going to do both of them.


Step 1 
Use the keytool utility bundled with the Oracle JDK to generate a private key for signing the apk:

Assuming we are still in the amg directory, 

$ keytool -genkey -v -keystore ./amg.keystore -alias amgkey -keyalg RSA -keysize 2048 -validity 10000

where

"./amg.keystore" = the name and location of the key store
"amgkey" = the name of the key to generate

The encryption algorithm is RSA with a key size of 2048 bits, and the generated key is valid for 10,000 days (27 years).

It will ask you for a passphrase to protect the key store, and a bunch of other questions such as your first and last name, company name, etc.

It will also ask you for a passphrase to protect the key, with the option of using the same passphrase you choose for the key store.

Step 2 
Use the jarsigner utility bundled with the Oracle JDK to sign the apk with the generated key:

$ jarsigner -verbose -sigalg MD5withRSA -digestalg SHA1 -keystore ./amg.keystore platforms/android/bin/AMG-release-unsigned.apk amgkey

where

signature algorithm = MD5 with RSA
digest algorithm = SHA1

It will ask you for the passphrase to the key store.  The apk will be signed in place.

Step 3 
Use the zipalign utility bundled with the Android SDK to align the apk, which is basically a zip file:

zipalign -v 4 platforms/android/bin/AMG-release-unsigned.apk amg.apk

where

-v = verbose output
 4 = alignment in bytes

The signed and zip aligned amg.apk is now ready to upload to Google Play.

That's it.  Hope you like this post.

References
http://developer.android.com/tools/publishing/app-signing.html

No comments: