Login
    Contents x
    Signing the Application on Android
    • 23 Jun 2025
    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Signing the Application on Android

    • Updated on 23 Jun 2025
    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Article summary

    To sign your application you can use an Android App Bundle (AAB) file or an Android package (APK) file.

    To use an AAB file

    • Sign the AAB file by running the following command:

      jarsigner -verbose -sigalg SHA256withRSA -digestalg SHA-256 -keystore <keystore_file_path> -storepass <keystore_password> -keypass <private_key_password> <aab_file_path> <alias_name>

      where:

      • keystore_file_path is the path of the keystore which contains the private key used to sign your Android application.

      • keystore_password is the password that protects your keystore.

      • private_key_password is the password that protects your private key.

      • aab_file_path is the path of the AAB file shielded with App Shielding by OneSpan.

      • alias_name is the name of the alias that represents the signer's private key and certificate data within the KeyStore.

    If you upload your own app signing key, it must be an RSA key with a length of 2048 bits or more.

    To use an APK file

    1. Align the APK file by running the following command:

      <android_sdk_path>/build-tools/<build_tools_version>/zipalign -v 4 <my-apk-unsigned> <apk_file_path_final>

      where:

      • android_sdk_path is the path of the Android SDK (e.g. /home/user/software/android-sdk-linux).

      • build_tools_version is the current version of the Android SDK build tools (e.g. 19.1.0).

      • my-apk-unsigned is the unsigned APK file.

      • apk_file_path_final is the path of the APK file ready to be deployed.

    2. Sign the APK file by running the following command:

      <android_sdk_path>/build-tools/build_tools_version/apksigner sign --verbose --ks <keystore_file_path> --ks-key-alias <alias_name> --ks-pass pass:<keystore_password> --key-pass pass:<private_key_password> <apk_file_path>

      where:

      • android_sdk_path is the path of the Android SDK (e.g. /home/user/software/android-sdk-linux).

      • keystore_file_path is the path of the keystore which contains the private key used to sign your Android application.

      • alias_name is the name of the alias that represents the signer's private key and certificate data within the KeyStore.

      • keystore_password is the password that protects your keystore.

      • private_key_password is the password that protects your private key.

      • apk_file_path is the path of the APK file shielded with App Shielding by OneSpan.

    An application that is signed with SHA-256 might not run on older devices.

    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, our interactive help assistant