android: 官方apk签名文档

Signing Your App Manually 手动签名APP

---

You do not need Android Studio to sign your app. You can sign your app from the command line using standard tools from the Android SDK and the JDK. To sign an app in release mode from the command line:

1. Generate a private key using keytool. For example: 生成Key

   $ keytool -genkey -v -keystore my-release-key.keystore-alias alias_name -keyalg RSA -keysize 2048 -validity 10000

   This example prompts you for passwords for the keystore and key, and to provide the Distinguished Name fields for your key. It then generates the keystore as a file called my-release-key.keystore. The keystore contains a single key, valid for 10000 days. The alias is a name that you will use later when signing your app.

2. Compile your app in release mode to obtain an unsigned APK.

3. Sign your app with your private key using jarsigner: 签名

   $ jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1-keystore my-release-key.keystore my_application.apk alias_name

   This example prompts you for passwords for the keystore and key. It then modifies the APK in-place to sign it. Note that you can sign an APK multiple times with different keys.

4. Verify that your APK is signed. For example: 验证是否签名成功

   $ jarsigner -verify -verbose -certs my_application.apk

5. Align the final APK package using zipalign.  APK对齐

   $ zipalign -v 4 your_project_name-unaligned.apk your_project_name.apk

   zipalign ensures that all uncompressed data starts with a particular byte alignment relative to the start of the file, which reduces the amount of RAM consumed by an app.