Android Tutorial Tutorial - How to sign apk with non-B4A keystore

Here is my first tutorial for the community!

This tutorial will show you how to sign a B4A generated apk with a non-B4A keystore. I needed a way to do this for myself since I had some apps out created using AppInventor that I remade using B4A. On to the tut:

1. When you are ready to publish, You need to use B4ABuilder to compile an unsigned apk.
"C:\Program Files (x86)\Anywhere Software\Basic4Android\B4ABuilder.exe" -Task=Build -NoSign=True -Obfuscate=true
2. Go to \Main\Objects\bin and find the file called "temp.ap_". This is your app. Rename this file accordingly (i.e. "myapp.apk").
3. Copy your keystore file to the same directory as myapp.apk.
4. To make life easier, navigate to your android sdk folder and copy this file: \android-sdk\tools\zipalign.exe to the same folder as your apk and keystore.
5. Open Windows Command Prompt. Navigate to the folder where myapp.apk, keystore, and zipalign are
6. In Command Prompt type: jarsigner -verbose -keystore mykeystore.ks myapp.apk username
Change "mykeystore.ks" to your keystore's file name. Change "myapp.apk" to your app's file name. Change "username" to the username used in your keystore.
7. Enter your password when asked.
8. When it's finished, type this: zipalign -v 4 myapp.apk myapp_aligned.apk
9. You're done! myapp_aligned.apk is the file you'll need to upload to the market

 

[Erel]

Following this tutorial is not needed in almost all cases. If you have a key not created with Basic4android then you need to edit the ini file as MaFu wrote and change the alias name. The only case where you need to manually sign the app is if the key uses a different encryption mode.

 

[MaFu]

My keys are not created with B4A and additionally have different alias names. So my workflow ist to compile without signing and then sign with batch file.

@Erel:
Why is the alias name a fixed entry in ini file and not selectable by "Private Sign Key" dialog (wish for 3.1)?

 

[Erel]

Why is the alias name a fixed entry in ini file and not selectable by "Private Sign Key" dialog (wish for 3.1)?

This is not required in almost all cases as the developers use the key created with Basic4android. And like any feature can also confuse developers.

Why do you use different aliases?

 

[MaFu]

This is not required in almost all cases as the developers use the key created with Basic4android. And like any feature can also confuse developers.

Why do you use different aliases?

One key is for my company, the other is my private key.

 

[wxws]

Open Windows Command Prompt
type keytool.exe -changealias -alias B4A -destalias xxxx -keystore xxxx.keystore
enter your password
done

 

[ngaaka]

Hi,
I have created an app with B4a and published it to play store using keystone created by b4a. Because of some difficulties, my developer provided an update of the app code with Eclipse. Now, I need a method to use the b4a keystore to generate an apk with Eclipse and publish under the same signature?

 

[Erel]

The store alias is b4a. Your developer should be able to use the keystore with Eclipse.

 

[ngaaka]

He's unable to use it with Eclipse.
If we import it into Eclipse, enter the password, the Alias field if empty and we're unable to enter a value there?
Can you give me away to follow?

 

[ngaaka]

Thank you it's working now. It was a wrong password issue.

 

[daemon]

6. In Command Prompt type: jarsigner -verbose -keystore mykeystore.ks myapp.apk username

I had to add few arguments (in bold below) to sign my apk properly:

jarsigner -sigalg SHA1withRSA -digestalg SHA1 -keystore ...

 

[JohnC]

I had to add few arguments (in bold below) to sign my apk properly:

jarsigner -sigalg SHA1withRSA -digestalg SHA1 -keystore ...

Thanks a bunch for that info!

I need to use the manual-sign method mentioned here because I have an app in the playstore that was created with Phonegap, but I want to replace it with a real native app using B4a, so I needed to use the original keystore to properly replace/update the app in the play store.

I followed the batch instructions and it created an APK and I uploaded it, and google's playstore analyzed it and accepted it for publishing. When it published, it came up properly as a "update" for the old/phonegap version I had installed. But when I tried to install the new version from the app store, it gave a "package file was not signed correctly" error after the download. I can't believe google's play store didn't detect this problem when it analyzed my APK.

Anyway, I added your extra parameters to the jarsigner and now the APK installs ok from the playstore.

Thanks again - this would have taken me hours to figure out what was wrong!

 

[danijel]

I had to add few arguments (in bold below) to sign my apk properly:

jarsigner -sigalg SHA1withRSA -digestalg SHA1 -keystore ...

I have an app in the playstore that was created with Phonegap

Hi, @daemon, @JohnCody

I have AppInventor app and I have problems like you, But -sigalg SHA1withRSA -digestalg SHA1 didn't solve problem.
Any clue what else I need to type?

Thx

 

[JohnC]

I don't know why you are using AppInventor because all I need to do is a "Compile (without Signing)" from within B4A, then run this batch file I made:

Ren C:\VB\Android\B4A\myapp\Objects\bin\temp.ap_ myapp.apk
Copy C:\VB\Android\B4A\phonegap.keystore C:\VB\Android\B4A\myapp\Objects\bin
Copy C:\Android\android-sdk\tools\zipalign.exe C:\VB\Android\B4A\myapp\Objects\bin
cd C:\VB\Android\B4A\myapp\Objects\bin
C:\android\java\bin\jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1  -keystore phonegap.keystore myapp.apk omnisoft
zipalign -v 4 myapp.apk myapp_signed.apk

The end result is an APK that uploads fine to the playstore.

 

[danijel]

I am not using AppInventor now. I used it before like you used Phonegap. So I run on same problems like you.

I finally managed to solve the problem.
It seems that my key was generated with RSA alogrithm:

jarsigner -verbose -sigalg MD5withRSA -keystore key.ks myapk.apk myalias

 

[JohnC]

Glad you got it working.

Remember to enter the same name in B4A's "Package" (in "Build Configurations") to the same package name you have in AppInventor if you want to be able to "Replace/Update" the old AppInventor app in the playstore with the one created using B4A. If they don't match, the playstore wont allow you to replace it.

For example, B4A allows you to set the package name to anything you want, whereas App Studio (nsbasic.com with phonegap) always had "com.nsbasic.xxxx" in it and I couldn't easily change it. So I had to set B4A'a package name to "com.nsbasic.myapp" in order for the play store to accept a new replacement APK for that app.

 

[danijel]

Yeah, I know, thanks anyway.

 

[daemon]

Project > Compile (without signing) option is missing from B4A 5.02
How do I get unsigned APK?

Never mind, found it.

"C:\Program Files (x86)\Anywhere Software\Basic4android\B4ABuilder.exe" -task=build -nosign=true

 

[MetalOS]

Hello,

As some I use App inventor to create an application and the Play Store. Now that I use B4A I have a problem with my Keystore that comes from App Inventor. I change the ini file to indicate my alias and this is what tells me the compiler B4A:

jarsigner error: java.security.SignatureException: private key algorithm is not compatible with signature algorithm

Here are the signature features of my Keystore file.

I also try the methods proposed above, but nothing works and google tells me that I am trying to publish a debug version then you need a realase release. Thank you in advance for your help.

 

[danijel]

When I update my old game with Java 8 i get the same message.
So, I must Sign and Zipalign that game with Java 6

 

[MetalOS]

I'll try with Java 6 and I holding you informed. Thank you.