APK Signing
AEE will recognize APK files and app bundles and sign them accordingly with its default key. In order to sign an APK using a custom Keystore, some specific methods need to be followed and are explained in the next section.
Signing with a custom key
In order to sign APK's with a custom key, AEE requires either a PKCS #12 keystore or a PKCS #8/X509Certificate key pair.
How to generate a PKCS #12 keystore
- Convert a java keystore (JKS) to PKCS12 format
keytool -importkeystore -srckeystore KEYSTORE_PATH -destkeystore intermediate.p12 -srcstoretype JKS -deststoretype PKCS12
How to create a PKCS #8 private key
- Convert a PKCS12 to pem format
openssl pkcs12 -in intermediate.p12 -nodes -out intermediate.rsa.pem
- Convert the pem file to PKCS #8 format
openssl pkcs8 -topk8 -outform DER -in intermediate.rsa.pem -inform PEM -out private.pk8 -nocrypt
How to create X509Certificate
- Read X509Certificate from a java keystore (JKS)
keytool -list -rfc -keystore KEYSTORE_PATH -alias KEY_ALIAS -storepass STORE_PASSWORD
- From the output, copy the text starting from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE----- (including both) and save it as a text file
Open AEE and Navigate to Settings -> Sign APK's with and select Custom Key. A new page will now open which offers an option to select a custom Private Key. Use it to import your PKCS #12 keystore or PKCS #8 private key. Depending on the imported file, AEE might ask for additional details. For e.g., keystore and alias passwords are requested upon importing a PKCS #12 keystore. On the other hand, importing a PKCS #8 private key to AEE will lead you to a new window requesting it's respective X509Certificate pair. By fulfilling them, AEE will do the following changes, and now onwards uses the new credentials for signing.
- Save private key as
/data/data/com.apk.editor/files/signing/APKEditor.pk8
- Save X509Certificate as
/data/data/com.apk.editor/files/signing/APKEditorCert
Previous: General