APK Signing

AEE will recognize APK files and app bundles and sign them accordingly with its default key. In order to sign an APK using a custom Keystore, some specific methods need to be followed and are explained in the next section.

Signing with a custom key

In order to sign APK's with a custom key, AEE requires a private key in pk8 format as well as an X509Certificate exported from the same key.

How to create private key

1. Convert a java keystore (JKS) to PKCS12 format
   
   keytool -importkeystore -srckeystore KEYSTORE_PATH -destkeystore intermediate.p12 -srcstoretype JKS -deststoretype PKCS12
   
   
2. Convert a PKCS12 to pem format
   
   openssl pkcs12 -in intermediate.p12 -nodes -out intermediate.rsa.pem
   
   
3. Finally convert pem to pk8 format
   
   openssl pkcs8 -topk8 -outform DER -in intermediate.rsa.pem -inform PEM -out private.pk8 -nocrypt
   

How to create X509Certificate

1. Read X509Certificate from a java keystore (JKS)
   
   keytool -list -rfc -keystore KEYSTORE_PATH -alias KEY_ALIAS -storepass STORE_PASSWORD
   
   
2. From the output, copy the text starting from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE----- (including both) and save it as a text file
   
   

Configure AEE to work with custom key

Open AEE and Navigate to Settings -> Sign APK's with and select Custom Key. A new page will now open which offers options to select a custom Private Key and X509Certificate. Use it! By doing so, AEE will do the following changes, and now onwards uses the new credentials for signing.

1. Save private key as
   
   /data/data/com.apk.editor/files/signing/APKEditor.pk8
   
   
2. Save X509Certificate as
   
   /data/data/com.apk.editor/files/signing/APKEditorCert
   
   

Previous: General