How to sign up for your hybrid mobile app for placement on Google Play
So, you worked for many days (and maybe nights), and now your first hybrid mobile application is ready. It is quite stable, most critical bugs are closed. Small ones remained, but remembering that perfectionism is evil, you make a willful decision to upload the application.
A necessary condition for this is the availability of a signed APK file. How to sign the apk file, you will learn from this article.
When my pet project came close to release, I began to look for information about how quickly and without pain to publish the application. The set of instructions found looked simple. I chose the instructions of the authors of the framework Ionic, on which the application is developed. Not everything worked out the first time, there are several features. The process of signing is described in this article, the important points are highlighted.
I assume that you have everything you need to develop hybrid mobile applications using Apache Cordova. Must be installed:
')
The project name and application name is lcf. Replace your project name where necessary.
First you need to create a release build of your application. But before that, let's make sure that all the extra plugins are removed. For example, we do not need a plugin that displays debug information in the console. Delete it:
To generate a release build for Android, use the build command with the --release flag:
This command will create an unsigned APK file in the directory:
For example, platforms / android / build / outputs / apk / android-release-unsigned.apk . Then we need to sign this file and run the zipalign utility to optimize and prepare the file for Google Play.
To sign the file you need a certificate. Create it using the keytool utility, which is included in the JDK:
Important
* You need to sign the application each time updates are released.
The keytool utility asks a series of questions. There will be a total of 8. In order to have an idea about the questions and approximate answers in advance, they are all given below, under the spoiler.
At the end there will be a message about the successful generation of the key. You will be prompted to set a password for the private key (if you want to keep the same as for the certificate, press Enter):
The file lcf.keystore will be created in the current directory.
Important
There are two steps left, and you will get an APK file ready for distribution. We proceed directly to signing.
To sign your apk file, use the jarsigner utility, which is also included in the JDK.
The certificate name is specified after the -keystore parameter, the alias - after the file name.
Finally, to optimize the apk file, let's use the zipalign utility:
The last parameter is the name of the file you’ll upload to Google Play.
Important.
Now you have a ready-to-distribute apk file that can be downloaded to Google Play. Fill out the description, determine the rating of your application and feel free to click “Publish”.
A necessary condition for this is the availability of a signed APK file. How to sign the apk file, you will learn from this article.
Small retreat
When my pet project came close to release, I began to look for information about how quickly and without pain to publish the application. The set of instructions found looked simple. I chose the instructions of the authors of the framework Ionic, on which the application is developed. Not everything worked out the first time, there are several features. The process of signing is described in this article, the important points are highlighted.
Initial data
I assume that you have everything you need to develop hybrid mobile applications using Apache Cordova. Must be installed:
')
- Apache cordova
- Java Development Kit
- Android SDK Tools
The project name and application name is lcf. Replace your project name where necessary.
Go
First you need to create a release build of your application. But before that, let's make sure that all the extra plugins are removed. For example, we do not need a plugin that displays debug information in the console. Delete it:
$ cordova plugin rm cordova-plugin-console To generate a release build for Android, use the build command with the --release flag:
$ cordova build --release android This command will create an unsigned APK file in the directory:
platforms/android/build/outputs/apk For example, platforms / android / build / outputs / apk / android-release-unsigned.apk . Then we need to sign this file and run the zipalign utility to optimize and prepare the file for Google Play.
To sign the file you need a certificate. Create it using the keytool utility, which is included in the JDK:
$ keytool -genkey -v -keystore lcf.keystore -alias lcf -keyalg RSA -keysize 2048 -validity 10000 Important
The value of the -alias parameter needs to be remembered, or better written. In the example above, it is equal to lcf (after the first letters of the name of the Loyal Client Free application). I will not give details here, if it is interesting, write in the comments, I will tell you more.
Alias ​​is used every time you sign * an application. To make it easier to remember, use the name of the keystore file as an alias, for example:
-keystore hello-world.keystore -alias hello-world -keystore weather-app.keystore -alias weather-app -keystore todo.keystore -alias todo * You need to sign the application each time updates are released.
The keytool utility asks a series of questions. There will be a total of 8. In order to have an idea about the questions and approximate answers in advance, they are all given below, under the spoiler.
Keytool questions and approximate answers to them
1. Enter keystore password:
Here you must enter the password for the file (at least 6 characters). The entered password must be recorded in a safe place, it is needed every time you sign the application.
2. Re-enter new password:
Re-enter password.
3. What is your first and last name?
[Unknown]: Ivan Petrov
Your first and last name. The value in square brackets is the default value.
4. What is your organizational unit?
[Unknown]: IT
The name of your business unit. You can leave it blank, I specify IT.
5. What is the name of your organization?
[Unknown]: 2developers
The name of your organization. Indicate if there is.
6. What is your City or Locality?
[Unknown]: Moscow
City name
7. What is your state or province?
[Unknown]: MO
Region Name
8. What is the two-letter country code for this unit?
[Unknown]: RU
Country code. I specify RU.
Further it will be offered to check the entered information:
Is CN = Ivan Petrov, OU = IT, O = 2developers, L = Moscow, ST = MO, C = RU correct?
[no]: y
Confirm if everything is correct or press Enter to enter again.
Here you must enter the password for the file (at least 6 characters). The entered password must be recorded in a safe place, it is needed every time you sign the application.
2. Re-enter new password:
Re-enter password.
3. What is your first and last name?
[Unknown]: Ivan Petrov
Your first and last name. The value in square brackets is the default value.
4. What is your organizational unit?
[Unknown]: IT
The name of your business unit. You can leave it blank, I specify IT.
5. What is the name of your organization?
[Unknown]: 2developers
The name of your organization. Indicate if there is.
6. What is your City or Locality?
[Unknown]: Moscow
City name
7. What is your state or province?
[Unknown]: MO
Region Name
8. What is the two-letter country code for this unit?
[Unknown]: RU
Country code. I specify RU.
Further it will be offered to check the entered information:
Is CN = Ivan Petrov, OU = IT, O = 2developers, L = Moscow, ST = MO, C = RU correct?
[no]: y
Confirm if everything is correct or press Enter to enter again.
At the end there will be a message about the successful generation of the key. You will be prompted to set a password for the private key (if you want to keep the same as for the certificate, press Enter):
Generating 2 048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 10 000 days for: CN=Ivan Petrov, OU=IT, O=2developers, L=Moscow, ST=MO, C=RU Enter key password for <lcf> (RETURN if same as keystore password): [Storing lcf.keystore] The file lcf.keystore will be created in the current directory.
Important
The created file must be saved in a safe place. If you use a closed repository, then the file can be committed together with the application source codes. In general, certificates are best kept separately. In case of loss of the certificate, you will not be able to release updates of the application.
There are two steps left, and you will get an APK file ready for distribution. We proceed directly to signing.
To sign your apk file, use the jarsigner utility, which is also included in the JDK.
$ jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore lcf.keystore android-release-unsigned.apk lcf The certificate name is specified after the -keystore parameter, the alias - after the file name.
Finally, to optimize the apk file, let's use the zipalign utility:
$ zipalign -v 4 android-release-unsigned.apk LoyalClientFree.apk The last parameter is the name of the file you’ll upload to Google Play.
Important.
The zipalign utility is part of the Android SDK Tools and can be found here:/path/to/Android/sdk/build-tools/VERSION/zipalign
Conclusion
Now you have a ready-to-distribute apk file that can be downloaded to Google Play. Fill out the description, determine the rating of your application and feel free to click “Publish”.
Source: https://habr.com/ru/post/324350/
All Articles