Unable to sign apk file using jarsigner

Question

I am signing my apk using the below command:

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore mykeystore.keystore myApp.apk aliasname

The log ends with

.
.
.
signing: org/achartengine/image/zoom-1.png
signing: org/achartengine/image/zoom_in.png
signing: org/achartengine/image/zoom_out.png
signing: LICENSE.txt
signing: assets/cpwrUEM-instr-runtime.properties
jar signed.

But when I run the verification command:

jarsigner -verify -verbose -certs myApp.apk

I get the below error:

jarsigner: java.lang.SecurityException: invalid SHA1 signature file digest for res/drawable-hdpi-v4/btn_large.png

Most of the forums mentions that when we get the above error message we should resign the jar by adding -digestalg SHA1. But I already have that and still get the same exception.

On trying to install on a device, I get the message

There is a problem parsing the package.

UPDATE:

On changing the algorithm from SHA1 to SHA-256 it stills give me the same exception but this time on a xml file.

score 1 · Accepted Answer · answered Nov 17 '15 at 18:00

1

Verify if the apk you are signing is originally unsigned or not. If not, export the unsigned version using the Android Tools in your IDE.

answered Nov 17 '15 at 18:00

Mudit Shukla

814
2
6
16

Unable to sign apk file using jarsigner

UPDATE:

1 Answers1