Signing Android Applications
In order to install an app on an Adroid device or on an Adroid emulator the app’s package must be signed.
App Adroid Directory
I like to create a subdirectory named android in my Eclipse workspace’s directory to hold the files needed to build my Android app. Let’s say that my Eclipse workspace directory is
I would create the subdirectory
to hold these files.
Eclipse automatically generates a certificate that can be used to sign a debug version of an app. This file is called debug.keystore and is usually stored in the .android subdirectory of your home directory (you can use Eclipse’s Preferences page, under Android → Build, to get the directory name being used).
Each time you install Eclipse with the ADT plugin you will get a new debug certificate. Since you may work on your app code from different computers and since different people may work on the code base, it is a good idea to copy one of these certificate files into your app’s project so that every person/computer uses the same certificate for signing. Copy the debug.keystore file to the app’s android subdirectory (see above).
Lastly, each developer must point their Eclipse ADT settings to this directory. Go back to Eclipse’s Preferences page, then to the Android → Build section, and browse to this new debug.keystore file and set it as the custom debug keystore.
Presumably you will want to eventually release your app to the Android market (or use some other distribution mechanism) so that users can install your app. You will need a self-signed “release” certificate to do this since the debug certificate cannot be used to sign an app that will be installed on user devices. The first step is to create the keystore to hold this certificate. Just set your default directory to the app’s android directory and enter this command:
Notice I specified that the certificate will be good for about 50 years (18,000 days); this is with common Android practices. You will also need to supply the organizational information shown. And of course substitute your application name, store password, and key password in the appropriate places. You now have a self-signed release.keystore certificate file you can use to sign your app with just prior to releasing it into the wild. Protect this file and its passwords; this is what uniquely identifies your app to Android and you cannot upgrade your app without this certificate.
Various tools require the MD5 fingerprint associated with a certificate. To obtain an MD5 fingerprint, use this command:
Note that the auto-generated debug.keystore certificate has an alias of androiddebugkey, a store password of android, and a key password of android. So to obtain the MD5 fingerprint for the debug certificate, use this command:
You can now use these fingerprints to obtain Android Maps API debug and release keys for your application. Or for any other purpose you might need the public keys.