How can I sign my app with “APK Signature Scheme v3”?

问题

Here in the docs, there is the explanation about signature v3 : https://source.android.com/security/apksigning/v3

But when I try to sign my app in android studio using Build>Generate signed apk/bundle, I can just check checkboxes for v1(jar signature) and v2(full apk signature) and there is no option for v3 signature.

How can I sign my App using signature scheme v3?

Thank you.

回答1:

As @Pierre said, the Android studio is not supporting to create v3 scheme verified releask apk.

To do that we need to manually create the signed build using Command line.

Please find the steps to create v3 scheme signed build,

1. Select build-tools\29.0.2 or later version.

   Note: You can find the build-tools folder inside the SDK location.

   \Users\AppData\Local\Android\Sdk\build-tools\29.0.2

2. Zipalign - Align the unsigned APK

   zipalign -v -p 4 app-production-debug.apk my-app-unsigned-aligned.apk

   Note:

   app-production-debug.apk - a. Apk file you have created from Android studio by Build-> Build Bundles(s)/APK(s)-> Build APK(s)

   my-app-unsigned-aligned.apk - The file will be created in the same directory(You can define your path as well).

3. Apksigner - Sign your APK with your private key

apksigner sign --ks release-keystore.jks --out my-app-release.apk my-app-unsigned-aligned.apk

Note: a. release-keystore.jks - Keystore file we have configured in the build.gradle file

   android {
                signingConfigs {
                        production {
                            storeFile file('release-keystore.jks')
                            storePassword 'XXXX'
                            keyAlias = 'AAAAA'
                            keyPassword 'XXXX'
                        }
                }
            buildTypes {
                        release {
                            ...............
                            signingConfig signingConfigs.production 

                        }
            }
        }

b. my-app-release.apk - Signed release build will be generated in the same directory(You can define your path as well).

4. Verify:

apksigner verify --verbose my-app-release.apk

5. You can see the schemes that verified in the release apk.

   Verifies

   Verified using v1 scheme (JAR signing): true

   Verified using v2 scheme (APK Signature Scheme v2): true

   Verified using v3 scheme (APK Signature Scheme v3): true

回答2:

As of today, you cannot sign with v3 signing scheme with Gradle or Android Studio.

If you wish to sign with v3 signing scheme, you will need to do it manually using apksigner.

Note that v3 signing scheme is just an extension of v2 signing scheme which allows in addition to rotate the app signing key. It is only supported on Android P devices and as of end of 2019, it is not yet supported by Google Play (I'm not sure about other publishing platforms).

来源：https://stackoverflow.com/questions/59248088/how-can-i-sign-my-app-with-apk-signature-scheme-v3