Self-Sign Your App Bundles

Updated on 24. May 2023 by Jan Bunk

A cute humanoid robot in blue light signing a stack of papers inside a large factory, digital art

For maximum security and flexibility we can provide our enterprise customers unsigned versions of their Android app, so they can sign them themselves.

This guide requires some technical proficiency to install the necessary programs and use the commandline. If it's too complex, we can also sign the app regularly ourselves and send you the keys afterwards.

Prerequisites

  • Enable self-signing in your dashboard
  • jarsigner
    This is included with the Java Developer Kit (JDK), but not the Java Runtime Environment (JRE). You can easily find and install recent versions of the JDK using AdoptOpenJDK
  • keytool
    Also included in the JDK.

Generating Keys

If you don't have any signing keys yet, you can generate them like this.

keytool -genkey -noprompt -v -keystore {key_file_name}.jks -storetype JKS -keyalg RSA -keysize 2048 -validity 99999 -alias {key_alias} -dname "OU=IT, O={organization}" -storepass {storepass} -keypass {keypass}
  • key_file_name
    Example: key0

    You can use any name for the key file. Preferably only use ASCII characters and digits though to be safe.

  • key_alias
    Example: key0

    You can use any alias, I usually keep it simple by naming it the same as the key file. Preferably only use ASCII characters and digits though to be safe.

  • organization
    Example: webtoapp.design

    The name of your company.

  • storepass
    Example: LWRrjdrnXW1NSYzUDLHkaa5uCesmELE

    A secure password for your keystore.

  • keypass
    Example: SYspVNgpUbintxdZrlKPx3vfYBvP7wd

    A secure password for your key

Signing an Unsigned App Bundle

jarsigner -sigalg SHA256withRSA -digestalg SHA-256 -keystore {key_file_name}.jks -keypass {keypass} -storepass {storepass} {bundle_name}.aab {key_alias}

Most variables here are from the previous step.

You can verify the signature with the following command. You can ignore the warning that you used a self-signed certificate.

jarsigner -verify {bundle_name}.aab

Uploading the App Bundle

You can just continue with the regular Google Play Store app publishing steps.

When you get to the app uploading section, just upload the app bundle you just signed.

Related Articles

Image with text: Staying Compliant with Export Regulations

Export Compliance in the App Store & Play Store

You need to pay attention to some export regulations because apps count as encryption software and app downloads count as exporting the app from the USA.

A cute humanoid robot welcoming another robot into his office with open arms, digital art

Granting us Access to Your Google Developer Account for Support

Developer accounts are needed to publish your app. Find out how you can grant us access to yours in case you want us to help you with something.

A humanoid robot delivering an app to amazon, digital art

Filling in the Information to Get Your App Published in Amazon's App Store

Publishing your Android app in the Amazon App Store is free and very easy compared to publishing it in the Google Play Store or Apple App Store.

Author Jan Bunk
Written by
Jan Bunk

Hi, I'm Jan! I created webtoapp.design in 2019 while studying computer science in university. A lot has changed since then - not only have I graduated, but it's also no longer just me running webtoapp.design. We've grown to a global, fully remote team and have gathered lots of experience around app development and app publishing. We've created and published hundreds of apps in the app stores, where they've been downloaded millions of times.