SoFunction
Updated on 2025-04-14

Android system signature keytool-importkeypair operation steps

To use system signatures in an Android project and package the APK with the project, follow these steps:

Step 1: Prepare the system signature file

  • Obtain the system signature file from the Android system source code, usually located inbuild/target/product/securityIn the directory, includingplatform.pk8andplatform.document.

Step 2: Modify

  • existFiled<manifest>Add to the tagandroid:sharedUserId=""Properties to enable the application to run in the system process.
<manifest xmlns:andro
    package=""
    android:sharedUserId="">
    <!-- ... -->
</manifest>

Step 3: Convert the signature file

  • Willplatform.pk8andplatform.Convert files to something that Android Studio can use.keystoredocument. Availablekeytool-importkeypairTools to complete this transformation.
./keytool-importkeypair -k ./ -p android -pk8 platform.pk8 -cert platform. -alias platform

Step 4: Configure signature in Android Studio

  • Signature configuration in Android Studio:
    • Open the project and selectBuild -> Generate Signed Bundle / APK
    • chooseAPK, and clickNext
    • existKey store pathSelect the convertedand enter the corresponding password and alias.
    • After completing the signature configuration, selectreleaseVersion and complete the generation of the APK.

Step 5: Packaging the APK

  • After completing the above configuration in Android Studio, clickFinish, the system will automatically sign the APK using the system signature file and generate the final APK file.

Through the above steps, you can use system signatures in your Android project and automatically apply the signature when you package the APK, so that the application has system permissions.

Explain the use of keytool-importkeypair tool in detail

keytool-importkeypairIs a tool for importing key/certificate pairs into an existing Java keystore, especially for Android system signature scenarios. The following are the detailed usage methods:

Installation and configuration

Clone project
Open the terminal and use Git cloningkeytool-importkeypairProject to local:

git clone /getfatday/

Enter the project directory

cd keytool-importkeypair

Add execution permissions
Add execution permissions to the script:

chmod +x keytool-importkeypair

Add script to PATH(Optional):
For ease of use, scripts can be added to the system's PATH. For example, move to/usr/local/binTable of contents:

sudo mv keytool-importkeypair /usr/local/bin/

This way, you can use it directly in any directorykeytool-importkeypairOrder.

Example of usage

Suppose you have a private key fileplatform.pk8and a certificate fileplatform., you can import them into the keystore using the following command:

./keytool-importkeypair -k <keystore-file> -p <keystore-password> -pk8 platform.pk8 -cert platform. -alias <alias-name>

For example, if your keystore file name is, the password ismypassword, aliasmyalias, the command is as follows:

./keytool-importkeypair -k  -p mypassword -pk8 platform.pk8 -cert platform. -alias myalias

Things to note

  • Backup the original keystore: Make sure to back up the original keystore file before importing a new key/certificate pair in case of unexpected situations.
  • Use a strong password: Set a strong password for your keystore to ensure security.
  • Make sure the file path is correct: Ensure that the provided private key file and certificate file path are correct, and avoid operation failure due to path errors.

Through the above steps, you can use it successfullykeytool-importkeypairThe tool imports key/certificate pairs into a Java keystore, thus system-level signatures for Android applications.

How to use apksigner tool

apksignerIt is a command line tool provided by the Android SDK to sign and verify the validity of signatures for APK files. The following isapksignerHow to use the tool:

Signature APK

To useapksignerTo sign an APK file, you can use the following command:

apksigner sign --ks <keystore-file> --ks-key-alias <key-alias> --out <signed-apk-file> <unsigned-apk-file>
  • --ks <keystore-file>: Specify the path to the keystore file.
  • --ks-key-alias <key-alias>: Specify the key alias in the keystore.
  • --out <signed-apk-file>: Specify the output path of the signed APK file.
  • <unsigned-apk-file>: The path to the unsigned APK file to be signed.

For example, if you have a nameThe keystore file, the key alias ismy-key-alias, the APK file to be signed is, the signed APK file is, the command is as follows:

apksigner sign --ks  --ks-key-alias my-key-alias --out

Verify APK signature

To verify that the signature of the APK file is valid, you can use the following command:

apksigner verify --verbose <signed-apk-file>

--verbose: Display detailed verification information.<signed-apk-file>: The path to the signed APK file.

For example:

apksigner verify --verbose

If the signature is valid, the command displays "Verified" and the details of the signature.

Things to note

  • Make sure to use it before signingzipalignAlign the APK files to improve the performance of the APK files.
  • If any changes are made to the APK file after signing, the signature will be invalid.

After importing the keystore, how do you verify that the key is imported correctly?

To verify that the key is correctly imported into the keystore, you can usekeytoolTools to view the contents of the keystore. The following are the specific steps and methods:

Use keytool to view keystore content

View all entries in the keystore
Use the following command to list all entries in the keystore, including information about keys and certificates:

keytool -list -keystore <keystore-file>

For example, if your keystore file name is, the command is as follows:

keytool -list -keystore

This will display all entries in the keystore and their alias.

View details for specific entries
If you want to view the details of a specific entry, you can use-aliasParameters specify an alias:

keytool -list -v -keystore <keystore-file> -alias <alias-name>

For example:

keytool -list -v -keystore  -alias myalias

This will display the details of the key and certificate for the specified alias, including the principal, issuer, validity period, etc. of the certificate.

Verify the validity of the signature

If you have signed the APK using this keystore, you can useapksignerTools to verify the validity of signatures:

apksigner verify --verbose

This will verify that the signature of the APK is valid and display detailed verification information.

Through the above method, you can verify that the key is correctly imported into the keystore and ensure its validity during the signature process.

This is the article about the operation steps of Android system signature keytool-importkeypair. For more related Android system signatures, please search for my previous articles or continue browsing the related articles below. I hope everyone will support me in the future!