Blue Cedar does not fully support Android signing on Windows as part of the platform. This page describes the process to sign on Windows and provides a script. Contact Blue Cedar Support if you need help.
When an Android app (.apk file) is integrated with services via the Blue Cedar Platform, it needs to be re-signed in order to be installed on an Android device. Blue Cedar supports Android app signing via the platform or externally on macOS and Linux. Signing apps externally on MacOS describes the process for Mac and Linux using a shell script provided by the Blue Cedar policy console. This page describes how to sign Android apps on computers running Windows and provides the signing script for users who choose to sign externally.
Before you download an integrated app for signing, see Using and configuring signing profiles. Once you have integrated the app and included a signing profile, you can download a zip file from the policy console and sign outside the console. This zip file includes:
- A copy of the secured app
- All information required to sign the app
- A simple shell script (sign.sh) to run on a Mac or Linux signing server.
Windows requires a batch (.bat) script which is currently not provided by the console, but is attached here. sign.bat
Applying the signing profile in the console validates the signing parameters for use with your app, even though it does not sign the app. Download the "Integrated and ready to sign externally" version of the app to download the app with its signing information.
Requirements for signing on Windows
- Download this script file for signing on Windows to replace the script in the exported zip file: sign.bat
- Edit the sign.bat file to replace "mykey" with your keystore alias and "cloudfaux" with your keystore password. These credentials must match the keystore credentials in your signing profile.
- Path: Edit these environment variables and path:
- Open "advanced system settings" from the Windows search box. On the Advanced tab, select Environment Variables and add or edit these variables.
|Add or edit environment variable||Set to||Example|
|JAVA_HOME||The location of the JDK installation||C:\Program Files\Java\jdk1.8.0_162|
|ANDROID_HOME||The location of the Android SDK installation||C:\Users\jlennon\AppData\Local\Android\Sdk|
|build_tools||The build_tools location in the Android SDK path||%ANDROID_HOME%\build-tools\29.0.2\|
|PATH||Add the other tools in the Android SDK path|
Signing the app
To sign the app using the contents of the zip file:
On your Windows signing server, extract the contents of the zip file.
Copy the Windows signing script to the directory with the extracted files.(sign.bat)
Open the Command window and navigate to your extracted .apk directory.
$ cd Downloads/<exported-app-folder>
Run the script:
$ sign <input app name>
$ sign compass-secured.apk
The default output filename adds "-signed" to the original filename, for example, compass-secured-signed.apk. Optionally, you can specify the output filename:
$ sign compass-secured.apk compass-signed.apk
The secured and signed app is now ready to deploy and test.