Bug 24539 - Correct JarSigning for Release packages with JDK 1.7
Summary: Correct JarSigning for Release packages with JDK 1.7
Status: RESOLVED DUPLICATE of bug 22897
Alias: None
Product: Visual Studio Extensions
Classification: Xamarin
Component: Android ()
Version: 3.7
Hardware: PC Windows
: --- normal
Target Milestone: ---
Assignee: Bugzilla
URL:
Depends on:
Blocks:
 
Reported: 2014-11-14 14:19 UTC by Jon Douglas [MSFT]
Modified: 2015-02-18 17:30 UTC (History)
7 users (show)

Tags:
Is this bug a regression?: ---
Last known good build:

Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on Developer Community with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
RESOLVED DUPLICATE of bug 22897

Description Jon Douglas [MSFT] 2014-11-14 14:19:09 UTC
From a customer:

The APK file of our app we publish to googleplay is generated from Xamarin for Visual Studio using the
"Tools"->Android->Publish for Android menu.

I recently switched to JDK 1.7 as Xamarin kept throwing warnings with compiler versions that hinted to JDK might be a bit outdated.

However since this switch older 4.x versions of Android are not accepting the generated APK anymore in release mode.
in particular tested 4.1.2 (Emulator, Phone tested).

When trying to install the published APK from googleplay those devices get a signature error.
When installing the APK directly installation just fails without a more detailed error message.

Interestingly the debug APK's seem to work.

After some searching the reason seems to be that the jarsigner in JDK 1.7 changed its default behavior resulting in incompatible signatures for older android versions.

The trick is to tell the jarsigner what its supposed to use. The debug builds seem to do this automatically.
Not so the release mode builds when publishing those from Xamarin they use the default command line.

Here are some thoughts/options that would be good to have in Xamarin:

- option to forward custom parameters to jarsigner
- have the release build optional create a unsigned APK that can then be forwarded to manual sign/align scripts during a build process.

currently im using the following workaround:

1) build a release version of the project
2) rightclick the main assembly in solutionexplorer "Package ... for Android".
this results in 2 APK files being created. 
the unsigned APK and the signed/aligned one using the debug keystore.
3)have a custom script use the unsigned APK to sign/align 
4) upload the custom signed APK to googleplay.

command line looks like this

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore .\KeyStore\EAP.Android.ReleaseKey -signedjar .\de.innodatec.exhibitionappplus-signed.apk .\bin\release\de.innodatec.exhibitionappplus.apk EAP
zipalign.exe -f -v 4 .\de.innodatec.exhibitionappplus-signed.apk .\de.innodatec.exhibitionappplus-aligned.apk


it would be nice to be able to get back to the Visual Studio publishing approach where I just have to build the release version and then have xamarin tools doing the rest.
Comment 1 Jon Douglas [MSFT] 2014-11-17 11:27:11 UTC
Additional Information:

Microsoft Visual Studio Professional 2013
Version 12.0.30723.00 Update 3
Microsoft .NET Framework
Version 4.5.51641

Installed Version: Professional

LightSwitch for Visual Studio 2013 06177-004-0444002-02170
Microsoft LightSwitch for Visual Studio 2013

Team Explorer for Visual Studio 2013 06177-004-0444002-02170
Microsoft Team Explorer for Visual Studio 2013

Visual Basic 2013 06177-004-0444002-02170
Microsoft Visual Basic 2013

Visual C# 2013 06177-004-0444002-02170
Microsoft Visual C# 2013

Visual C++ 2013 06177-004-0444002-02170
Microsoft Visual C++ 2013

Visual F# 2013 06177-004-0444002-02170
Microsoft Visual F# 2013

Visual Studio 2013 Code Analysis Spell Checker 06177-004-0444002-02170
Microsoft® Visual Studio® 2013 Code Analysis Spell Checker

Portions of International CorrectSpell™ spelling correction system © 1993 by Lernout & Hauspie Speech Products N.V. All rights reserved.

The American Heritage® Dictionary of the English Language, Third Edition Copyright © 1992 Houghton Mifflin Company. Electronic version licensed from Lernout & Hauspie Speech Products N.V. All rights reserved.

Windows Phone SDK 8.0 - ENU 06177-004-0444002-02170
Windows Phone SDK 8.0 - ENU

.NET Reflector Visual Studio Extension 8.4.0.35
Integrates .NET Reflector into Visual Studio to allow you to seamlessly debug into third-party code and assemblies, even if you don't have the source code for them.

Visit www.reflector.net for more information.

Copyright (c) 2009-2012 Red Gate Software Inc.

Application Insights Tools for Visual Studio Package 1.0
Application Insights Tools for Visual Studio

ASP.NET and Web Tools 12.3.50717.0
Microsoft Web Developer Tools contains the following components:
Support for creating and opening ASP.NET web projects
Browser Link: A communication channel between Visual Studio and browsers
Editor extensions for HTML, CSS, and JavaScript
Page Inspector: Inspection tool for ASP.NET web projects
Scaffolding: A framework for building and running code generators
Server Explorer extensions for Microsoft Azure Websites
Web publishing: Extensions for publishing ASP.NET web projects to hosting providers, on-premises servers, or Microsoft Azure

ASP.NET Web Frameworks and Tools 2012.2 4.1.21001.0
For additional information, visit http://go.microsoft.com/fwlink/?LinkID=309563

ASP.NET Web Frameworks and Tools 2013 5.2.20703.0
For additional information, visit http://www.asp.net/

Common Azure Tools 1.2
Provides common services for use by Azure Mobile Services and Microsoft Azure Tools.

Dot42 1.0
dot42 VisualStudio integration. Copyright (c) 2006-2013 TallApplications BV

Microsoft Advertising SDK for Windows Phone
Microsoft Advertising SDK for Windows Phone
Build

Microsoft Azure Mobile Services Tools 1.2
Microsoft Azure Mobile Services Tools

Microsoft Azure Tools 2.4
Microsoft Azure Tools for Microsoft Visual Studio 2013 - v2.4.20730.1601

NuGet Package Manager 2.8.50313.46
NuGet Package Manager in Visual Studio. For more information about NuGet, visit http://docs.nuget.org/.

Office Developer Tools for Visual Studio 2013 ENU 12.0.30626
Microsoft Office Developer Tools for Visual Studio 2013 ENU

PowerShell Tools 1.2
Provides file classification services using PowerShell

PreEmptive Analytics Visualizer 1.2
Microsoft Visual Studio extension to visualize aggregated summaries from the PreEmptive Analytics product.

SQL Server Compact & SQLite Toolbox 3.8.0
SQL Server Compact & SQLite Toolbox adds scripting, import, export, rename, query execution and much more to SQL Server Compact Data Connections.

Visual Assist
For more information about Visual Assist, see the Whole Tomato Software website at http://www.WholeTomato.com. Copyright (c) 1997-2014 Whole Tomato Software, Inc.

Windows Azure Tools 2.3
Windows Azure Tools for Microsoft Visual Studio 2013 - v2.3.20320.1602

Windows Phone 8.1 SDK Integration 1.0
This package integrates the tools for the Windows Phone 8.1 SDK into the menus and controls of Visual Studio.

Workflow Manager Tools 1.0 1.0
This package contains the necessary Visual Studio integration components for Workflow Manager.

Xamarin 3.7.248.0 (8ca7d11db8a6f874c6cd2de6d9ca0f511867ce91)
Visual Studio extension to enable development for Xamarin.iOS and Xamarin.Android.

Xamarin.Android 4.18.1.3 (5474129af31e9d3a86cb7482c7c5c7a30ad315f1)
Visual Studio plugin to enable development for Xamarin.Android.

Xamarin.iOS 8.4.0.0 (209abebbd8f1a292d042420edb45fa5fbd3f017b)
Visual Studio extension to enable development for Xamarin.iOS.

Xoreax IncrediBuild 5.5.1 (Build 1552)
Xoreax IncrediBuild 5.5.1 (Build 1552)

=== END Visual Studio Info ===

used JDK: 1.7.0_72

"C:\Program Files (x86)\Java\jdk1.7.0_72\bin\jarsigner.exe" "-keystore" "D:\\projekte\\mobile\\ExhibitionAppPlus\\EAP.Android\\*eystore\\EAP.Android.ReleaseKey" "-storepass" "***" "-keypass" "***" "-signedjar" "D:\\projekte\\mobile\\ExhibitionAppPlus\\EAP.Android\\bin\\Release\\de.innodatec.exhibitionappplus-Signed.apk" "D:\\projekte\\mobile\\ExhibitionAppPlus\\EAP.Android\\bin\\Release\\de.innodatec.exhibitionappplus.apk" "***"

when building a debug build/using Deploy jarsigner gets spawned with the following arguments
"C:\Program Files (x86)\Java\jdk1.7.0_72\\bin\jarsigner.exe" -keystore "C:\Users\***\AppData\Local\Xamarin\Mono for Android\debug.keystore" -storepass android -keypass android -digestalg SHA1 -sigalg md5withRSA -signedjar bin\Debug\\de.innodatec.exhibitionappplus-Signed-Unaligned.apk D:\projekte\mobile\ExhibitionAppPlus\EAP.Android\obj\Debug\android\bin\de.innodatec.exhibitionappplus.apk androiddebugkey

when building a release build/using Deploy jarsigner gets spawned with the following arguments
"C:\Program Files (x86)\Java\jdk1.7.0_72\\bin\jarsigner.exe" -keystore "C:\Users\***\AppData\Local\Xamarin\Mono for Android\debug.keystore" -storepass android -keypass android -digestalg SHA1 -sigalg md5withRSA -signedjar bin\Release\\de.innodatec.exhibitionappplus-Signed-Unaligned.apk D:\projekte\mobile\ExhibitionAppPlus\EAP.Android\obj\Release\android\bin\de.innodatec.exhibitionappplus.apk androiddebugkey

when searching the net after the published application refused to install on devices running android 4.1.2 I found the following info

http://stackoverflow.com/questions/8739564/what-is-the-difference-between-the-java-1-6-and-1-7-jarsigner

where it seems jarsigner from JDK 1.6 uses SHA1 while JDK 1.7 uses SHA-256 which makes older Android versions refusing the signature.
Comment 3 Paul Divan 2015-01-30 15:30:01 UTC
I am experiencing this same issue. When I use the option in visual studio 2013 “Tools=>Android=>Publish Android App” where it brings up the android publishing wizard it goes through the motions of having me select my key store file and put in the passwords and alias name but does not work. It does not actually sign the application during the publishing process. 

I ended up creating a .bat file that does the job for me right now.
Comment 4 Alexandre Rocha Lima e Marcondes 2015-02-03 07:25:00 UTC
We should have a way to choose SHA1withRSA even though using Java JDK 7 during the publishing process. Wouldn't it be a nice feature for the next version?
Comment 5 Alexandre Rocha Lima e Marcondes 2015-02-03 07:31:04 UTC
Just to give notice to Xamarin, there are duplicates of this report or at least somewhat related regarding the signing algorithm and JDK 7:

* https://bugzilla.xamarin.com/show_bug.cgi?id=23811
* https://bugzilla.xamarin.com/show_bug.cgi?id=22897
* https://bugzilla.xamarin.com/show_bug.cgi?id=13154
Comment 6 Peter Collins 2015-02-03 18:34:49 UTC

*** This bug has been marked as a duplicate of bug 22897 ***