{"id":18652968,"url":"https://github.com/chromeos/android-package-sign-js","last_synced_at":"2025-04-11T16:32:04.167Z","repository":{"id":44753150,"uuid":"436406925","full_name":"chromeos/android-package-sign-js","owner":"chromeos","description":"Android package signing for the web.","archived":false,"fork":false,"pushed_at":"2024-03-12T16:57:58.000Z","size":1735,"stargazers_count":9,"open_issues_count":7,"forks_count":3,"subscribers_count":3,"default_branch":"main","last_synced_at":"2024-03-15T12:36:56.087Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/chromeos.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null}},"created_at":"2021-12-08T22:12:06.000Z","updated_at":"2024-03-15T12:36:56.088Z","dependencies_parsed_at":"2023-01-29T16:16:46.580Z","dependency_job_id":null,"html_url":"https://github.com/chromeos/android-package-sign-js","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chromeos%2Fandroid-package-sign-js","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chromeos%2Fandroid-package-sign-js/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chromeos%2Fandroid-package-sign-js/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chromeos%2Fandroid-package-sign-js/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/chromeos","download_url":"https://codeload.github.com/chromeos/android-package-sign-js/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223472780,"owners_count":17150745,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-07T07:09:37.301Z","updated_at":"2024-11-07T07:09:37.954Z","avatar_url":"https://github.com/chromeos.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# android-package-sign-js\n\n# What is this?\n\n`android-package-sign-js` allows developers to generate signing keys and sign their Android packages (APK and AAB) in a browser.\n\n# Use android-package-signer in a project\n\n```\nnpm i @chromeos/android-package-signer\n```\n\n# To build the package\n\n```\nnpm ci\nnpm run build\n```\n\n# API\n\n## Package Signer class\n\nEverything is encapsulated in the PackageSigner class. To generate a package signer:\n\n```typescript\nconst packageSigner = new PackageSigner(password: string, alias: string = 'android');\n```\n\nThe password is a user generated minimum 6 character password.\n\n## Key Generation\n\nTo generate a key, take your package signer and pass it a distinguished name JSON object\n\n### DName\n\n```typescript\nexport interface DName {\n  commonName: string;\n  organizationName: string;\n  organizationUnit: string;\n  countryCode: string;\n}\n```\n\n### Generate Key\n\n```typescipt\nasync generateKey(dname: DName): Promise\u003cstring\u003e;\n```\n\n- The object that is passed to generateKey is a JSON object referencing a [DName](https://knowledge.digicert.com/generalinformation/INFO1745.html) used to identify the certificate owner.\n- The password is a string and should be a minimum of six characters long. This will protect your keystore, so the longer the password, the better.\n- The response from the `generateKey` function is a base64-encoded der formatted PKCS12 keystore.\n\n## Package Signing\n\n```typescript\nasync signPackage(\n    zipBlob: File,\n    base64DerKey: string | undefined = undefined,\n    creator: string = `Web Package Signer (${VERSION})`,\n  ): Promise\u003cstring\u003e;\n```\n\n- `signPackage` signs a zip file that is read into the system and returns a base64 encoded zip file which the user can write to disk.\n- The base64DerKey can either be used from the previous step or can be read from disk.\n- The creator field is optional since by default it uses this package as the creator string.\n\n# Examples\n\n## Key generation\n\nGenerate a signing key for your Android app:\n\n```typescript\nimport { PackageSigner } from '@chromeos/android-package-signer';\nasync function keyGen(): Promise\u003cstring\u003e {\n  const packageSigner = new PackageSigner(password, alias);\n  const base64Der = await packageSigner.generateKey({\n      commonName: 'Alexander Nohe',\n      organizationName: 'Google, Inc',\n      organizationUnit: 'DevRel',\n      countryCode: 'US',\n    });\n\n  // To download the keys.\n  const downloadElement: HTMLAnchorElement = document.querySelector('#key-gen-results');\n  downloadElement.href = base64Der;\n  downloadElement.download = 'generatedKey.p12';\n  downloadElement.innerText = 'Download Generated Key';\n}\n\n```\n\n- To save this keystore to a file, download the `base64Der` string contents to a file. In the above example we use an anchor element with a href attribute containing the base64 encoded keystore.\n\n## Bundle Signing\n\nTo sign Android App Bundles and APKs with v1 signing can be called like this:\n\n```typescript\nimport { PackageSigner } from '@chromeos/android-package-signer';\n\nfunction loadStoredKeystore(): string {\n  // returns a base64 encoded keystore that was previously loaded\n}\n\nasync function signBundle(): Promise\u003cstring\u003e {\n  const packageSigner = new PackageSigner(password, alias);\n  let fileHandle;\n  [fileHandle] = await window.showOpenFilePicker();\n  const zipBlob = await fileHandle.getFile();\n  const creator = '0.1.0 (Android App Signer JS)';\n  const p12b64Der = loadStoredKeystore();\n  await packageSigner.signPackage(zipBlob, p12b64Der, creator);\n}\n\n```\n\n- The password is a string and should be a minimum of six characters. This should be the password used to load the already generated keystore.\n- The alias references the alias supplied in keystore generation. This identifies the key used.\n- Creator is the application creating the signed files (this is an optional parameter). By default we use `0.1.0 (Android App Signer JS)` but this string could be your applications name.\n- p12b64Der is a base64 encoded keystore loaded from disk. This value can also be left as unspecified to use the keystore generated previously in `Key Generation` step.\n\n# Sample app\n\nThe sample can be found in the `sample/` directory. To use this sample, run the following commands from the root folder:\n\n```\nnpm ci\nnpm build\ncd sample/\nnpm ci\nnpm build\nnpm serve\n```\n\nThen visit localhost:3000/sample.html in your browser to interact with the sample. If generating keys, the key will automatically be reused for package signing.\n\n# Disclaimer\n\nThis is not an officially supported Google product.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchromeos%2Fandroid-package-sign-js","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchromeos%2Fandroid-package-sign-js","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchromeos%2Fandroid-package-sign-js/lists"}