#Re-signing Builds

If you prefer not to upload your production signing credentials to html2app, you can build with test credentials and re-sign the builds locally with your production keys.

#Overview

1. Create test credentials (separate from your production keystore)
2. Upload test credentials to html2app
3. Build your app (note: all builds are signed, even those labeled "unsigned")
4. Download the signed build
5. Re-sign locally with your production credentials
6. Distribute to app stores

#Android

Note: All installable APKs and AABs must be signed. Even builds labeled as "unsigned" are actually signed with a debug or test keystore. You'll need to remove this signature before applying your production keystore.

Remove the existing signature and apply your production keystore.

#APK Re-signing

Method 1: Using apksigner (Recommended)

apksigner is the modern signing tool from Android SDK Build Tools 24.0.3+. With apksigner, you must zipalign BEFORE signing.

# Remove old signature
zip -d your-app.apk META-INF/\*

# Align first (required before apksigner)
zipalign -v 4 your-app.apk your-app-aligned.apk

# Sign with production keystore
apksigner sign --ks your-keystore.jks \
  --ks-key-alias your-alias \
  your-app-aligned.apk

# Verify
apksigner verify your-app-aligned.apk

Method 2: Using jarsigner (Legacy)

If you need to use jarsigner, you must zipalign AFTER signing. Note that Google recommends using apksigner instead.

# Remove old signature
zip -d your-app.apk META-INF/\*

# Sign with production keystore
jarsigner -verbose -sigalg SHA256withRSA -digestalg SHA-256 \
  -keystore your-keystore.jks your-app.apk your-alias

# Align after signing (required for jarsigner)
zipalign -v 4 your-app.apk your-app-aligned.apk

# Verify
jarsigner -verify -verbose -certs your-app-aligned.apk

#AAB (Android App Bundle) Re-signing

AABs don't require zipalign since Google Play handles final APK generation and alignment. Use jarsigner to sign AAB files (note: apksigner only supports APK files, not AABs).

# Remove old signature
zip -d your-app.aab META-INF/\*

# Sign with production upload key
jarsigner -verbose -sigalg SHA256withRSA -digestalg SHA-256 \
  -keystore your-upload-key.jks your-app.aab your-alias

# Verify
jarsigner -verify -verbose -certs your-app.aab

Note: AABs use Google Play App Signing. You sign with your upload key, then Google re-signs the final APKs with the app signing key before distribution.

#iOS

Replace the provisioning profile and re-sign with your production certificate. Use one of these tools:

• Fastlane (recommended): fastlane resign - see Fastlane docs
• Command line: Use codesign to replace the signature - see Apple's codesign guide
• GUI tools: ios-app-signer, Sideloadly

#Resources

• Android App Signing
• apksigner Documentation
• zipalign Documentation
• iOS Code Signing
• jarsigner Documentation