VTS SDK: How to Generate APK Signing Certificates

apichard
Community Manager

VTS SDK requires the issuer and wallet provider to provide an APK signing certificate as part of security protocols. Visa BE attestation call uses the APK signing certificate to ensure the integrity of the application. The certificate is used to determine if the application has been tampered with or otherwise modified.

 

What is an APK Signing Certificate

When an APK is getting signed, the signing tool attaches the public-key certificate to the APK. This helps Android to ensure that any future updates to your APK are authentic and come from the original author.

 

How to Build an App with APK signing certificate

Steps for Android Studio:

  1. Open your project with android studio and go to Build->Generate Signed Bundle/APK.AndroidStudioAPKCert.png
  2. Select "Build a signed APK" that you can deploy to a device.
     

    APKStep2.png

  3. Select "Choose existing key store path" if you already have a keystore file and then enter keystore password, key alias and key password.
    APKStep3.png
  4. Otherwise, select "Create new" if you don’t have a Keystore file and specify required information. e.g. Key store path, Password, Alias and Alias Password.
    APKStep4.png
  5. After successfully creating the signature file, you will find the signature file information filled in displayed page.
  6. Select required signature version and click "Finish".
    APKStep6.png

Steps using command line tool

  1. If you are using the default debug.keystore, this keystore file is usually located in the user’s home folder, for e.g.  "/Users/<username>/.android/debug.keystore"
  2.  Create keystore file using keytool command:
    keytool -genkey -v -keystore my-key.keystore -alias <alias_name> -keyalg RSA -keysize 2048 -validity 10000​
  3. Add signing config in build.gradle file e.g.:
    android {
        
        //Signing configurations
        signingConfigs {
            appConfig {
                storeFile file("./my-key.keystore")
                storePassword "pwd"
                keyAlias " keyAlias "
                keyPassword " keyPassword "
            }
        }
    
    buildTypes {
        all{
            signingConfig signingConfigs.appConfig
        }
       }
    ​
  4.  Generate the APK and the public key PEM file to be shared with Visa.
    keytool -export  -keystore <keystore_path>   -file PublicKey.pem -alias <key_alias> -rfc​

Disclaimer

Visa and other trademarks are trademarks or registered trademarks of Visa. All other product names mentioned herein are the trademarks of their respective owners, are used for illustrative purposes only and do not imply product endorsement or affiliation with Visa.

Your use of any third party modules, software, or components is subject to third party terms. Guidance provided herein is illustrative only, general and third party requirements may be subject to change.