Thursday, May 17, 2012

Android : Solution "install parse failed no certificates"


When I am trying to install third party apk using ADB tool, I have faced "Failure [INSTALL_PARSE_FAILED_NO_CERTIFICATES]" error.



To resolve the issue, I have followed few steps.
Open command prompt; Go to your debug.keystore location.
For eg:
 You can find the debug.keystore file in the following location
C:\Documents and Settings\User\.android
1.        Using Zip align copied apk.
zipalign -v 4 D:\Test.apk D:\Testc.apk
2.        keytool -genkey -v -keystore debug.keystore -alias sampleName -keyalg RSA -keysize 2048 -validity 20000
Now a prompt will ask for
  • Password
  • First and lastname
  • Name of Organization unit
  • Name of Organization
  • City
  • State
  • Country
After entering these fields we get our Certificate
3. 
jarsigner -verbose -keystore debug.keystore D:\Testc.apk sampleName

In some cases we need add -sigalg SHA1withRSA -digestalg SHA1 arguments to work out the step 3

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore debug.keystore D:\Testc.apk sampleName
Now it will ask for the password and then it will replace the apk with the signed one.

To check whether it is working or not, you can check using the following command.
jarsigner -verify D:\Testc.apk




Then I have installed apk using ADB.
Adb install D:\Testc.apk





Thanks for reading :)
If you have any other quick thoughts/hints that you think people will find useful, feel free to leave a comment.

36 comments :

  1. Thanks for the post

    I got error in verifying the jar file..

    Error : java.lang.securityexception: "invalid SHA1 signature file digest for res/layout/main.xml"

    I was testing a sample third party app robotium.googlecode.com/files/AndroidCalculator.apk

    Any help would be greatly appreciated..

    Thanks,
    Srini

    ReplyDelete
    Replies
    1. Hi Srini,
      I have checked out the project from the URL robotium.googlecode.com/files/AndroidCalculator.zip and http://robotium.googlecode.com/files/AndroidCalculator.apk
      I haven't faced any error. both are working fine.

      Delete
  2. what is the password we have to enter in the cmd prompt?

    ReplyDelete
    Replies
    1. In step 2, whatever password is given by the user.
      The same one should be used when password is asked

      Delete
  3. The same problem exists on JDK7, but the solution is different.

    "It works with JDK 7 if I specify the parameters "-digestalg SHA1 -sigalg MD5withRSA" for jarsign, but not with the default algorithms, whatever they are."

    http://code.google.com/p/android/issues/detail?id=19567

    ReplyDelete
  4. hi Vardhan
    when i,am run this command (keytool -genkey -v -keystore debug.keystore -alias VritiEducation -keyalg RSA -keysize 2048 -validity 20000) terminal, then get this Exception
    Please help me........



    keytool -genkey -v -keystore debug.keystore -alias VritiEducation -keyalg RSA -keysize 2048 -validity 20000
    Enter keystore password:
    keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect
    java.io.IOException: Keystore was tampered with, or password was incorrect
    at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:788)
    at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
    at java.security.KeyStore.load(KeyStore.java:1201)
    at sun.security.tools.KeyTool.doCommands(KeyTool.java:742)
    at sun.security.tools.KeyTool.run(KeyTool.java:194)
    at sun.security.tools.KeyTool.main(KeyTool.java:188)
    Caused by: java.security.UnrecoverableKeyException: Password verification failed
    at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:786)
    ... 5 more

    ReplyDelete
    Replies
    1. If you receive the following error: "keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect", it probably means that the value you specified for store_path already exists. Move or rename the file and rerun keytool.

      Normally To generate a new keystore file we will be using that command.

      Delete
  5. thanks, it worked , saved me a lot of time :-)

    ReplyDelete
  6. Hi there, I've done the abov and it verified the jar successfully with jarsigner -verify
    jar verified.

    But when trying adb install I still get the PARSE FAILED NO CERTIFICATES

    ReplyDelete
    Replies
    1. Check this command:
      "jarsigner -verify -verbose -certs your.apk"
      If jar is verified then there is no problem of certificate
      You can check the apk is certified or not in the console.

      you can try this command:
      "zipalign -v 4 your.apk new_your.apk"
      Then the generated apk, you can install.

      Delete
    2. I re-followed your tutorial, seems somehow I missed out the zipalign bit initially :/. re-did it all but now on adb install -r myapk.apk, I am getting the following:

      root@ben:/home/ben/Myapk1.02/dist# adb install -r myAPKc.apk
      445 KB/s (4851069 bytes in 10.641s)
      pkg: /data/local/tmp/myAPKc.apk
      Failure [INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES]

      I then checked the jarsigner as per your reply and got at the end,
      jar verified.

      Then did zipalign and got:
      Verification successful.

      Re-tried adb install -r and got the same error as above.

      Delete
    3. Ah, fixed, deleted the app off the phone rather than trying a re-install, all working! :)
      Cheers for the reply, and gret tutorial, very simple to follow.... (when I read it correctly)

      Delete
  7. zipalign -v 4 D:\Test.apk D:\Testc.apk....hai sir please Explain about this ,,When i am trying to insatall GoogleLoginservice.apk i am getting


    D:\Android\sdk of me\sdk\platform-tools>adb install GoogleServicesFramework.apk
    81 KB/s (2221760 bytes in 26.627s)
    pkg: /data/local/tmp/GoogleServicesFramework.apk
    Failure [INSTALL_PARSE_FAILED_NO_CERTIFICATES]

    ReplyDelete
    Replies
    1. zipalign is an archive alignment tool that provides important optimization to Android application (.apk) files.
      -v : verbose output
      4 : to be aligned on 4-byte boundaries

      if the parser did not find any certificates in the .apk then we will be getting the following error INSTALL_PARSE_FAILED_NO_CERTIFICATES

      Delete
  8. Hello Vardhan.

    I've done as you told, but get this when verifying :

    C:\"Program Files (x86)"\Java\jdk1.6.0_29\bin\jarsigner -verify C:\fred\GoogleServicesFramework_.apk

    jarsigner: java.lang.SecurityException: invalid SHA1 signature file digest for res/drawable-xhdpi/notification_system_update_download_failure.png

    Where did I went wrong ?

    ReplyDelete
    Replies
    1. If your png is unsigned then you will get following exception.

      Try this "zipalign -f -v -c 4 GoogleServicesFramework_.apk GoogleServicesFramework_new.apk "

      If above command wont work then try the below options

      There are some security exception with higher version of java.
      Try to add this parameters "-digestalg SHA1 -sigalg MD5withRSA" for jarsign and check.

      or

      You can install lower version like JDK 1.6.26

      Delete
  9. Hi Varadhan,

    When i run jarsigner i get jar verified, but i also get extra warning messages. Is that ok ?

    C:\Users\KarthikV\.android>jarsigner -verify D:\IRCTCMobile.apk
    jar verified.

    Warning:
    This jar contains entries whose certificate chain is not validated.

    Re-run with the -verbose and -certs options for more details.

    ReplyDelete
    Replies
    1. No, if your certificate chain is not yet validate then there will be problem in uploading file to market.
      Re-run with "jarsigner -verify -verbose -certs your.apk"
      You can identify where the problem is.

      Delete
  10. Now getting different error. Thanks for reply.

    Step i followed :

    Command1 : keytool -genkeypair -alias androiddebugkey -keypass android -keystore debug.keystore -storepass android -dname "CN=Android Debug,O=Android,C=US" -validity 9999
    Command 2 : keytool -list -alias androiddebugkey -keystore debug.keystore -storepass android -keypass android Successfully
    Command 3 : jarsigner.exe -verbose -keystore debug.keystore FastNotepad.apk androiddebugkey

    Executed the above 3 commands successfully after removing the signature folder(ieMETA-INF) folder in the FastNotepad.apk file.

    After that executed "adb install FastNotepad.apk" command, for which i got error message Failure [Install_Parse_Failed_No_Certificates].

    Tried with both JDK 1.7 and 1.6. Tried with 3 different Windows 7, Windows XP machines. Same error msg. Unable to proceed further. Plz help.

    Thanks in advance.

    ReplyDelete
    Replies
    1. Also after Command 3 execution deleted META-INF folder gets created in FastNotepad.apk. If there is any possibility to chat with u directly plz let me know. Thanks. My Id is kvteen (at) gmail dot com.

      Delete
    2. You can upload your apk and send me a link, I will support you in finding the solution.

      Delete
    3. Hi Harsha, Thanks for replying.

      Please find the apk file in the below link. Size 4MB.

      https://rapidshare.com/files/562623395/HandriteNotepad.apk

      Please let me know in case of any other queries. Thanks.

      Delete
    4. Hi Karthik,

      From your manifest file, I have understood little information.

      META-INF Structure in Android is as follows
      META-INF/MANIFEST.MF, META-INF/CERT.SF and META-INF/CERT.RSA
      But I found this files ANDROIDD.DSA, ANDROIDD.SF and MANIFEST.MF

      Your manifest file says
      Created-By: 1.7.0_25 (Oracle Corporation) instead of Created-By: 1.0 (Android)

      MANIFEST.MF contains the list of files present in the APK and digest. The default digest used is SHA-1

      Android uses SHA1-Digest but it is SHA-256-Digest.

      My guess the android project is not created by android guidelines.

      CERT.RSA The .SF file is signed and the signature is placed in the .RSA file. Signature block files produced using the RSA algorithm are saved with the extension .RSA, those generated with DSA or EC keys with the .DSA or .EC extensions, respectively. Multiple signatures can be performed, resulting in multiple .SF and .RSA/DSA/EC files in the JAR file's META-INF/ directory.
      I Prefer RSA, since supposed to encrypt the file with public key rather than doing with private key (DSA).

      By the above information. I can say your apk is verified with jarsigner but not with android, since android can't understand your apk structure, so it says install parse failed no certificates even though all your objects in apk is certified by jarsigner

      Delete
    5. Thanks for reply. I fear it might be one of the issues mentioned here

      http://code.google.com/p/android/issues/detail?id=830

      The below is the error message i got from logcat. Exception reading res/layout/booking_
      view.xml. SO renamed and deleted the /booking_view.xml but got same type error with next xml file in res/layout/. Any idea whats happening ? Once again thanks for reply.

      07-19 02:58:46.743 D/AndroidRuntime( 1339):
      07-19 02:58:46.743 D/AndroidRuntime( 1339): >>>>>> AndroidRuntime START com.andr
      oid.internal.os.RuntimeInit <<<<<<
      07-19 02:58:46.743 D/AndroidRuntime( 1339): CheckJNI is ON
      07-19 02:58:46.803 D/dalvikvm( 1339): Trying to load lib libjavacore.so 0x0
      07-19 02:58:46.823 D/dalvikvm( 1339): Added shared lib libjavacore.so 0x0
      07-19 02:58:46.863 D/dalvikvm( 1339): Trying to load lib libnativehelper.so 0x0
      07-19 02:58:46.873 D/dalvikvm( 1339): Added shared lib libnativehelper.so 0x0
      07-19 02:58:47.903 D/AndroidRuntime( 1339): Calling main entry com.android.comma
      nds.pm.Pm
      07-19 02:58:47.983 W/ActivityManager( 280): No content provider found for permi
      ssion revoke: file:///data/local/tmp/IRCTCMobile.apk
      07-19 02:58:48.043 W/ActivityManager( 280): No content provider found for permi
      ssion revoke: file:///data/local/tmp/IRCTCMobile.apk
      07-19 02:58:48.043 I/PackageManager( 280): Copying native libraries to /data/ap
      p-lib/vmdl-780346396
      07-19 02:58:48.203 W/PackageParser( 280): Exception reading res/layout/booking_
      view.xml in /data/app/vmdl-780346396.tmp
      07-19 02:58:48.203 W/PackageParser( 280): java.lang.SecurityException: META-INF
      /ANDROIDD.SF has invalid digest for org/htmlparser/parserapplications/filterbuil
      der/images/open.gif in /data/app/vmdl-780346396.tmp
      07-19 02:58:48.203 W/PackageParser( 280): at java.util.jar.JarVerifier.inv
      alidDigest(JarVerifier.java:131)
      07-19 02:58:48.203 W/PackageParser( 280): at java.util.jar.JarVerifier.ver
      ifyCertificate(JarVerifier.java:350)
      07-19 02:58:48.203 W/PackageParser( 280): at java.util.jar.JarVerifier.rea
      dCertificates(JarVerifier.java:258)
      07-19 02:58:48.203 W/PackageParser( 280): at java.util.jar.JarFile.getInpu
      tStream(JarFile.java:378)
      07-19 02:58:48.203 W/PackageParser( 280): at android.content.pm.PackagePar
      ser.loadCertificates(PackageParser.java:446)
      07-19 02:58:48.203 W/PackageParser( 280): at android.content.pm.PackagePar
      ser.collectCertificates(PackageParser.java:634)
      07-19 02:58:48.203 W/PackageParser( 280): at com.android.server.pm.Package
      ManagerService.installPackageLI(PackageManagerService.java:7859)
      07-19 02:58:48.203 W/PackageParser( 280): at com.android.server.pm.Package
      ManagerService.access$1900(PackageManagerService.java:172)
      07-19 02:58:48.203 W/PackageParser( 280): at com.android.server.pm.Package
      ManagerService$5.run(PackageManagerService.java:5995)
      07-19 02:58:48.203 W/PackageParser( 280): at android.os.Handler.handleCall
      back(Handler.java:725)
      07-19 02:58:48.203 W/PackageParser( 280): at android.os.Handler.dispatchMe
      ssage(Handler.java:92)
      07-19 02:58:48.203 W/PackageParser( 280): at android.os.Looper.loop(Looper
      .java:137)
      07-19 02:58:48.203 W/PackageParser( 280): at android.os.HandlerThread.run(
      HandlerThread.java:60)
      07-19 02:58:48.213 E/PackageParser( 280): Package com.rambalaboina.irctc has no
      certificates at entry res/layout/booking_view.xml; ignoring!
      07-19 02:58:48.404 D/dalvikvm( 280): GC_EXPLICIT freed 296K, 16% free 5810K/688
      8K, paused 16ms+15ms, total 173ms
      07-19 02:58:48.484 D/AndroidRuntime( 1339): Shutting down VM
      07-19 02:58:48.503 D/dalvikvm( 1339): GC_CONCURRENT freed 117K, 21% free 469K/58
      8K, paused 1ms+2ms, total 17ms

      Delete
    6. If you resign the new one with a different signing key then also you will get this issue.
      I want to know, how you are generating apk file, its through ant or maven or with eclipse?

      Delete
    7. Generating apk file ? You mean where i get my apk file. I just download from frees sites. For Eg : For IRTCT apk file i downloaded form the below given link.

      http://www.torrapk.com/index.php/en/dwld/29-travel/2466-download-irctc-mobile-app-apk-20

      After i download i open it using 7 Zip Manager and delete the META_INF folder and run the above mentioned 3 commands.

      Also in your previous comments you have mentioned "android project is not created by android guidelines." So should i run different types of command ? Is there any way to solve it ?

      Once again. Thanks for reply.

      Delete
    8. If apk is signed properly and then if you want to do this steps, we can't do because you won't have the private key of the keystore file with you, so you can't override properly.

      Delete
    9. So is there any way to make it work ? Do u need any more information to find the root cause ? How to proceed further ? Can i start fresh ?

      Delete
    10. Any way to proceed further ?

      Delete
    11. Hi Karthik,

      I have tried when the apk is not signed but you are checking with apk which is signed already and trying to modify only certificate.
      I haven't tried this approach.
      When i get a time, I will also check from my side to achieve your idea.

      Delete
  11. i recompiled the app and after following the above [rocess i face this problem

    This jar contains entries whose certificate chain is not validated.

    ReplyDelete
    Replies
    1. Try to generate apk from eclipse ADT and check.

      or

      The above steps are for Java 1.6 not for Java 1.7, If you're using 1.7 plz uninstall and use 1.6
      For 1.7 commands has to be changed

      Delete
  12. PLease I have not understand any of the ABOVE BLOG, but I have this error.... what to do now? Please explain me step by step...

    ReplyDelete
    Replies
    1. all the points shown in step by step.
      If your facing problem in any step, please let me know. I ca explain.

      Delete
  13. For Android Studio
    Target : Android 5.0

    Build --> Build APK (not Generate Signed APK)
    pm install /dir/XXX.apk

    maybe works

    ReplyDelete