Error when signing apk with jarsigner: unable to sign jar invalid entry compressed size

Jarsigner is a Java utility that uses key and certificate information from a keystore to generate digital signatures for JAR files. A keystore is a database of private keys and their associated X.509 certificate chains that authenticate the corresponding public keys. In order to publish an application in the Play Store, your apk needs to be signed.

The following command should be enough to sign an APK with a keystore:

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore mykey.keystore myfile.apk alias_name

However, some developers (either native apps or in hybrids like Cordova) have faced the following exception:

jarsigner: unable to sign jar: java.util.zip.ZipException: invalid entry compressed size (expected 463 but got 465 bytes)

Solution

This error happens when your apk is already signed (using jarsigner probably signed automatically), zipaligned (with zipalign) or the APK that you try to generated was built in debug mode. Therefore, be sure that you're providing a non-signed or non-zipaligned apk file and everything should work as expected.

If for some reason you cannot build your apk from the ground (because you only received the APK and you cannot compile a new one with the source code), then you can try to remove the current signature using zip from the command line:

zip -d your-file.apk META-INF/\*

Remember that you can sign an APK multiple times as long as the keys are different.

Happy coding !

Become a more social person