Thursday, May 17, 2012

Android : Solution "install parse failed no certificates"

When I am trying to install third party apk using ADB tool, I have faced "Failure [INSTALL_PARSE_FAILED_NO_CERTIFICATES]" error.

To resolve the issue, I have followed few steps.
Open command prompt; Go to your debug.keystore location.
For eg:
 You can find the debug.keystore file in the following location
C:\Documents and Settings\User\.android
1.        Using Zip align copied apk.
zipalign -v 4 D:\Test.apk D:\Testc.apk
2.        keytool -genkey -v -keystore debug.keystore -alias sampleName -keyalg RSA -keysize 2048 -validity 20000
Now a prompt will ask for
  • Password
  • First and lastname
  • Name of Organization unit
  • Name of Organization
  • City
  • State
  • Country
After entering these fields we get our Certificate
jarsigner -verbose -keystore debug.keystore D:\Testc.apk sampleName

In some cases we need add -sigalg SHA1withRSA -digestalg SHA1 arguments to work out the step 3

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore debug.keystore D:\Testc.apk sampleName
Now it will ask for the password and then it will replace the apk with the signed one.

To check whether it is working or not, you can check using the following command.
jarsigner -verify D:\Testc.apk

Then I have installed apk using ADB.
Adb install D:\Testc.apk

Thanks for reading :)
If you have any other quick thoughts/hints that you think people will find useful, feel free to leave a comment.


  1. Thanks for the post

    I got error in verifying the jar file..

    Error : java.lang.securityexception: "invalid SHA1 signature file digest for res/layout/main.xml"

    I was testing a sample third party app

    Any help would be greatly appreciated..


    1. Hi Srini,
      I have checked out the project from the URL and
      I haven't faced any error. both are working fine.

  2. what is the password we have to enter in the cmd prompt?

    1. In step 2, whatever password is given by the user.
      The same one should be used when password is asked

  3. The same problem exists on JDK7, but the solution is different.

    "It works with JDK 7 if I specify the parameters "-digestalg SHA1 -sigalg MD5withRSA" for jarsign, but not with the default algorithms, whatever they are."

  4. hi Vardhan
    when i,am run this command (keytool -genkey -v -keystore debug.keystore -alias VritiEducation -keyalg RSA -keysize 2048 -validity 20000) terminal, then get this Exception
    Please help me........

    keytool -genkey -v -keystore debug.keystore -alias VritiEducation -keyalg RSA -keysize 2048 -validity 20000
    Enter keystore password:
    keytool error: Keystore was tampered with, or password was incorrect Keystore was tampered with, or password was incorrect
    Caused by: Password verification failed
    ... 5 more

    1. If you receive the following error: "keytool error: Keystore was tampered with, or password was incorrect", it probably means that the value you specified for store_path already exists. Move or rename the file and rerun keytool.

      Normally To generate a new keystore file we will be using that command.

  5. thanks, it worked , saved me a lot of time :-)

  6. Hi there, I've done the abov and it verified the jar successfully with jarsigner -verify
    jar verified.

    But when trying adb install I still get the PARSE FAILED NO CERTIFICATES

    1. Check this command:
      "jarsigner -verify -verbose -certs your.apk"
      If jar is verified then there is no problem of certificate
      You can check the apk is certified or not in the console.

      you can try this command:
      "zipalign -v 4 your.apk new_your.apk"
      Then the generated apk, you can install.

    2. I re-followed your tutorial, seems somehow I missed out the zipalign bit initially :/. re-did it all but now on adb install -r myapk.apk, I am getting the following:

      root@ben:/home/ben/Myapk1.02/dist# adb install -r myAPKc.apk
      445 KB/s (4851069 bytes in 10.641s)
      pkg: /data/local/tmp/myAPKc.apk

      I then checked the jarsigner as per your reply and got at the end,
      jar verified.

      Then did zipalign and got:
      Verification successful.

      Re-tried adb install -r and got the same error as above.

    3. Ah, fixed, deleted the app off the phone rather than trying a re-install, all working! :)
      Cheers for the reply, and gret tutorial, very simple to follow.... (when I read it correctly)

  7. zipalign -v 4 D:\Test.apk D:\Testc.apk....hai sir please Explain about this ,,When i am trying to insatall GoogleLoginservice.apk i am getting

    D:\Android\sdk of me\sdk\platform-tools>adb install GoogleServicesFramework.apk
    81 KB/s (2221760 bytes in 26.627s)
    pkg: /data/local/tmp/GoogleServicesFramework.apk

    1. zipalign is an archive alignment tool that provides important optimization to Android application (.apk) files.
      -v : verbose output
      4 : to be aligned on 4-byte boundaries

      if the parser did not find any certificates in the .apk then we will be getting the following error INSTALL_PARSE_FAILED_NO_CERTIFICATES

  8. Hello Vardhan.

    I've done as you told, but get this when verifying :

    C:\"Program Files (x86)"\Java\jdk1.6.0_29\bin\jarsigner -verify C:\fred\GoogleServicesFramework_.apk

    jarsigner: java.lang.SecurityException: invalid SHA1 signature file digest for res/drawable-xhdpi/notification_system_update_download_failure.png

    Where did I went wrong ?

    1. If your png is unsigned then you will get following exception.

      Try this "zipalign -f -v -c 4 GoogleServicesFramework_.apk GoogleServicesFramework_new.apk "

      If above command wont work then try the below options

      There are some security exception with higher version of java.
      Try to add this parameters "-digestalg SHA1 -sigalg MD5withRSA" for jarsign and check.


      You can install lower version like JDK 1.6.26

  9. Hi Varadhan,

    When i run jarsigner i get jar verified, but i also get extra warning messages. Is that ok ?

    C:\Users\KarthikV\.android>jarsigner -verify D:\IRCTCMobile.apk
    jar verified.

    This jar contains entries whose certificate chain is not validated.

    Re-run with the -verbose and -certs options for more details.

    1. No, if your certificate chain is not yet validate then there will be problem in uploading file to market.
      Re-run with "jarsigner -verify -verbose -certs your.apk"
      You can identify where the problem is.

  10. Now getting different error. Thanks for reply.

    Step i followed :

    Command1 : keytool -genkeypair -alias androiddebugkey -keypass android -keystore debug.keystore -storepass android -dname "CN=Android Debug,O=Android,C=US" -validity 9999
    Command 2 : keytool -list -alias androiddebugkey -keystore debug.keystore -storepass android -keypass android Successfully
    Command 3 : jarsigner.exe -verbose -keystore debug.keystore FastNotepad.apk androiddebugkey

    Executed the above 3 commands successfully after removing the signature folder(ieMETA-INF) folder in the FastNotepad.apk file.

    After that executed "adb install FastNotepad.apk" command, for which i got error message Failure [Install_Parse_Failed_No_Certificates].

    Tried with both JDK 1.7 and 1.6. Tried with 3 different Windows 7, Windows XP machines. Same error msg. Unable to proceed further. Plz help.

    Thanks in advance.

    1. Also after Command 3 execution deleted META-INF folder gets created in FastNotepad.apk. If there is any possibility to chat with u directly plz let me know. Thanks. My Id is kvteen (at) gmail dot com.

    2. You can upload your apk and send me a link, I will support you in finding the solution.

    3. Hi Harsha, Thanks for replying.

      Please find the apk file in the below link. Size 4MB.

      Please let me know in case of any other queries. Thanks.

    4. Hi Karthik,

      From your manifest file, I have understood little information.

      META-INF Structure in Android is as follows
      But I found this files ANDROIDD.DSA, ANDROIDD.SF and MANIFEST.MF

      Your manifest file says
      Created-By: 1.7.0_25 (Oracle Corporation) instead of Created-By: 1.0 (Android)

      MANIFEST.MF contains the list of files present in the APK and digest. The default digest used is SHA-1

      Android uses SHA1-Digest but it is SHA-256-Digest.

      My guess the android project is not created by android guidelines.

      CERT.RSA The .SF file is signed and the signature is placed in the .RSA file. Signature block files produced using the RSA algorithm are saved with the extension .RSA, those generated with DSA or EC keys with the .DSA or .EC extensions, respectively. Multiple signatures can be performed, resulting in multiple .SF and .RSA/DSA/EC files in the JAR file's META-INF/ directory.
      I Prefer RSA, since supposed to encrypt the file with public key rather than doing with private key (DSA).

      By the above information. I can say your apk is verified with jarsigner but not with android, since android can't understand your apk structure, so it says install parse failed no certificates even though all your objects in apk is certified by jarsigner

    5. Thanks for reply. I fear it might be one of the issues mentioned here

      The below is the error message i got from logcat. Exception reading res/layout/booking_
      view.xml. SO renamed and deleted the /booking_view.xml but got same type error with next xml file in res/layout/. Any idea whats happening ? Once again thanks for reply.

      07-19 02:58:46.743 D/AndroidRuntime( 1339):
      07-19 02:58:46.743 D/AndroidRuntime( 1339): >>>>>> AndroidRuntime START com.andr
      oid.internal.os.RuntimeInit <<<<<<
      07-19 02:58:46.743 D/AndroidRuntime( 1339): CheckJNI is ON
      07-19 02:58:46.803 D/dalvikvm( 1339): Trying to load lib 0x0
      07-19 02:58:46.823 D/dalvikvm( 1339): Added shared lib 0x0
      07-19 02:58:46.863 D/dalvikvm( 1339): Trying to load lib 0x0
      07-19 02:58:46.873 D/dalvikvm( 1339): Added shared lib 0x0
      07-19 02:58:47.903 D/AndroidRuntime( 1339): Calling main entry
      07-19 02:58:47.983 W/ActivityManager( 280): No content provider found for permi
      ssion revoke: file:///data/local/tmp/IRCTCMobile.apk
      07-19 02:58:48.043 W/ActivityManager( 280): No content provider found for permi
      ssion revoke: file:///data/local/tmp/IRCTCMobile.apk
      07-19 02:58:48.043 I/PackageManager( 280): Copying native libraries to /data/ap
      07-19 02:58:48.203 W/PackageParser( 280): Exception reading res/layout/booking_
      view.xml in /data/app/vmdl-780346396.tmp
      07-19 02:58:48.203 W/PackageParser( 280): java.lang.SecurityException: META-INF
      /ANDROIDD.SF has invalid digest for org/htmlparser/parserapplications/filterbuil
      der/images/open.gif in /data/app/vmdl-780346396.tmp
      07-19 02:58:48.203 W/PackageParser( 280): at java.util.jar.JarVerifier.inv
      07-19 02:58:48.203 W/PackageParser( 280): at java.util.jar.JarVerifier.ver
      07-19 02:58:48.203 W/PackageParser( 280): at java.util.jar.JarVerifier.rea
      07-19 02:58:48.203 W/PackageParser( 280): at java.util.jar.JarFile.getInpu
      07-19 02:58:48.203 W/PackageParser( 280): at
      07-19 02:58:48.203 W/PackageParser( 280): at
      07-19 02:58:48.203 W/PackageParser( 280): at
      07-19 02:58:48.203 W/PackageParser( 280): at
      07-19 02:58:48.203 W/PackageParser( 280): at
      07-19 02:58:48.203 W/PackageParser( 280): at android.os.Handler.handleCall
      07-19 02:58:48.203 W/PackageParser( 280): at android.os.Handler.dispatchMe
      07-19 02:58:48.203 W/PackageParser( 280): at android.os.Looper.loop(Looper
      07-19 02:58:48.203 W/PackageParser( 280): at
      07-19 02:58:48.213 E/PackageParser( 280): Package com.rambalaboina.irctc has no
      certificates at entry res/layout/booking_view.xml; ignoring!
      07-19 02:58:48.404 D/dalvikvm( 280): GC_EXPLICIT freed 296K, 16% free 5810K/688
      8K, paused 16ms+15ms, total 173ms
      07-19 02:58:48.484 D/AndroidRuntime( 1339): Shutting down VM
      07-19 02:58:48.503 D/dalvikvm( 1339): GC_CONCURRENT freed 117K, 21% free 469K/58
      8K, paused 1ms+2ms, total 17ms

    6. If you resign the new one with a different signing key then also you will get this issue.
      I want to know, how you are generating apk file, its through ant or maven or with eclipse?

    7. Generating apk file ? You mean where i get my apk file. I just download from frees sites. For Eg : For IRTCT apk file i downloaded form the below given link.

      After i download i open it using 7 Zip Manager and delete the META_INF folder and run the above mentioned 3 commands.

      Also in your previous comments you have mentioned "android project is not created by android guidelines." So should i run different types of command ? Is there any way to solve it ?

      Once again. Thanks for reply.

    8. If apk is signed properly and then if you want to do this steps, we can't do because you won't have the private key of the keystore file with you, so you can't override properly.

    9. So is there any way to make it work ? Do u need any more information to find the root cause ? How to proceed further ? Can i start fresh ?

    10. Hi Karthik,

      I have tried when the apk is not signed but you are checking with apk which is signed already and trying to modify only certificate.
      I haven't tried this approach.
      When i get a time, I will also check from my side to achieve your idea.

  11. i recompiled the app and after following the above [rocess i face this problem

    This jar contains entries whose certificate chain is not validated.

    1. Try to generate apk from eclipse ADT and check.


      The above steps are for Java 1.6 not for Java 1.7, If you're using 1.7 plz uninstall and use 1.6
      For 1.7 commands has to be changed

  12. PLease I have not understand any of the ABOVE BLOG, but I have this error.... what to do now? Please explain me step by step...

    1. all the points shown in step by step.
      If your facing problem in any step, please let me know. I ca explain.

  13. For Android Studio
    Target : Android 5.0

    Build --> Build APK (not Generate Signed APK)
    pm install /dir/XXX.apk

    maybe works