How to Sign Zip Files

Techwalla may earn compensation through affiliate links in this story. Learn more about our affiliate and product review process here.
Signing a Zip file requires a digital 'key.'

Zip files are compressed archives of one or more files and folders. Originally used for archive purposes, they are now a common way of ensuring a person who downloads files such as programs or collections of documents is not missing an important file. The software used to create zip files does not contain digital signature functionality, so external programs must be used.


Step 1

Open a Command Prompt or terminal window and browse to your openssl. In Windows, use Start -> Programs -> Accessories -> Command Prompt or type "cmd" into the "Run" function in the Start Menu. If you do not have OpenSSL installed, download and install it. You need OpenSSL, PGP or their equivalents to create a private key and a corresponding public key, which act as your digital signature.


Video of the Day

Step 2

Enter the following commands to generate a new private key and a corresponding public key for yourself. "openssl genrsa -out key.pem 1024", "openssl req -new -key key.pem -out request.pem" "openssl x509 -req -days 9999 -in request.pem -signkey key.pem -out certificate.pem" "openssl pkcs8 -topk8 -outform DER -in key.pem -inform PEM -out key.pk8 -nocrypt".


You have now created a public and private key pairing, certificate.pem and key.pk8, which act together as your signature.

Step 3

Open Windows explorer or Finder in Mac OS X and browse to the OpenSSL directory. Copy certificate.pem and key.pk8 to a safe place, then make another copy of them in your SignApk directory. If you do not have SignApk installed, download and install it. Copy the .Zip file to be digitally signed into the SignApk directory as well.



Step 4

Return to the Command Prompt. Change directory to the SignApk directory using the "cd" command. Enter the following command to create a new, digitally signed copy of your .Zip file: "java -jar signapk.jar certificate.pem key.pk8", where "" is the name of your .Zip file. For this command to function, you must have Java installed on your computer; as SignApk is a Java program. This also works for Android .Apk files.



references & resources

Report an Issue

screenshot of the current page

Screenshot loading...