How to Sign Zip Files

Zip files are compressed archives of one or more files and folders. Originally used for archive purposes, they are now a common way of ensuring a person who downloads files such as programs or collections of documents is not missing an important file. The software used to create zip files does not contain digital signature functionality, so external programs must be used.

...
Signing a Zip file requires a digital 'key.'

Step

Open a Command Prompt or terminal window and browse to your openssl. In Windows, use Start -> Programs -> Accessories -> Command Prompt or type “cmd” into the “Run” function in the Start Menu. If you do not have OpenSSL installed, download and install it. You need OpenSSL, PGP or their equivalents to create a private key and a corresponding public key, which act as your digital signature.

Step

Enter the following commands to generate a new private key and a corresponding public key for yourself. “openssl genrsa -out key.pem 1024”, “openssl req -new -key key.pem -out request.pem” “openssl x509 -req -days 9999 -in request.pem -signkey key.pem -out certificate.pem” “openssl pkcs8 -topk8 -outform DER -in key.pem -inform PEM -out key.pk8 -nocrypt”.

Step

You have now created a public and private key pairing, certificate.pem and key.pk8, which act together as your signature.

Step

Open Windows explorer or Finder in Mac OS X and browse to the OpenSSL directory. Copy certificate.pem and key.pk8 to a safe place, then make another copy of them in your SignApk directory. If you do not have SignApk installed, download and install it. Copy the .Zip file to be digitally signed into the SignApk directory as well.

Step

Return to the Command Prompt. Change directory to the SignApk directory using the “cd” command. Enter the following command to create a new, digitally signed copy of your .Zip file: “java -jar signapk.jar certificate.pem key.pk8 zipfile.zip signed-zipfile.zip”, where “zipfile.zip” is the name of your .Zip file. For this command to function, you must have Java installed on your computer; as SignApk is a Java program. This also works for Android .Apk files.