jarsigner returns NullPointerException error

Question

I have a cordova app and am using cmd to build it and need to sign its release apk.

First I did it without the -tsa option so on running the command it asked the pwd and then was signed with the warning :

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 
-keystore my.keystore "apk\release\app-release-unsigned.apk" myaliasofkeystore

No -tsa or -tsacert is providedand this jar is not timestamped.

So i added the option -tsa timestamp.digicert.com :

jarsigner -tsa timestamp.digicert.com -verbose -sigalg SHA1withRSA -digestalg SHA1 
-keystore my.keystore "apk\release\app-release-unsigned.apk" myaliasofkeystore

Now, on running this command it asks for the password but after that yields this error :

jarsigner error: java.lang.NullPointerException

Answer 1

You don't need to add -tsa. Just ignore this warning about timestamp.

According to docs:

Time stamping the signature is recommended, and a warning is shown if the signature is not time stamped. The time stamp is used to verify that the certificate used to sign the JAR file was valid at the time of signing.

It means that after certificate is expired user could be assured that you've signed your APK before expiration day. But according to google docs:

If you plan to publish your apps on Google Play, the key you use to sign those APKs must have a validity period ending after 22 October 2033. Google Play enforces this requirement to ensure that users can seamlessly upgrade apps when new versions are available.

I don't think that it's a big deal if your user cannot validate certificate on 23 October 2033 :)