First, the answer:
- Sign using JDK‘s
jarsigner.exeand your keystore, SHA1 and timestamp.
- Align using
zipalign.exe -v 4(from Android SDK Tools). 4-bytes, is to provide a 32-bit alignment.
Do not align-again (after signing),
not having the archived changed in any way.
You may extract/delete the content of
and create a new archive (which you may sign/align later).
Simple right? – So why the confusion?