5/16/23, 9:50 PM App packager (MakeAppx.

exe) - Win32 apps | Microsoft Learn

App packager (MakeAppx.exe)

Article • 04/05/2022

７ Note

For UWP guidance on using this tool, see Create an app package with the
MakeAppx.exe tool.

App packager (MakeAppx.exe) creates an app package from files on disk or extracts the
files from an app package to disk. Starting with Windows 8.1, App packager also creates an
app package bundle from app packages on disk or extracts the app packages from an app
package bundle to disk. It is included in Microsoft Visual Studio and the Windows Software
Development Kit (SDK) for Windows 8 or Windows Software Development Kit (SDK) for
Windows 8.1 and newer. Visit Downloads for developers to get them.

The MakeAppx.exe tool is typically found in operating system version specific locations:

C:\Program Files (x86)\Windows Kits\10\bin<build number>

<architecture>\makeappx.exe

Where = x86, x64, arm, ar64 or chpe. Alternatively, it may be located in:

C:\Program Files (x86)\Windows Kits\10\App Certification Kit\makeappx.exe

To create a package using a directory structure

To create a package using a mapping file
To sign the package using SignTool
To extract files from a package
To create a package bundle using a directory structure
To create a package bundle using a mapping file
To extract packages from a bundle
To encrypt a package with a key file
To encrypt a package with a global test key
To decrypt a package with a key file
To decrypt a package with a global test key
Usage

https://learn.microsoft.com/en-us/windows/win32/appxpkg/make-appx-package--makeappx-exe- 1/9
5/16/23, 9:50 PM App packager (MakeAppx.exe) - Win32 apps | Microsoft Learn

Using App packager

７ Note

Relative paths are supported throughout the tool.

To create a package using a directory structure

Place the AppxManifest.xml in the root of a directory containing all of the payload files for
your app. An identical directory structure is created for the app package, and will be
available when the package is extracted at deployment time.

1. Place all files in a single directory structure, creating subdirectories as desired.

2. Create a valid package manifest, AppxManifest.xml, and place it in the root directory.

3. Run this command:

MakeAppx pack /d input_directorypath /p filepath.appx

To create a package using a mapping file

1. Create a valid package manifest, AppxManifest.xml.

2. Create a mapping file. The first line contains the string [Files], and the lines that follow
specify the source (disk) and destination (package) paths in quoted strings.

syntax

[Files]
"C:\MyApp\StartPage.htm" "default.html"
"C:\MyApp\readme.txt" "doc\readme.txt"
"\\MyServer\path\icon.png" "icon.png"
"MyCustomManifest.xml" "AppxManifest.xml"

3. Run this command:

MakeAppx pack /f mapping_filepath /p filepath.appx

https://learn.microsoft.com/en-us/windows/win32/appxpkg/make-appx-package--makeappx-exe- 2/9
5/16/23, 9:50 PM App packager (MakeAppx.exe) - Win32 apps | Microsoft Learn

To sign the package using SignTool

1. Create the certificate. The publisher listed in the manifest must match the publisher
subject information of the signing certificate. For more info about creating a signing
certificate, see How to create an app package signing certificate.

2. Run SignTool.exe to sign the package:

SignTool sign /a /v /fd hashAlgorithm /f certFileName filepath.appx

The hashAlgorithm must match the hash algorithm used to create the blockmap when
the app was packaged. With the MakeAppx packaging utility, the default Appx
blockmap hash algorithm is SHA256. Run SignTool.exe specifying SHA256 as the file
digest (/fd) algorithm:

SignTool sign /a /v /fd SHA256 /f certFileName filepath.appx

For more info about how to sign packages, see How to sign an app package using
SignTool.

To extract files from a package

1. Run this command:

MakeAppx unpack /p file.appx /d output_directory

2. The unpacked package has the same structure as the installed package.

To create a package bundle using a directory structure

We use the bundle command to create an app bundle at <output bundle name> by
adding all packages from <content directory> (including subfolders). If <content
directory> contains a bundle manifest, AppxBundleManifest.xml, it is ignored.

1. Place all packages in a single directory structure, creating subdirectories as desired.

2. Run this command:

MakeAppx bundle /d input_directorypath /p filepath.appxbundle

To create a package bundle using a mapping file

https://learn.microsoft.com/en-us/windows/win32/appxpkg/make-appx-package--makeappx-exe- 3/9
5/16/23, 9:50 PM App packager (MakeAppx.exe) - Win32 apps | Microsoft Learn

We use the bundle command to create an app bundle at <output bundle name> by
adding all packages from a list of packages within <mapping file>. If <mapping file>
contains a bundle manifest, AppxBundleManifest.xml, it is ignored.

1. Create a <mapping file>. The first line contains the string [Files], and the lines that
follow specify the packages to add to the bundle. Each package is described by a pair
of paths in quotation marks, separated by spaces or tabs. The pair of paths represents
the package's source (on disk) and destination (in bundle). All destination package
names must have the .appx extension.

syntax

[Files]
"C:\MyApp\MyApp_x86.appx" "MyApp_x86.appx"
"C:\Program Files (x86)\ResPack.appx" "resources\resPack.appx"
"\\MyServer\path\ResPack.appx" "Respack.appx"
"my app files\respack.appx" "my app files\respack.appx"

2. Run this command:

MakeAppx bundle /f mapping_filepath /p filepath.appxbundle

To extract packages from a bundle

1. Run this command:

MakeAppx unbundle /p bundle_name.appxbundle /d output_directory

2. The unpacked bundle has the same structure as the installed package bundle.

To encrypt a package with a key file

1. Create a key file. Key files must begin with a line containing the string "[Keys]"
followed by lines describing the keys to encrypt the package with. Each key is
described by a pair of strings in quotation marks, separated by spaces or tabs. The
first string represents the key ID and the second string represents the encryption key
in hexadecimal form.

syntax

[Keys]
"0"
https://learn.microsoft.com/en-us/windows/win32/appxpkg/make-appx-package--makeappx-exe- 4/9
5/16/23, 9:50 PM App packager (MakeAppx.exe) - Win32 apps | Microsoft Learn

"1AC4CDCFF1924D2885A0607269787BA6BF09B7FFEBF74ED4B9D86E423CF9186B"

2. Run this command:

MakeAppx.exe encrypt /p package_name.appx /ep encrypted_package_name.eappx

/kf keyfile_name.txt

3. The input package will be encrypted into the specified encrypted package using the
provided key file.

To encrypt a package with a global test key

1. Run this command:

MakeAppx.exe encrypt /p package_name.appx /ep encrypted_package_name.eappx

/kt

2. The input package will be encrypted into the specified encrypted package using the
global test key.

To decrypt a package with a key file

1. Create a key file. Key files must begin with a line containing the string "[Keys]"
followed by lines describing the keys to encrypt the package with. Each key is
described by a pair of strings in quotation marks, separated by spaces or tabs. The
first string represents the base64 encoded 32-byte key ID and the second string
represents the base64 encoded 32-byte encryption key.

syntax

[Keys]
"OWVwSzliRGY1VWt1ODk4N1Q4R2Vqc04zMzIzNnlUREU="
"MjNFTlFhZGRGZEY2YnVxMTBocjd6THdOdk9pZkpvelc="

2. Run this command:

MakeAppx.exe decrypt /p package_name.appx /ep

unencrypted_package_name.eappx /kf keyfile_name.txt

3. The input package will be decrypted into the specified unencrypted package using
the provided key file.
https://learn.microsoft.com/en-us/windows/win32/appxpkg/make-appx-package--makeappx-exe- 5/9
5/16/23, 9:50 PM App packager (MakeAppx.exe) - Win32 apps | Microsoft Learn

To decrypt a package with a global test key

1. Run this command:

MakeAppx.exe decrypt /p package_name.appx /ep

unencrypted_package_name.eappx /kt

2. The input package will be decrypted into the specified unencrypted package using
the global test key.

Usage
The command line argument /p is always required, with either /d, /f, or /ep. Note that /d,
/f, and /ep are mutually exclusive.

MakeAppx pack [options] /p <output package name> /d <content directory>

MakeAppx pack [options] /p <output package name> /f <mapping file>

MakeAppx unpack [options] /p <input package name> /d <output directory>

MakeAppx bundle [options] /p <output bundle name> /d <content directory>

MakeAppx bundle [options] /p <output bundle name> /f <mapping file>

MakeAppx unbundle [options] /p <input bundle name> /d <output directory>

MakeAppx encrypt [options] /p <input package name> /ep <output package name>

MakeAppx decrypt [options] /p <input package name> /ep <output package name>

Command-line Syntax
Here is the command-line common usage syntax for MakeAppx.

MakeAppx [pack|unpack|bundle|unbundle|encrypt|decrypt] [/h /kf /kt /l /o /no /nv /v

/pfn /?]

MakeAppx packs or unpacks the files in a package, bundles or unbundles the packages in
a bundle, or encrypts or decrypts the app package or bundle in the specified input
directory or mapping file. Here is the list of parameters that apply to MakeAppx pack,

https://learn.microsoft.com/en-us/windows/win32/appxpkg/make-appx-package--makeappx-exe- 6/9
5/16/23, 9:50 PM App packager (MakeAppx.exe) - Win32 apps | Microsoft Learn

MakeAppx unpack, MakeAppx bundle, MakeAppx unbundle, MakeAppx encrypt, or

MakeAppx decrypt.

/l

This option is used for localized packages. The default validation trips on localized
packages. This option disables only that specific validation, without requiring that all
validation be disabled.

/o

Overwrite the output file if it exists. If you don't specify this option or the /no option, the
user is asked whether they want to overwrite the file.

You can't use this option with /no.

/no

Prevents an overwrite of the output file if it exists. If you don't specify this option or the /o
option, the user is asked whether they want to overwrite the file.

You can't use this option with /o.

/nv

Skip semantic validation. If you don't specify this option, the tool performs a full validation
of the package.

/v

Enable verbose logging output to the console.

/?

Display help text.

MakeAppx pack , MakeAppx unpack , MakeAppx bundle, MakeAppx unbundle,

MakeAppx encrypt, and MakeAppx decrypt are mutually exclusive commands. Here are
the command-line parameters that apply specifically to each command:

MakeAppx pack [h]

Creates a package.

/h algorithm
https://learn.microsoft.com/en-us/windows/win32/appxpkg/make-appx-package--makeappx-exe- 7/9
5/16/23, 9:50 PM App packager (MakeAppx.exe) - Win32 apps | Microsoft Learn

Specifies the hash algorithm to use when creating the block map. Here are valid values for
algorithm:
SHA256 (default)
SHA384
SHA512

You can't use this option with the unpack command.

MakeAppx unpack [pfn]

Extracts all files in the specified package to the specified output directory. The output has
the same directory structure as the package.

/pfn

Specifies a directory named with the package full name. This directory is created under the
provided output location. You can't use this option with the pack command.

MakeAppx unbundle [pfn]

Unpacks all packages to a subdirectory under the specified output path, named after the
bundle full name. The output has the same directory structure as the installed package
bundle.

/pfn

Specifies a directory named with the package bundle full name. This directory is created
under the provided output location. You can't use this option with the bundle command.

MakeAppx encrypt [kf, kt]

Creates an encrypted app package from the specified input app package at the specified
output package.

/kf <key file>

Encrypts the package or bundle using the key from the specified key file. You can't use this
option with kt.

/kt

Encrypts the package or bundle using the global test key. You can't use this option with kf.

MakeAppx decrypt [kf, kt]

https://learn.microsoft.com/en-us/windows/win32/appxpkg/make-appx-package--makeappx-exe- 8/9
5/16/23, 9:50 PM App packager (MakeAppx.exe) - Win32 apps | Microsoft Learn

Creates an unencrypted app package from the specified input app package at the specified
output package.

/kf <key file>

Decrypts the package or bundle using the key from the specified key file. You can't use this
option with kt.

/kt

Decrypts the package or bundle using the global test key. You can't use this option with kf.

Semantic validation performed by MakeAppx

MakeAppx performs limited semantic validation that is designed to catch the most
common deployment errors and help ensure that the app package is valid.

This validation ensures that:

All files referenced in the package manifest are included in the app package.
An application does not have two identical keys.
An application does not register for a forbidden protocol from this list: SMB , FILE,
MS-WWA-WEB, MS-WWA.

This semantic validation is not complete, and packages built by MakeAppx are not
guaranteed to be installable.

https://learn.microsoft.com/en-us/windows/win32/appxpkg/make-appx-package--makeappx-exe- 9/9