diff --git a/src/main/kotlin/app/revanced/cli/signing/Signing.kt b/src/main/kotlin/app/revanced/cli/signing/Signing.kt
index 0b750c16..af8669cd 100644
--- a/src/main/kotlin/app/revanced/cli/signing/Signing.kt
+++ b/src/main/kotlin/app/revanced/cli/signing/Signing.kt
@@ -16,9 +16,10 @@ object Signing {
         // sign the alignedOutput and write to signedOutput
         // the reason is, in case the signer fails
         // it does not damage the output file
-        Signer(cn, password).signApk(alignedOutput, signedOutput)
+        val keyStore = Signer(cn, password).signApk(alignedOutput, signedOutput)
 
-        // afterwards copy over the file to the output
+        // afterwards copy over the file and the keystore to the output
         signedOutput.copyTo(outputFile, true)
+        keyStore.copyTo(outputFile.resolveSibling(keyStore.name), true)
     }
 }
diff --git a/src/main/kotlin/app/revanced/utils/signing/Signer.kt b/src/main/kotlin/app/revanced/utils/signing/Signer.kt
index 28ef43c1..25c29cde 100644
--- a/src/main/kotlin/app/revanced/utils/signing/Signer.kt
+++ b/src/main/kotlin/app/revanced/utils/signing/Signer.kt
@@ -48,10 +48,11 @@ internal class Signer(
         return JcaX509CertificateConverter().getCertificate(builder.build(signer)) to pair.private
     }
 
-    fun signApk(input: File, output: File) {
+    fun signApk(input: File, output: File): File {
         Security.addProvider(BouncyCastleProvider())
 
-        val ks = File(input.parent, "revanced-cli.keystore")
+        // TODO: keystore should be saved securely
+        val ks = File(input.parent, "${output.nameWithoutExtension}.keystore")
         if (!ks.exists()) newKeystore(ks)
 
         val keyStore = KeyStore.getInstance("BKS", "BC")
@@ -70,5 +71,7 @@ internal class Signer(
         signer.setOutputApk(output)
 
         signer.build().sign()
+
+        return ks
     }
 }
\ No newline at end of file