I've successfully generated, signed, uploaded, and published my app bundle from within Android Studio using Google's recommended method where they manage my release keys and I sign locally with an "upload" key.
The keys I created are:
private_key.pepk
PlayStoreUploadKey.jks
The "Generate Signed Bundle or APK" dialog in Android Studio has a Key store path to "PlayStoreUploadKey.jks", a Kay alias of "upload", and the appropriate Key store password and Key password.
I want to automate the signing process and Google recommends using 'jarsigner' to do so. My command line for doing so is as follows.
jarsigner -verbose -sigalg SHA256withRSA -digestalg SHA-256 -keystore ./PlayStoreUploadKey.jks -signedjar '.\app\build\outputs\bundle\productionRelease\app-production-release-signed.aab' '.\app\build\outputs\bundle\productionRelease\app-production-release.aab' 'upload'
This fails with the following error.
jarsigner: Certificate chain not found for: 'upload'. 'upload' must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.
Why does this work in Android Studio but not on the command line?
Related
I have an APK which I got out of a CI pipeline. The CI pipeline builds in release mode but only generates unsigned APKs.
In order to test the generated APK on a real device, I would like to sign it with my debug key. (I have an earlier version of that APK installed, built locally and signed with my debug key, and would like to keep the data.)
Is that possible? How do I do that from the command line?
Assumig you have a debug key, try this command -
jarsigner -verbose -keystore ~/.android/debug.keystore -storepass android -keypass android path/to/my.apk androiddebugkey
(The default key store resides in ~/.android/debug.keystore, both passphrases are android, and the key alias to use is androiddebugkey.)
And, next to verify its signature use
jarsigner -verify -verbose -certs app-release-unsigned.apk
Note that the APK will be modified; work on a copy if you don’t want that.
I am currently working in a pharmaceutical company which also publishes apps. Until now the only scope was iOS and now they want to create Android apps.
From the developers we receive an unsigned .aab file because we have an internal validation process.
After that process we need to resign the app to deploy it in the Google Play Console.
But as i upload the .aab i get: "You uploaded an APK with an invalid signature (learn more about signing). Error from apksigner:"
with no further information
As Mentioned we get a clean .aab file, no more no less and need to deploy it.
I have created a new app in the console, enabled app signing, downloaded the pepk.jar file, run the code attached to the pepk, uploaded the output file and downloaded the upload_cert.der file.
Now i already tried to import the .der file in my .keystore file and resigned the .aab --> no success
$ keytool -importcert -file upload_cert.der -keystore appname.keystore
i tried to create a .jks keystore and import the .der --> no success
--
example code of keystore creation:
$ keytool -genkey -v -keystore appname.keystore -alias alias -keyalg RSA -keysize 2048 -validity 10000
example code of the signing:
$ jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore appname.keystore appname_unsigned.aab "alias"
example code of zipalign:
$ zipalign -v 4 appname_signed.aab cimzia_aligned.aab
What is going wrong?
Any idea?
Welcome Niels.
You need to understand better the concepts behind signing, in particular the .der file does not contain your private key so you will be unable to sign your AAB with it.
I have provided for that purpose an extensive description of the various concepts in this answer: Use provided upload_cert.der to sign a release Android APK file
Have a read and hopefully it will help.
The tldr is that you should use your private upload key, which only you have (Google does not have this key -- unless you've explicitly chosen to use the same as your signing key), not the .der file that Google lets you download since it only contains the public part of the upload key.
Depending how you enrolled in Play Signing, the private key could be the original keystore you used to sign your APKs with, or some other key you generated when you enrolled (when prompted to use a different upload key). The official documentation should explain all the process in details.
when i test my app,it shows map.But after i published on play store the map is not showing.i followed this steps to generate the SHA1 key.Then I generated google maps API key with package name and sha1 key.Then i pasted that key in google maps API.xml but the map is not showing after i publish.i am new to android .any help
You may follow this tutorial. It is based on this documentation: Sign Your App.
To generate keystores for signing Android apps at the command line, use:
$ keytool -genkey -v -keystore my-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
To create a debug keystore, use:
$ keytool -genkey -v -keystore debug.keystore -storepass android -alias androiddebugkey -keypass android -keyalg RSA -keysize 2048 -validity 10000
Keystore name: "debug.keystore"
Keystore password: "android"
Key alias: "androiddebugkey"
Key password: "android"
CN: "CN=Android Debug,O=Android,C=US"
For your release keystore, do the same as above but choose a name, alias, and password that you prefer.
ANOTHER step is to use Android Studio to manually generate signed APKs, either one at a time, or for multiple build variants at once.
To manually sign your APK for release in Android Studio, follow these steps:
In the menu bar, click Build > Generate Signed APK.
Select the module you would like to release from the drop down, and click Next.
If you already have a keystore, go to step 5. If you want to create a new keystore, click Create new.
On the New Key Store window, provide the following information for your keystore and key.
Keystore
Key store path: Select the location where your keystore should be created.
Password: Create and confirm a secure password for your keystore.
Key
Alias: Enter an identifying name for your key.
Password: Create and confirm a secure password for your key. This should be different from the password you chose for your keystore
Validity (years): Set the length of time in years that your key will be valid. Your key should be valid for at least 25 years, so you can sign app updates with the same key through the lifespan of your app.
Certificate: Enter some information about yourself for your certificate. This information is not displayed in your app, but is included in your certificate as part of the APK.
Once you complete the form, click OK.
On the Generate Signed APK Wizard window, select a keystore, a private key, and enter the passwords for both. (If you created your keystore in the last step, these fields are already populated for you.) Then click Next.
On the next window, select a destination for the signed APK(s), select the build type, (if applicable) choose the product flavor(s), and click Finish.
When the process completes, you will find your signed APK in the destination folder you selected above.
For more information, you can check the documentation. Hope this helps!
I'm trying to deploy an android apk created by Cordova but I'm wrong. Here is my process :
1)Build the release apk : cordova build android --release
2)Generate a keystore : keytool -genkey -v -keystore my-release-key.keystore -alias com.MyCompany.AppsName -keyalg RSA -keysize 2048 -validity 10000
I create password named MyPass, and write all information in the form (name, country,...)
3)Signed the Apps : jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore android-release-unsigned.apk com.MyCompany.AppsName
4)Checked for signing : jarsigner -verify -verbose -certs android-release-unsigned.apk
I get this output :
"jar verified.
Warning:
This jar contains entries whose certificate chain is not validated.
This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2043-12-07) or after any future revocation date."
5)Zip the Apk : "c:\pathtosdk\zipalign.exe" -v 4 android-release-unsigned.apk com.MyCompany.AppsName.apk
6)And then i copy the Apk on a android device.
But when I try to install the Apps, the device ask me to allow unknown sources... like it's not signed.
Is anyone who know where i'm wrong ?
Thanks in advance
Your apk is probably signed and perfectly fine. the reason it asks to allow unknown sources because by default it does not allows to install .apk files from other sources than google play store. Security issues
https://support.google.com/nexus/answer/2812853?hl=en
That's the message you will receive if your not downloading the app from the play store which is true for you case. That doesn't have anything to do with the app being signed.
Try to install a derived a apk. First release your app in Alpha Release of play store. Then download the derived apk from alpha release. I think that will help.
I don't have source code only have .apk file and i want to sign and zip-align it to upload on play store.
How i can do this?
From official guide
Signing Your App Manually
You do not need Android Studio to sign your app. You can sign your app from the command line using standard tools from the Android SDK and the JDK. To sign an app in release mode from the command line:
Generate a private key using keytool. For example:
$ keytool -genkey -v -keystore my-release-key.keystore -alias
alias_name -keyalg RSA -keysize 2048 -validity 10000
This example prompts you for passwords for the keystore and key, and to provide the Distinguished Name fields for your key. It then generates the keystore as a file called my-release-key.keystore. The keystore contains a single key, valid for 10000 days. The alias is a name that you will use later when signing your app.
Compile your app in release mode to obtain an unsigned APK.
Sign your app with your private key using jarsigner:
$ jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore my_application.apk alias_name
This example prompts you for passwords for the keystore and key. It then modifies the APK in-place to sign it. Note that you can sign an APK multiple times with different keys.
4. Verify that your APK is signed. For example:
$ jarsigner -verify -verbose -certs my_application.apk
Align the final APK package using zipalign.
$ zipalign -v 4 your_project_name-unaligned.apk your_project_name.apk
zipalign ensures that all uncompressed data starts with a particular byte alignment relative to the start of the file, which reduces the amount of RAM consumed by an app.