I had a site where I compiled my game and converted it to apk. auto signed there. I was not getting sha1 vs warning. However, the site was closed and when I tried to sign myself I got a warning that sha1 would be the same.
not loaded
You have installed an APK signed with a different certificate than your previous APKs. You must use the same certificate. Your existing APKs are signed with certificates (fingerprints):
[SHA1: ORIGINAL FINGERPRINT HERE]
and the certificates used to sign the APK you uploaded have fingerprints:
[SHA1: THE NEW FINGERPRINT IS HERE] ''
I don't have a .jks file, I don't have alias and password. I saved the files in the photo while uploading my first game in 2017. Can I get jks from them? how can i sign?
enter image description here
In the first place that site might not have given you the release certificate and key. they might have given you the debug certificate and key. so when you try to sign the app again with those cert key pair you get the error.
That's how such sites i earn i belive
If you have already made a valid release in play console then you can issue a new certificate key pair from play console.
follow the link for extra info => https://www.quora.com/How-do-I-make-a-new-Certificate-Keystore-key-after-losing-the-key-of-my-Android-app
Related
I have an app on Play Store, and I am trying to release an update, I have the jks file and pepk file generated during the first time of release apk, I am using the same jks but google can't verify it
You uploaded an APK that is not signed with the upload certificate. You must use the same certificate. The upload certificate has fingerprint:
[ SHA1: F8:24 ]
and the certificate used to sign the APK that you uploaded have fingerprint:
[ SHA1: F5:05 ]
Certainly the certificates does not match but it is the same jks file. I don't know what is the problem.
Please any expert here help me.
You are likely confusing the app signing key and the app upload key.
When you enroll in Play Signing for an existing app, you are not only uploading this "PEPK file" (the encrypted app signing key), but you are also prompted if you want to generate a separate upload key, and if you do so, you have to create another keystore then also upload the certificate associated with that new key.
I suspect that you generated the upload key and uploaded the certificate and that's the one you should be now signing your APK with. You thus need to change your signing configuration in your build system to point to that new keystore.
If you can't find that keystore that you created then, you'll have to reach out to Google Play Developer support to reset the upload key (where they'll give you the commands to create the keystore for your upload key again).
I have an app already uploaded and published on play store. Now I want to update it. It was signed using google-play signing, I do have keystore and cert
but when I try to make a signed apk from android studio it gives me this error :
Trusted certificate entries are not password-protected
I also tried to make apk using jarsigner but still on luck.
I downloaded certificate then added certificate in jks but still there is error.
Certificate chain not found for: mykey. mykey must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.
mykey is valid key I can see it in keystore List
Well, the Keystore is not the certificate that Google gives you once you upload the app on the Google App store, the Keystore is the one that Android Studio gives you once you sign the app, it requires an Alias and a Password too to be more precise, however, try to find the Keystore because you can't update your own app without the SAME Keystore you used for the first upload, good luck and keep coding, let me know if you need more support or if you still have some doubt, have a good day!
I have uploaded the first version of my app to the google play console, today I have tried to upload the second version but it gives me an error: the sha-1 signing certificate is different from the upload one and I can't upload the apk.
How can I generate a signing certificate that has the same sha-1 of the upload one?
You need to use the same keystore (*.jks file) to sign your APK as you used when you uploaded the first version.
If you don't have the keystore anymore, then either you are enrolled in App Signing by Play and you can request your key to be reset, or if you are not, then you won't be able to update your app anymore: you'll need to create a new app with a new package name.
We recently had a developer leave us and now I am in charge of uploading any updates to Google play. We opted in to App Signing so i was able to download the cert. I am not sure I did what was correct. I double clicked the .der file which installed the key into my Key manager on mac. Then i imported that key into the generated keystore for the apk using Keytool. I am able to choose it when I build the APK but then get an error saying
Cause: trusted certificate entries are not password-protected
Any help? Thanks!
The certificate cannot be used to sign the APK, it doesn't contain the private key. You should find the keystore that contains the upload key, identify the alias of that key and use that to sign.
If you don't have the keystore anymore, you can generate a new private key and contact Google support to reset it: https://support.google.com/googleplay/android-developer/answer/7384423?hl=en.
I created a keystore, created a key, and then signed my first app. I proceeded to upload the signed APK to the Google Play store, and multiple people have already downloaded the beta app. Since then, I have made some updates to my app and I need to upload a new APK. I use the Google Play App Signing. The certificate I initially signed my app with had the fingerprint [SHA1: 0A:...:1A].
I signed my updated app version with the SAME keystore and key combination. However, when I go to upload the new APK, I receive the error message "You uploaded an APK that is not signed with the upload certificate. You must use the same certificate. The upload certificate has fingerprint [SHA1: BB:...:31] and the certificate used to sign the APK you uploaded have fingerprint: [SHA1: 0A:...:1A]" then proceeds to talk about fingerprints. So I assume my issue is that I signed my APK under the "original" certificate I created alongside creating the key, and now I must use the "new" certificate from Google Play. I downloaded the "Upload Certificate" from the Google Play Console -> App Signing page, and verified the fingerprint is the same as the fingerprint being requested in the error ([ SHA1: BB:...:31 ]).
I imported the "Upload Certificate" into my keystore using Terminal command line "keytool -imporcert". My keystore now has 2 entries: My original key entry which is a "PrivateKeyEntry" with a certificate fingerprint [SHA1: 0A:...:1A], and then the imported certificate, which is a "trustedCertEntry" with the fingerprint [SHA1 BB:...:31], the same fingerprint as the Upload Certificate fingerprint.
I then attempted to sign my APK with the second key listed, which is a "trustedCertEntry". I received the error "Failed to read key >keyname< from store ">keystore<": trusted certificate entries are not password-protected. While signing, I entered a password, despite never actually giving the new key a password.
So my question is: what "password" am I supposed to be using? I have not found any documentation on Google's websites about using the "Upload Key" and I have found a few Stack Overflow questions regarding the Upload Key but no one has specifically addressed the matter. Usually, people redirect to "Just use the 'Generate Signed APK' button", but I would like to make clear: This option does not work.
Is there something I'm missing?