Using Xamarin.Android 10.3 I'm trying to sign a Release package from Visual Studio 16.6.5. In order not to include the password as plaintext on the csproj file, I've added a file in the project folder called Pass.txt and exluded it in the git.ignore file
But when it comes to the signing process it fails with:
Failed to load signer "signer #1"
java.io.IOException: Failed to read Key "myapp" password for signer #1 : end of file reached in C:\Users\myuser\source\repos\MyApp.Xamarin\Pass.txt
If I remove the file:Pass.txt and past the password it works fine.
According to this release we can use file: in Xamarin 10.1 an later.
<PropertyGroup>
<AndroidSigningStorePass>file:C:\Users\Windows User\AndroidSigningPassword.txt</AndroidSigningStorePass>
<AndroidSigningKeyPass>file:C:\Users\Windows User\AndroidSigningPassword.txt</AndroidSigningKeyPass>
</PropertyGroup>
Missed "Note that if the same file is specified for both settings, the file must contain two lines. The first line must be the keystore password, and the second line must be the alias password. – Fritjof Berggren just now"
Adding the password twice on the file fixed it
Sometimes the issue just fixes and you well never know how.
This is what I did and it is fixed.
Goto Tools>> Android >> Android ADB Command Prompt
Type C:\Android\SDK>adb remove {your Package Name}
Clean Project
Build in Release Mode
after that clean and rebuild in Debug mode.
For me this issue was that I have the folder in One Drive and I have set the option for saving space, so I just have the link in my machine,as soon as I download the file, it works
Related
In Huawei App Gallery I have to update an existing aab application. Site redirects me to App signing page and there are steps that I have to follow in order to sign the app successfully. These are the steps provided:
Obtain the pepk.jar file from the Internet or another legitimate source.
Export and encrypt your private key and public key certificate into a ZIP file. Parameters in bold must be replaced as needed. Then, enter your data storage location and key password as prompted.
java -jar pepk.jar --keystore test.jks --alias test --output=output.zip --encryptionkey=<some_encryption_key> --include-cert
Upload the ZIP file containing the private key and public key certificate. (The ZIP file contains only certificate.pem and encryptedPrivateKey.)
Now I have 2 problems.
First one is, when I run the code in 2nd step in CMD. I get include-cert flag is not provided error. However when I write --include-cert=certificate.pem or --include-cert certificate.pem it says flag is unrecognized.
Second one is, I put certificate.pem and private key to folder and then turn it into ZIP. But when I click on submit it gives me Make sure the package contains only the certificate.pem and encryptedPrivateKey files error. Is not encryptedPrivateKey is the file that is exported by AndroidStudio when you generate an app bundle or Apk into the same location with .pepk extension?
I don't know what am I missing in order to sign my application. Any help would be appreciated, thanks in advance
If "No value provided for flag: include-cert" is displayed, the pepk.jar file is incorrect. You need to replace it with a correct one.
https://developer.huawei.com/consumer/en/doc/development/AppGallery-connect-Guides/agc-appsigning-faq-0000001052944432
I get include-cert flag is not provided error. However when I write --include-cert=certificate.pem or --include-cert certificate.pem it says flag is unrecognized.
It is recommended that you do not change the command and follow the commands in the document.
You could click here to try out.
And this is the App Signing Operation Guide video for reference.
Some folders in my phone storage include files like this:
dzG럫saᡑῑ.sg
존Ὣ 졼).sg
So when I try to read files from this folder with File.listFiles() function my app crashes:
JNI DETECTED ERROR IN APPLICATION: input is not valid Modified UTF-8:
illegal start byte ...... string: 'dzG럫saᡑῑ.sg'
I found out which app creates them, but it doesn't matter, for example if other users would have similar files on their phone memory, I can't just ask them to remove it
I just want to avoid app crashing
Even try...catch doesn't help (cause error with JNI/LINUX/C++):
try {
... = dir.listFiles();
} catch (RuntimeException e) {
//
}
So how am I supposed to solve this problem?
Same issue here File.listFiles crashes for invalid UTF-8 characters
But answer with signing apk isn't good, how is it even related to this issue?
Any other solutions?
And seems debug apk is signed automatically (with debug certificate):
When running or debugging your project from the IDE, Android Studio
automatically signs your APK with a debug certificate generated by the
Android SDK tools. The first time you run or debug your project in
Android Studio, the IDE automatically creates the debug keystore and
certificate in $HOME/.android/debug.keystore, and sets the keystore
and key passwords.
As a workaround for API>=26 you can use DirectoryStream
I'm building Android from Source and use custom certificates. Now I get prompted for the Password each time a app is signed by the buildsystem.
Is there any way to avoid this?
I've stumbled upon the ANDROID_PW_FILE and used it by exporting it before a build. I used an empty File and a File with the following content:
[[[ password ]]] build/target/product/security/platform.pk8
.... More lines like this with same syntax....
But without success. I get prompted everytime.
If i run
$ python
>>> import os
>>> print(os.getenv("ANDROID_PW_FILE", None))
<<< /build/target/product/security/PASSWD
I can see the envvar is set. I also exported EDITOR=vim but I don't really understand what this should do. I've just noticed that the build/tools/releasetools/common.py checks if both are set and Prompts otherwise.
Any suggestions?
I had the same problem and solved this by eliminating whitespace from the file and eliminating the extensions. I basically did a copy/paste from the password prompt.
For example, if my password is abc123 my file is
[[[abc123]]]vendor/company/security/product/releasekey
[[[abc123]]]vendor/company/security/product/platform
[[[abc123]]]vendor/company/security/product/shared
[[[abc123]]]vendor/company/security/product/media
The new Android Studio allows us to save keystore passwords for later use. Where are these passwords stored on my computer (OSX), and is there a way to retrieve the saved values?
EDIT
I am looking for the Alias password, not the Keystore password
You can find this in the idea.log files generated by Android Studio:
Search for "Pandroid.injected.signing.key.password" and you can see the key password.
Example logs:
2015-11-13 10:22:48,844 [ 709463] INFO -
a.gradle.invoker.GradleInvoker - Build command line options:
[--configure-on-demand, -Pandroid.injected.invoked.from.ide=true,
-Pandroid.injected.signing.st ore.file=/Users/varun/Projects/myapp/mykey.jks,
-Pandroid.injected.signing.store.password=mykeystorepassword, -Pandroid.injected.signing.key.alias=myalias, -Pandroid.injected.signing.key.password=mykeypassword , -Pandroid.injected.apk.location=/Users/varun/code/android/workspace/myapp,
--init-script, /private/var/folders/vk/z504nlhd6v30p7zvtgjp5sjm0000gn/T/asLocalRepo0.gradle]
Note 1: On OSX the idea.log file can be found at ~/Library/Logs/AndroidStudio2.0
Note 2: If you don't find the password in idea.log, then also look at the files called idea.log.1, idea.log.2 and so on.
Source
On macOS the latest versions of Android Studio (tested on 3.2) store keystore/key passwords in the Keychain under the following items:
org.jetbrains.android.exportSignedPackage.KeystoreStep$KeyStorePasswordRequestor
org.jetbrains.android.exportSignedPackage.KeystoreStep$KeyPasswordRequestor
The former stores the password of the keystore itself, and the latter – the password to the key.
You can access them using system Keychain Access app. Locate corresponding entry and double-click it. The Account field should contain the path to your keystore or the path to the key alias within the keystore in the following form:
KEY_STORE_PASSWORD__/Users/username/keystorename or KEY_STORE_PASSWORD__/Users/username/keystorename__alias
Click Show password and enter your macOS password when requested. That's it!
Method 1: Read from gradle build runtime
Step 1: add below code to app/build.gradle
afterEvaluate {
if (project.hasProperty("android.injected.signing.store.file")) {
println "key store path: ${project.property("android.injected.signing.store.file")}"
}
if (project.hasProperty("android.injected.signing.store.password")) {
println "key store password: ${project.property("android.injected.signing.store.password")}"
}
if (project.hasProperty("android.injected.signing.key.alias")) {
println "key alias: ${project.property("android.injected.signing.key.alias")}"
}
if (project.hasProperty("android.injected.signing.key.password")) {
println "key password: ${project.property("android.injected.signing.key.password")}"
}
}
Step 2: from menu Build -> Generate Signed apk/bundle to start a build.
Step 3: open Build window located in Android Studio's bottom, lookup key store info
Method 2: Read from Idea persistent storage
I wrote a Idea plugin, named RestoreKeystorePlugin
Step 1: download jar file from download link
Step 2: install the plugin to Android Studio
then restart Android Studio if required
Step 3: select Tools -> Restore Keystore Info menu, it will show key store info on a dialog
For anyone attempting keystore password recovery on more recent versions of Android Studio and Ubuntu, it seems that most documented suggestions to recover the password from logs, gradle, etc no longer work. Corneliu's excellent brute force script is great - unless you chose a 16 character password with no dictionary words in it and would like a result some time this month :) Using the Intellij security.xml solution is no longer available to retrieve saved passwords from Android Studio either, as far as I can tell.
However - having dug around a bit, Android Studio 3.1 seems to use the OS keychain in Ubuntu 18.04, so retrieving a saved keystore password is as simple as:
open 'Passwords and Keys' (use super key and search 'password')
filter results by 'android'
look at each entry, they will be
something like org.jetbrains.android...KeyPasswordRequestor, and
open each one up in turn
expand the password dropdown and select
'Show password', it will look something like:
KEY_STORE_PASSWORD__/home/pathto/keystore/keystore-name.jks#mycoolpassword
Find the keystore you're looking for and the bit after # is your missing password. Hope that helps someone out there!
Gradle stores them within your project directory in a binary file. You can get them like this (from the project directory):
strings .gradle/GRADLE_VERSION/taskArtifacts/taskArtifacts.bin | grep storePassword -A1
(Thanks to https://stackoverflow.com/a/33624636/1982087 for the taskArtifacts.bin pointer)
look for the log file from the date which you had signed your apk and you can find your key info there like below.
-Pandroid.injected.signing.store.password=[store_password],
-Pandroid.injected.signing.key.alias=[alias],
-Pandroid.injected.signing.key.password=[key_password]
you can find your log files under
C:\Users\username.AndroidStudio[versionNum]\system\log\
I had the same problem!
it makes me crazy but I found a little script that it´s saves me: https://github.com/corneliudascalu/intellij-decrypt
I think it could help you.
Good Look
According to the 'help' target documentation:
debug: builds the applications and
signs it with a debug key
release; builds the application: the
generated APK file must be signed
before it is published
Here is what I found, which is a bit different than what I expected:
debug: ignores keystore definitions in build.properties whether you specify them or not. Which kesystore file is it using? The same as Eclipse: the default debug.keystore file in your Documents and Settings?
It creates two files:
-debug-unaligned.apk (signed, unaligned)
-debug.apk (signed, aligned)
release: 'help' says it doesn't sign it. It creates these files:
-unsigned.apk (unsigned, unaligned)
The next two are only if you have the values specified in build.properties:
-unaligned.apk (signed, unaligned)
-release.apk (signed, aligned)
Any helpful comments / verifications will be greatly appreciated.
Which kesystore file is it using? The same as Eclipse: the default debug.keystore file in your Documents and Settings?
Yes.
As far as the release target goes, you will get behaviour like this:
If you have lines like:
key.store=c:/users/me/my-release-key.keystore
key.alias=release_alias
key.store.password=myStorePassword
key.alias.password=myAliasPassword
in your build.properties, it will automatically build and sign your apk with no prompting for anything.
If you comment out the last two lines, then it will prompt you for the passwords, then complete a signed build if the passwords are OK.
If you don't have any of the above lines, then it will just build you an unsigned apk with no prompting for anything and end with:
-release-nosign:
[echo] No key.store and key.alias properties found in build.properties.
[echo] Please sign C:\dev\projects\AntBuilds\MyProject\bin\MyProject-unsigned.apk manually
[echo] and run zipalign from the Android SDK tools.
.
This answer works for me, I am using ant to auto-compile android app, it prompts and need password, I wrote one file named password, and using the command ---ant release < passwd,
However, it also prompts that I need input password.
Using the tips here
key.store=c:/users/me/my-release-key.keystore
key.alias=release_alias
key.store.password=myStorePassword
key.alias.password=myAliasPassword
I solved this problem.