I lost my keystore (.jks) file, and I was lucky - I used App signing before.
Therefore, Google was able to help me and reset my key.
But what is the next step with the SHA1 google gave me by mail?
They gave me the instruction for generating an upload_certificate.pem file that I sent them by mail.
And then, Google's answer was:
Good news - I was able to register your new upload key, you would need to update your app to use the new upload key certificate:
SHA1:....
Now I try to upload the APK with the jks file I used to generate the PEM file, also with a newly created jks file. in Google play console I get:
Your Android App Bundle is signed with the wrong key. Ensure that your app bundle is signed with the correct signing key and try again
What is the next step?
Presumably you created a new upload key following the instructions under "Create an upload key". These are roughly:
generate an upload key and store it safely. This gives you a key with alias something like "upload" in a keystore called something like "upload-keystore.jks"
export your certificate in PEM format using a command like $ keytool -export -rfc -keystore upload-keystore.jks -alias upload -file upload_certificate.pem
If this is what you did, then you need to sign your app with the keystore you created in step 1 "upload-keystore.jks" using alias "upload"
The SHA1 they sent you is just a way of confirming you used the right keystore. If you are still using the keystore for the PEM you sent them, then if you print out the certificate keystore from your APK it should match that SHA1.
You can print the SHA1 of the certificate from your signed APK with the command
keytool -list -printcert -jarfile app.apk
This will tell you the SHA1 of the certificate (key/keystore) you have used to sign it.
After I tried everything that came in mind, including "Invalidate cache and restart" in Android studio, the solution that worked was Build->clean.
Thanks to Dave Hubbard's answer
Related
I'm making an Android app using Expo. I download the upload certificate from Google Play Console. It's a .der file. I run:
keytool -importcert -file certificate.der -alias someAlias -keystore some.keystore
This creates a .keystore file of type .jks with 3 certificate fingerprints. The one which Google Play Console looks at during upload is the SHA1 fingerprint, which has 19 pairs of values such as 01:02:A1...
Using either expo build:android -t apk -c or expo build:android -t app-bundle -c to reset my keys and build an .apk or .aap, respectively, upon uploading to the Google Play Console, I receive an error that I haven't used the right key.
I get these errors:
.Apk error: You uploaded an APK that is not signed with the upload certificate. You must use the same certificate. The upload certificate has fingerprint: SHA1: 01:02:A1... - The fingerprint of my newly created .keystore according to keytool -list -v -keystore some.keystore; the error goes on to say - and the certificate used to sign the APK you uploaded has fingerprint:
SHA1: 98:97:96:... - an entirely different fingerprint.
.Aap error: Your Android App Bundle is signed with the wrong key. Ensure that your App Bundle is signed with the correct signing key and try again: SHA1: 55:66:77... - another completely different value.
I used the upload .der for the .apk version app build and the app signing .der for the .aap version app build, and both times the Google Play Console read a different value for the SHA1 fingerprint than the value which Keytool read for the same .keystore.
Switching keys, nor re-downloading, nor rebuilding had any affect, and keytool -list
always claim that the .keystore fingerprints match what the Google Play Console is asking for.
Is there something simple I'm missing? Any help appreciated.
I've answered a similar question in detail in How to use upload certificate to release an app update? but in short, you cannot use a certificate to sign an APK or App Bundle: the certificate only contains the public key while you need the private key to sign an APK or App Bundle.
Google does not have the private key so you can't download it from the Play Console. You need to use the same keystore that you used to sign your first APK you uploaded to the console, you cannot create a new one.
If you've lost that keystore, you need to contact the Play developer support and let them know, they'll give you instructions on how to reset it.
I just updated my android studio to 4.0, I didn't store the passwords anywhere., Its just the same .jks key am using to sign the apk, and Now I am not able to generate signed apk. 1 week before I generated the app using the same key, and it worked. Now not., I tried searching in logs. no use,. I tried searching in taskHistory and executionHistory.
Another problem is If I click generate signed apk, nothing is happening now. But I am able to create new keystore and generate the apk.
I just found my keystore password. by typing this command.
keytool -list -v -keystore "C:\Users\User1\Desktop\try\keystoreone.jks"
It asked for keystore password, and I tried one by one, and my usual password worked, the keystore file opened to reveal the details. But how do I find the key alias password?
If youre enrolled in App Signing by Google Play then you can just contact support and send them a new pepk or pem otherwise you will have to create a new app.
We have a few apps published in Google Play, all are signed with same keystore. Last year we switched to app bundles, enabled signing by Google Play. Everything works fine when signing and uploading bundle manually. Although when I tried uploading bundle to Google Play via fastlane it gives me an error:
Google Api Error: apkNotificationMessageKeyBundleSignedWithWrongKey: The Android App Bundle was signed with the wrong key. Found: SHA1:...., expected: SHA1:......
If I upload same .aab manually, everything is fine.
What should I do? I suppose something from
Google Play signing.
I don't want to break anything since I'm only a developer and not account owner. Can I generate new keystore without breaking existing?
Edit: on App Signing tab in Google console I can download upload_cert.der and deployment_cert.der
The verification of the signing key via the API or via the Play Console UI is the same, so you are likely not uploading the same file manually and via fastlane.
Make sure that the same keystore file (and same key alias) is used to sign the App Bundle in fastlane.
I realized that I didn't specify package_name parameter in fastlane supply command so it tried to upload bundle to a wrong app. Silly me.
For those who might be interested I contacted Google Support with this question and they suggested me to reset key for an app. But it wasn't necessary after all
you can’t recover your lost keystore but you can replace keystore on playstore, you just need to enable google play app signing on play store console You can Replace new Keystore certification on play store. than you can update your app,No need to Remove Your app from play Store You can Update Your app. it’s Possible now, After May 2017 you can Update your app if you lost your keystore or keystore password. you can update your app using new Keystore file please refer this blog
https://support.google.com/googleplay/android-developer/answer/7384423?hl=en
Follow the instructions in the Android Studio Help Center to generate a new key. It must be different from any previous keys. Alternatively, you can use the following command line to generate a new key: keytool -genkeypair -alias upload -keyalg RSA -keysize 2048 -validity 9125 -keystore keystore.jks
This key must be a 2048 bit RSA key and have 25-year validity.
2.Export the certificate for that key to PEM format: keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jks
3.Reply to this email and attach the upload_certificate.pem file.
I lost my key store password, I want to update my app on plays store but don't want to loose my user base.
Can any one suggest me how to update app or how I can get my key store password.
Thanks in advance.
Sorry, the answer is there's absolutely no way to update your app with your keystore without the password.
You have to unlist your app and build with a new keystore, list a new one. Users will not see the updated app because the listing is now pointing at a different entry.
Please keep your keystore file like your life.
0
AS I lost my Keystore, and was unable to return it back, read google documentation about getting a new key.
Google: If you’ve lost your private upload key or it’s been compromised, you can create a new one, and then ask your account owner to contact support to reset the key. When contacting support, make sure your account owner attaches the upload_certificate.pem file.
I emailed google at the following link: https://support.google.com/googleplay/android-developer/contact/key
They sent me the following commands to re-generate keystore and certificate.pem:
Here’s how to generate and register a new upload key:
Follow the instructions in the Android Studio Help Center to generate a new key. It must be different from any previous keys. Alternatively, you can use the following command line to generate a new key:
keytool -genkeypair -alias upload -keyalg RSA -keysize 2048 -validity 9125 -keystore keystore.jks
This key must be a 2048 bit RSA key and have 25-year validity. Export the certificate for that key to PEM format:
keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jks
Reply to this email and attach the upload_certificate.pem file, after replying, they will send an email mentioning your key store will be updated after 2 days,
now you have a new key store, in order to generate a signed bundle keys, you must do the following:
1- Go to the android side in your flutter (2.8.1) project. 2- go to settings> Build, Execution ..> Gradle> 3- change gradle JDK to something between 16 and 11, **JDK 15 worked for me.
note: if you don't have jdk, you can download it in same place Gradle JDK with jdk download option. note: you must build your signed app bundle within android only not inside flutter framework.
I updated Android Studio yesterday and today I wasn't able to update my app on Google Play Store. When I upload the APK file, Google tells me that the app is signed with a different key but I used the same keystore as always, how can I fix this? How can I check which keys are stored in my keystore and how to choose which one to use?
I saw other similar questions but it was not enough detailed.
Thanks in advance.
If you have access to the APK that is currently online, you can check the signed certificate hashes.
Firstly get the hashes of your APK that is online:
keytool -list -printcert -jarfile online.apk
Then check the hash of your newer APK:
keytool -list -printcert -jarfile new.apk
You can compare for example, the SHA1 hash:
SHA1: 00:...*snip*...:FF
If they don't match then you know that the keystore you are using is not correct.
In Android Studio when you Generate Signed APK, and select the correct key store. Once you enter the correct keystore password, you will be able to select stored keys in Key alias part. Click on ... and in new dialog (Choose Key) you will see all your stored keys under Use an existing key dropdown