We recently had a developer leave us and now I am in charge of uploading any updates to Google play. We opted in to App Signing so i was able to download the cert. I am not sure I did what was correct. I double clicked the .der file which installed the key into my Key manager on mac. Then i imported that key into the generated keystore for the apk using Keytool. I am able to choose it when I build the APK but then get an error saying
Cause: trusted certificate entries are not password-protected
Any help? Thanks!
The certificate cannot be used to sign the APK, it doesn't contain the private key. You should find the keystore that contains the upload key, identify the alias of that key and use that to sign.
If you don't have the keystore anymore, you can generate a new private key and contact Google support to reset it: https://support.google.com/googleplay/android-developer/answer/7384423?hl=en.
Related
I had a site where I compiled my game and converted it to apk. auto signed there. I was not getting sha1 vs warning. However, the site was closed and when I tried to sign myself I got a warning that sha1 would be the same.
not loaded
You have installed an APK signed with a different certificate than your previous APKs. You must use the same certificate. Your existing APKs are signed with certificates (fingerprints):
[SHA1: ORIGINAL FINGERPRINT HERE]
and the certificates used to sign the APK you uploaded have fingerprints:
[SHA1: THE NEW FINGERPRINT IS HERE] ''
I don't have a .jks file, I don't have alias and password. I saved the files in the photo while uploading my first game in 2017. Can I get jks from them? how can i sign?
enter image description here
In the first place that site might not have given you the release certificate and key. they might have given you the debug certificate and key. so when you try to sign the app again with those cert key pair you get the error.
That's how such sites i earn i belive
If you have already made a valid release in play console then you can issue a new certificate key pair from play console.
follow the link for extra info => https://www.quora.com/How-do-I-make-a-new-Certificate-Keystore-key-after-losing-the-key-of-my-Android-app
I have an android app that I have taken over development for and I am trying to push an update to the Google Play store. The original developer has given me the signing key, but I am not sure how to create a certificate or keystore from this signing key.
key format I was given:
1B:96:51:EE...43 (32 hex pair values separated by a colon)
I am familiar with creating a keystore from a self-signed certificate and using that keystore to sign the .apk. But, I am not sure how to achieve this from the given signing key.
I have read over the documentation provided by Google Google App Signing
I do not see in this documentation how to utilize the signing key in the format it was given to me.
With this format, it is very unlikely that what he gave you is actually the signing key. This looks more like the certificate fingerprint, from which you would not be able to sign an APK.
You should request the previous developer to give you the keystore they were signing the APK with. This should be a file with the extension jks, keystore, or possibly p12.
If the app was enrolled in Play Signing, you could alternatively contact the Play Developer Support and ask them to reset the upload key (they will give you the instructions).
I have an app already uploaded and published on play store. Now I want to update it. It was signed using google-play signing, I do have keystore and cert
but when I try to make a signed apk from android studio it gives me this error :
Trusted certificate entries are not password-protected
I also tried to make apk using jarsigner but still on luck.
I downloaded certificate then added certificate in jks but still there is error.
Certificate chain not found for: mykey. mykey must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.
mykey is valid key I can see it in keystore List
Well, the Keystore is not the certificate that Google gives you once you upload the app on the Google App store, the Keystore is the one that Android Studio gives you once you sign the app, it requires an Alias and a Password too to be more precise, however, try to find the Keystore because you can't update your own app without the SAME Keystore you used for the first upload, good luck and keep coding, let me know if you need more support or if you still have some doubt, have a good day!
I know a certificate contains a public key and some extra info (I hope) but is it saved in the apk file? Is it a file or text or what? And what is a signature exactly?
And in Android which one could we easily read to verify the app?
Certificates and keystores
A public-key certificate, also known as a digital certificate or an identity certificate, contains the public key of a public/private key pair, as well as some other metadata identifying the owner of the key (for example, name and location). The owner of the certificate holds the corresponding private key.
When you sign an APK, the signing tool attaches the public-key certificate to the APK. The public-key certificate serves as as a "fingerprint" that uniquely associates the APK to you and your corresponding private key. This helps Android ensure that any future updates to your APK are authentic and come from the original author. The key used to create this certificate is called the app signing key.
A keystore is a binary file that contains one or more private keys.
Every app must use the same certificate throughout its lifespan in order for users to be able to install new versions as updates to the app. For more about the benefits of using the same certificate for all your apps throughout their lifespans, see Signing Considerations below.
Sign your debug build
When running or debugging your project from the IDE, Android Studio automatically signs your APK with a debug certificate generated by the Android SDK tools. The first time you run or debug your project in Android Studio, the IDE automatically creates the debug keystore and certificate in $HOME/.android/debug.keystore, and sets the keystore and key passwords.
Because the debug certificate is created by the build tools and is insecure by design, most app stores (including the Google Play Store) will not accept an APK signed with a debug certificate for publishing.
Android Studio automatically stores your debug signing information in a signing configuration so you do not have to enter it every time you debug. A signing configuration is an object consisting of all of the necessary information to sign an APK, including the keystore location, keystore password, key name, and key password. You cannot directly edit the debug signing configuration, but you can configure how you sign your release build.
For more information about how to build and run apps for debugging,
As far as I know (I'm fairly new to android development), you sign your apk with a certificate. Someone correct me if I'm wrong.
Here is some additional information:
https://source.android.com/security/apksigning/v2
https://developer.android.com/studio/publish/app-signing.html
Also, if you want to publish via google play store, this is important to know for you:
The apk must be signed with the same certificates as the previous version
When you compile your APK, one of final steps is signing your APK. Actually it is adding 3 small files. You can rename any APK to ZIP, unpack it and you will find directory META-INF - it your signing information.
MANIFEST.MF and CERT.SF is very similar and contains list of files and their sha1/sha256 hash sums (one for files, second just for entries of first file), and CERT.RSA which is x509 certificate with your public key.
I created a keystore, created a key, and then signed my first app. I proceeded to upload the signed APK to the Google Play store, and multiple people have already downloaded the beta app. Since then, I have made some updates to my app and I need to upload a new APK. I use the Google Play App Signing. The certificate I initially signed my app with had the fingerprint [SHA1: 0A:...:1A].
I signed my updated app version with the SAME keystore and key combination. However, when I go to upload the new APK, I receive the error message "You uploaded an APK that is not signed with the upload certificate. You must use the same certificate. The upload certificate has fingerprint [SHA1: BB:...:31] and the certificate used to sign the APK you uploaded have fingerprint: [SHA1: 0A:...:1A]" then proceeds to talk about fingerprints. So I assume my issue is that I signed my APK under the "original" certificate I created alongside creating the key, and now I must use the "new" certificate from Google Play. I downloaded the "Upload Certificate" from the Google Play Console -> App Signing page, and verified the fingerprint is the same as the fingerprint being requested in the error ([ SHA1: BB:...:31 ]).
I imported the "Upload Certificate" into my keystore using Terminal command line "keytool -imporcert". My keystore now has 2 entries: My original key entry which is a "PrivateKeyEntry" with a certificate fingerprint [SHA1: 0A:...:1A], and then the imported certificate, which is a "trustedCertEntry" with the fingerprint [SHA1 BB:...:31], the same fingerprint as the Upload Certificate fingerprint.
I then attempted to sign my APK with the second key listed, which is a "trustedCertEntry". I received the error "Failed to read key >keyname< from store ">keystore<": trusted certificate entries are not password-protected. While signing, I entered a password, despite never actually giving the new key a password.
So my question is: what "password" am I supposed to be using? I have not found any documentation on Google's websites about using the "Upload Key" and I have found a few Stack Overflow questions regarding the Upload Key but no one has specifically addressed the matter. Usually, people redirect to "Just use the 'Generate Signed APK' button", but I would like to make clear: This option does not work.
Is there something I'm missing?