Failed to read key *** from store ***: Cannot recover key - android

I've go this project, and when i try to generate a signed apk, i get this error:
Failed to read key *** from store ***: Cannot recover key
(the *** is to protect privacy)
I have read multiple answerers on here about this, most of them blame either the password, or the alias. However, i can build an earlier version of the same project, using the same keystore, with the same password and the same alias.
NOTE: The new version only changed the source code, and added some dependencies. The keystore is stored on the machine, separate from the repository.
Why wont it sign?
Any help is greatly appreciated!

I know that topic is old, but I've spotted same issue.
In my case JKS keysore was using proprietary format after migrating to PKCS12 format everything started working fine.
Type this in CMD:
keytool -importkeystore -srckeystore ***.jks -destkeystore ***.jks -deststoretype pkcs12
replace *** with name of your keystore.

Related

Android- App has been signed with an insecure key size [duplicate]

I am facing this problem while building the project. Below is the stacktrace. I created a new keystore file for release key but didn't work.
Caused by: java.io.IOException: Failed to generate v1 signature
at com.android.tools.build.apkzlib.sign.SigningExtension.onOutputZipReadyForUpdate(SigningExtension.java:292)
at com.android.tools.build.apkzlib.sign.SigningExtension.access$200(SigningExtension.java:53)
at com.android.tools.build.apkzlib.sign.SigningExtension$1.lambda$beforeUpdate$2(SigningExtension.java:171)
at com.android.tools.build.apkzlib.zip.ZFile.notify(ZFile.java:2154)
at com.android.tools.build.apkzlib.zip.ZFile.update(ZFile.java:923)
at com.android.tools.build.apkzlib.zip.ZFile.close(ZFile.java:1207)
at com.android.tools.build.apkzlib.zfile.ApkZFileCreator.close(ApkZFileCreator.java:174)
at com.google.common.io.Closer.close(Closer.java:216)
at com.android.builder.internal.packaging.IncrementalPackager.close(IncrementalPackager.java:332)
at com.android.build.gradle.tasks.PackageAndroidArtifact.doTask(PackageAndroidArtifact.java:704)
at com.android.build.gradle.tasks.PackageAndroidArtifact.splitFullAction(PackageAndroidArtifact.java:515)
at com.android.build.gradle.tasks.PackageAndroidArtifact.lambda$doFullTaskAction$3(PackageAndroidArtifact.java:396)
at com.android.build.gradle.internal.scope.BuildElements$ExecutorBasedScheduler$transform$$inlined$forEach$lambda$1.call(BuildElements.kt:121)
at com.android.build.gradle.internal.scope.BuildElements$ExecutorBasedScheduler$transform$$inlined$forEach$lambda$1.call(BuildElements.kt:110)
at java.util.concurrent.ForkJoinTask$AdaptedCallable.exec(ForkJoinTask.java:1424)
at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289)
at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1056)
at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1692)
at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:157)
Caused by: java.security.InvalidKeyException: Failed to sign using signer "CERT"
at com.android.apksig.internal.apk.v1.V1SchemeSigner.signManifest(V1SchemeSigner.java:295)
at com.android.apksig.internal.apk.v1.V1SchemeSigner.sign(V1SchemeSigner.java:256)
at com.android.apksig.DefaultApkSignerEngine.outputJarEntries(DefaultApkSignerEngine.java:424)
at com.android.tools.build.apkzlib.sign.SigningExtension.onOutputZipReadyForUpdate(SigningExtension.java:290)
... 18 more
Caused by: java.security.InvalidKeyException: Failed to sign using SHA1withDSA
at com.android.apksig.internal.apk.v1.V1SchemeSigner.generateSignatureBlock(V1SchemeSigner.java:519)
at com.android.apksig.internal.apk.v1.V1SchemeSigner.signManifest(V1SchemeSigner.java:293)
... 21 more
Caused by: java.security.InvalidKeyException: The security strength of SHA-1 digest algorithm is not sufficient for this key size
at sun.security.provider.DSA.checkKey(DSA.java:104)
at sun.security.provider.DSA.engineInitSign(DSA.java:136)
at java.security.Signature$Delegate.init(Signature.java:1152)
at java.security.Signature$Delegate.chooseProvider(Signature.java:1112)
at java.security.Signature$Delegate.engineInitSign(Signature.java:1176)
at java.security.Signature.initSign(Signature.java:527)
at com.android.apksig.internal.apk.v1.V1SchemeSigner.generateSignatureBlock(V1SchemeSigner.java:515)
Followed other questions on the forum but nothing worked. Please help.
Android Studio Version - 3.2.1
Edit- Changing the minSdkVersion from 18 to 21 fixed the issue. But not able to figure out the real reason behind this.
The error message means, that the key likely has 1024 bits strength, because it had been generated with any JDK version before JDK 8u151 - while at least 2048 bits key-strength are being expected:
The security strength of SHA-1 digest algorithm is not sufficient for this key size.
The reason behind this is, that the default key-size had changed from 1024 to 2048 bits with JDK 8u151. This change can also be found in the JRE/JDK crypto roadmap at datecode 2017-10-17:
Upgraded the jarsigner and keytool ‑sigalg default to SHA256withDSA and the ‑keysize default to 2048 for DSA keys.
The "Reverting Instructions" would be (which do not really apply for signage with Android Studio):
To use a different algorithm and/or smaller key size use the ‑sigalg and ‑keysize options of keytool and jarsigner to override the current defaults. Before this change the default values were SHA1withDSA and 1024 bits.
For an APK, it is recommend to use the apksigner instead of the jarsigner - and there meanwhile is a APK Signature Scheme v3 (these are backwards compatible - therefore it is save not to use v1).
Generating a new key with at least 2048 bits strength should permit the v1 (jar) signing. Downgrading the JDK would also be a feasible workaround (while I'd rather not suggest that).
If you've already published this key to Google Play, the best option available might be trying to migrate to Google Play App Signing (the release key would be downgraded to an upload key).
The bottom line is, that most likely your system-wide installed version of the JDK is much older than the OpenJDK bundled with the current version of Android Studio - and so you can generate as many new keys as you want, but they won't meet the minimum security requirements. Updating the system-wide installed version of the JDK should enable you to generate keys with sufficient strength; run java -version, to see what you are even using to generate keys with an insufficient strength.
or simply use the ... /android-studio/jre/jre/bin/keytool to generate them.
Generating the keystore with keysize length 2048 worked for me.
keytool -genkey -v -keystore ~/.android/debug.keystore -storepass android -alias androiddebugkey -keypass android -keyalg RSA -keysize 2048 -validity 10000
This may be caused by a wrong format of icons, there is an issue tracked here: https://issuetracker.google.com/issues/63885809
Run below command to see the resources that are in problem
./gradlew assemble --stacktrace
Find the logs like below:
Error:org.gradle.tooling.BuildException: Failed to generate v1 signature Error:java.io.IOException: Failed to generate v1 signature Error:com.android.apksig.apk.ApkFormatException: Unsupported character xxxx in ZIP entry name "xxxx/xxx?"
Try to delete the file or replace with a new one.

How to reuse an android key to release application

I created a key for my application on my laptop and released my application. Now I just copied that key into a flash and now I want to reuse it again, But I get this error:
Error:Execution failed for task ':app:packageRelease'.
> com.android.ide.common.signing.KeytoolException: Failed to read key key0 from store "E:\Rasad\Key\RasadKey.jks": Keystore was tampered with, or password was incorrect
I just test this path again with a new key and it happened again!
What is the problem?
Thankyou for your answers.
Copy the ".jks" file and enter the same password you have used before. When generating signed apk, choose existing instead of new. Hope it helps
It's very likely that you have provided either the wrong key store password, or the wrong key password. There's an easy way to check with keytool:
Check android keystore keypass for correctness

Android keystore cannot resolve key

i was generating update for my app but got this error
Error:Execution failed for task ':app:packageRelease'.
com.android.ide.common.signing.KeytoolException: Failed to read key brainstudio_talkingbattery from store "C:\Users\hamza\Desktop\brainstudio_talkingBattery.jks": Cannot recover key
i read almost all the related issues but did'nt find any solution.
I am sure my keystore password is correct as i got detail of key from this command
keytool -list -v -keystore brainstudio_talkingBattery.jks
plus my keystore password and key password are same
i am totally stuck into it, please help

Failed to read key hailun_logistics from store "/Users/yangshin/Documents/hailun_logisticskey.jks"

I'm trying to generate signed APK, but I'm getting this error message.
Log:
Error:Execution failed for task ':haiLunLogisticsAndroid:packageRelease'.
Failed to read key hailun_logistics from store "/Users/yangshin/Documents/hailun_logisticskey.jks": Keystore was tampered with, or password was incorrect
Could somebody point me to why it failed?
Normal Password Errors...?
Key Store file located where permission to access is denied to IDE. (Run IDE as admin)
Mismatch Letters
Caps Lock
If all this fails, create a new .jks keystore file and set keystore password and alias password to be same. Simpler to remember.

Error with keystore : Parse Generalized time, invalid format

I get the following error when I to use my keystore :
$ keytool -list -keystore instavert.keystore
keytool error : java.security.cert.CertificateParsingException: java.io.IOException: Parse Generalized time, invalid format
I searched on Google and SO, but none of the solution worked...
Did anyone ever experienced the same issue?
You get this exception when you specified too big value for validity. Keytool does not do a great job on input validation when creating the keys and then it is not able to read the generated keystore. It is better to keep a backup from the keystore.

Categories

Resources