When uploading a new apk to the play store after exporting an app from Android Studio, I was given this error message
http://i.stack.imgur.com/B03sJ.png
When I verified the SHA1 on the keystore it seems to match the necessary SHA1
http://i.stack.imgur.com/hgQf1.jpg
I then extracted the CERT.RSA file from the META-INF folder in the APK.
When running the following keytool command on the CERT.RSA (that was given to me by google developer console support) it equaled the invalid fingerprint (89:92...)
$ keytool -printcert -file CERT.RSA
Why does the fingerprint differ from the keystore and the apk?
I managed a workaround for this issue by manually signing the apk. It seems to be an issue with android studio in correlation with my keystore.
Related
Trying to upload an update in Huawei App Gallery I have created the .zip required for "App Signing":
java -jar pepk.jar --keystore jorgesyskeystore.jks --alias
jorgesysioana --output=output.zip
--encryptionkey=1234567892224EE22B45D19B23DB91BA9F52DE0A06513E03A5821409B34976FDEED6E0A47DBA48CC249DD93734A6C5D9A0F43461F9E140F278A5D2860846C2CA3B434AC65D
--include-cert
The .zip created, contains the required files certificate.pem and encryptedPrivateKey:
But now I get the message, when I try to upload the .zip file:
"The app signature key information is different from that of the app version uploaded earlier. Please upload a valid key file"
The Keystore used to sign this version is the same of later versions.
How could I fix this problem?
The app signature key information is different from that of the app
version uploaded earlier. Please upload a valid key file
The error prompts are very clear. That is, the signature of the signature certificate uploaded by you is different from the signature of the released app, please check again.
It is possible that the encryption key you use is a Google command, not provided by Huawei. You need to strictly follow the Huawei following command:
java -jar pepk.jar --keystore test.jks --alias test --output=output.zip --encryptionkey=034200041E224EE22B45D19B23DB91BA9F52DE0A06513E03A5821409B34976FDEED6E0A47DBA48CC249DD93734A6C5D9A0F43461F9E140F278A5D2860846C2CF5D2C3C02 --include-cert
For details, pls follow this docs.
Other than the info. included in the other answer. You can also use Java keytool to print the public key and compare it to see if there is any difference.
You can refer to this post: How to print the public key of a certificate using keytool?
Or this might help: http://developer.android.com/reference/android/content/pm/PackageManager.html
First, unzip the APK and extract the file /META-INF/ANDROID_.RSA (this file may also be CERT.RSA, but there should only be one .RSA file).
Then issue this command:
keytool -printcert -file ANDROID_.RSA You will get certificate fingerprints like this:
MD5: B3:4F:BE:07:AA:78:24:DC:CA:92:36:FF:AE:8C:17:DBSHA1: 16:59:E7:E3:0C:AA:7A:0D:F2:0D:05:20:12:A8:85:0B:32:C5:4F:68 Signature algorithm name: SHA1withRSA Then use the keytool again to print out all the aliases of your signing keystore:
keytool -list -keystore my-signing-key.keystore You will get a list of aliases and their certificate fingerprint:
android_key, Jan 23, 2010, PrivateKeyEntry, Certificate fingerprint (MD5): B3:4F:BE:07:AA:78:24:DC:CA:92:36:FF:AE:8C:17:DB Voila! we can now determined the apk has been signed with this keystore, and with the alias 'android_key'.
I'm making an Android app using Expo. I download the upload certificate from Google Play Console. It's a .der file. I run:
keytool -importcert -file certificate.der -alias someAlias -keystore some.keystore
This creates a .keystore file of type .jks with 3 certificate fingerprints. The one which Google Play Console looks at during upload is the SHA1 fingerprint, which has 19 pairs of values such as 01:02:A1...
Using either expo build:android -t apk -c or expo build:android -t app-bundle -c to reset my keys and build an .apk or .aap, respectively, upon uploading to the Google Play Console, I receive an error that I haven't used the right key.
I get these errors:
.Apk error: You uploaded an APK that is not signed with the upload certificate. You must use the same certificate. The upload certificate has fingerprint: SHA1: 01:02:A1... - The fingerprint of my newly created .keystore according to keytool -list -v -keystore some.keystore; the error goes on to say - and the certificate used to sign the APK you uploaded has fingerprint:
SHA1: 98:97:96:... - an entirely different fingerprint.
.Aap error: Your Android App Bundle is signed with the wrong key. Ensure that your App Bundle is signed with the correct signing key and try again: SHA1: 55:66:77... - another completely different value.
I used the upload .der for the .apk version app build and the app signing .der for the .aap version app build, and both times the Google Play Console read a different value for the SHA1 fingerprint than the value which Keytool read for the same .keystore.
Switching keys, nor re-downloading, nor rebuilding had any affect, and keytool -list
always claim that the .keystore fingerprints match what the Google Play Console is asking for.
Is there something simple I'm missing? Any help appreciated.
I've answered a similar question in detail in How to use upload certificate to release an app update? but in short, you cannot use a certificate to sign an APK or App Bundle: the certificate only contains the public key while you need the private key to sign an APK or App Bundle.
Google does not have the private key so you can't download it from the Play Console. You need to use the same keystore that you used to sign your first APK you uploaded to the console, you cannot create a new one.
If you've lost that keystore, you need to contact the Play developer support and let them know, they'll give you instructions on how to reset it.
I lost my keystore (.jks) file, and I was lucky - I used App signing before.
Therefore, Google was able to help me and reset my key.
But what is the next step with the SHA1 google gave me by mail?
They gave me the instruction for generating an upload_certificate.pem file that I sent them by mail.
And then, Google's answer was:
Good news - I was able to register your new upload key, you would need to update your app to use the new upload key certificate:
SHA1:....
Now I try to upload the APK with the jks file I used to generate the PEM file, also with a newly created jks file. in Google play console I get:
Your Android App Bundle is signed with the wrong key. Ensure that your app bundle is signed with the correct signing key and try again
What is the next step?
Presumably you created a new upload key following the instructions under "Create an upload key". These are roughly:
generate an upload key and store it safely. This gives you a key with alias something like "upload" in a keystore called something like "upload-keystore.jks"
export your certificate in PEM format using a command like $ keytool -export -rfc -keystore upload-keystore.jks -alias upload -file upload_certificate.pem
If this is what you did, then you need to sign your app with the keystore you created in step 1 "upload-keystore.jks" using alias "upload"
The SHA1 they sent you is just a way of confirming you used the right keystore. If you are still using the keystore for the PEM you sent them, then if you print out the certificate keystore from your APK it should match that SHA1.
You can print the SHA1 of the certificate from your signed APK with the command
keytool -list -printcert -jarfile app.apk
This will tell you the SHA1 of the certificate (key/keystore) you have used to sign it.
After I tried everything that came in mind, including "Invalidate cache and restart" in Android studio, the solution that worked was Build->clean.
Thanks to Dave Hubbard's answer
Everybody.
I have a trouble to build signed apk again for upgrading version from 1.0 to 1.1.
Followings are what i did.
First i built an apk by choosing 1) Let Expo handle the process!.
And then uploaded the apk to google store.
Nowdays, i have to upgrade the version, but i don't have any keystore file.
These are what i tried to do.
Downloaded upload_cert.der file from Google store.
Created a keystore file by this command
keytool.exe -importcert -file upload_cert.der -keystore <keystorefile>.keystore
Built an apk by choosing 2) I want to upload my own keystore!
But can't install the apk with an error.
When i run this command keytool -printcert -jarfile <apkname>.apk,
this message appears Not a signed jar file
So Could you everybody let me know please...
Is this really impossible to upgrade apk without original keystore
Or how to create a correct keystore from upload_cert.der file
Thanks.
I am using login with amazon in android. I got all the certificate like(SHA256,MD5 for release mode) and its working fine in release mode but when i publish in Google play store it showing me api key error.
java.lang.IllegalArgumentException: Invalid API Key
Any help is appreciated,thx.
You are using Upload-Cert SHA, You should change your API SHA to Play Store App-Signing SHA.
thanks to # Berat Eyüboğlu now my problem is solved. i just want to add more details. After following all the steps we need to run command(for that java have to install in the system)
keytool -printcert -file your.RSA
after that i got all the certificate that i used for api key.
Steps
go to build Generate Signed Apk (in android studio)
After getting signed apk just rename the APK extension to ZIP if necessary Unzip the APK file and extract CERT.RSA .
run this command in command prompt keytool -printcert -file CERT.RSA. (Keytool is located in the java/jdk/bin in windows) all the certificate like MD5,SHA1,SHA256 display command prompt.Use that details for API key.