I received a keystore file from a customer which I am supposed to use to sign an APK that is going to replace/update an existing APK on the play store.
Unfortunately I get the following error:
jarsigner: Certificate chain not found for: alias_name. alias_name must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.
When I try to sign the same APK with a different, self-generated keystore, this works fine, so I figured there must be something missing in the keystore.
Keystore-Typ: JKS
Keystore-Provider: SUN
Keystore enthält 1 Eintrag
Aliasname: alias_name
Erstellungsdatum: 19.05.2015
Eintragstyp: PrivateKeyEntry
Zertifikatskettenlänge: 1
Zertifikat[1]:
Eigentümer: (redacted)
Aussteller: (redacted)
Seriennummer: 5152a7xx
Gültig von: Wed Mar 27 09:00:32 CET 2013 bis: Sun Aug 12 10:00:32 CEST 2040
Zertifikat-Fingerprints:
MD5: (bla)
SHA1: (bla)
SHA256: (bla)
Signaturalgorithmusname: SHA1withRSA
Version: 3
*******************************************
*******************************************
When I compare this to a different keystore file, I notice there is an "Extension" missing. What is it, and how do I go about fixing this? Is the file incomplete that I got from my customer?
When I import the .p12 file into my Mac OS X keychain, I can see a private key called alias_name and a certificate; although there is no "certificate chain" or anything.
I tried the following command:
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore data_dirs/ff.keystore /path/to/QtApp-release-unsigned.apk alias_name
jarsigner: Certificate chain not found for: alias_name. alias_name must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.
When you create a keystore, you also create an alias in that keystore with an appropriate password. I assume "alias_name" isnt the name of that alias. You need to ask your client for that name and password to sign the apk with that alias and keystore.
Related
I get the title and the text below when I try and fail to build an .aab file using flutter build appbundle:
java.util.concurrent.ExecutionException: java.lang.RuntimeException: jarsignerfailed with exit code 1 :
jarsigner: Certificate chain not found for: keystore. keystore must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.
I had to reset my signing key. The google developer support had me generate a new .jks file with the following command line which I ran from within my project folder:
keytool -genkeypair -alias upload -keyalg RSA -keysize 2048 -validity 9125 -keystore keystore.jks
He then instructed me to convert this file into a .pem file using this command:
keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jks
I then emailed him the upload_certificate.pem file. I immediately noticed that the keystore.jks file was red in the sidebar and I get this upon clicking on it:
"The file 'keystore.jks' is not associated with any file type. Please define the association:"
The .pem file is also red, but clicking on it shows the text that makes up the key.
Do I need to reset the signing key again and do something different? Is there a way to fix the issue causing this error?
As dumb as this may sound, I spent 24 hours on this and all I had to was enter flutter clean
You have keyAlias=keystore in your key.properties while it looks like the alias you created is named upload (see in your keytool export command).
Repleace with keyAlias=upload and that should work if your password is correct.
I'm automating some things that involve the android keytool and jarsigner. The tool takes a keystore, the password for the keystore, the alias name, and the password for the alias / key, and I'm trying to find a way to explicitly check to see if the supplied password for the alias / key is correct.
Any ideas? Also, I need to check it without a jar file to sign - getting that file in my context is lengthy, so I want to abort sooner rather than later.
You can also check if the password is correct without attempting to change the password. I did it by listing the properties of the keystore with this command:
keytool -list -keystore <keystorefile> -storepass <passwordtocheck>
You can do it a couple of ways:
A. With keytool
If you run the command keytool -keypasswd -keystore <keystore> -alias <alias> -storepass <storepass> -keypass <keypass> -new <keypass> then you will get the error Keystore was tampered with, or password was incorrect if the keystore password is wrong, or the error Cannot recover key if the alias password is wrong. Unfortunately the return code is 1 in both cases, so you will need to do parsing of the program's output if you want to be smart about the type of error.
B. With a small Java program
Something along these lines:
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
try (FileInputStream fis = new FileInputStream(keystore)) {
ks.load(fis, ksPw.toCharArray());
}
ks.getEntry(alias, new KeyStore.PasswordProtection(aliasPw.toCharArray()));
will fail at line 4 with a java.io.IOException if the key store password is wrong, or with a java.security.UnrecoverableKeyException at line 7 if the alias password is wrong.
I'm having some problems packaging an app because the jarsigner keeps telling me this:
jarsigner: Certificate chain not found for: MyApp. MyApp must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.
I generated the keystore using the command:
keytool -genkey -keystore myAppKeystore.keystore -alias myApp
then filled in the rest of the information as it prompted.
When I checked the app using this command I found:
keytool -keystore myAppKeystore.keystore -list -v
It said something like this, and it seems to only say private key:
Alias name: myApp
Creation date: 06-Sep-2012
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: ......etc
I'm sure it will be something really obvious, but what am I missing? I was under the impression the previous command created a keypair? Not just the private key.
Thanks!
You need to get a public key certificate. You can use keytool to generate certificate requests to a certificate authority and import certificate replies. Perhaps all you need is a self-signed certificate.
You need to generate a certificate for the key pair, with 'keytool -selfcert ...'. Better still, generate a CSR and get your CA to issue a code signing certificate.
I'm here signed my Map application with release key with the help of this link
http://developer.android.com/guide/publishing/app-signing.html#cert
after generating debuging key next step is to generate Release map key by signing with the Certificate. i'm doing these steps which works fine but in end jarsigner is unable to find my NooYawk.apk file.
what should i do further.
admins-Mac-mini:.android David$ keytool -genkey -v -keystore
fureleasekey.keystore -alias fashion -keyalg RSA -keysize 2048
-validity 10000
Next is:-
admins-Mac-mini:~ David$ keytool -genkey -v -keystore
maprelease.keystore -alias maps -keyalg RSA -keysize 2048 -validity
10000 Enter keystore password: Re-enter new password: What is your
first and last name? [Unknown]: m What is the name of your
organizational unit? [Unknown]: h What is the name of your
organization? [Unknown]: k What is the name of your City or
Locality? [Unknown]: le What is the name of your State or Province?
[Unknown]: we What is the two-letter country code for this unit?
[Unknown]: sd Is CN=m, OU=h, O=k, L=le, ST=we, C=sd correct? [no]:
yes
Next is:-
Generating 2,048 bit RSA key pair and self-signed certificate
(SHA1withRSA) with a validity of 10,000 days for: CN=m, OU=h, O=k,
L=le, ST=we, C=sd Enter key password for (RETURN if same as
keystore password): Re-enter new password: [Storing
maprelease.keystore]
Next is:-
admins-Mac-mini:~ David$ jarsigner -verbose -sigalg MD5withRSA
-digestalg SHA1 -keystore maprelease.keystore NooYawk.apk maps Enter Passphrase for
keystore: jarsigner: unable to open jar file:
NooYawk.apk
Thanks in advance.
Unless NooYawk.apk is in your current working directory, you need to supply a full path to the APK file.
Cut the Keystore file from android folder to build-->outputs-->apk and paste it, then run the jarsigner command
You need to provide a complete path to the directory of your apk file i.e /USER/DEVELOP/PATH_TO_APK (on a mac osx)
One experience I had is I needed to run jarsigner in the same folder where not just the .apk file but also the related .ap_ and .apk.d files etc were present. So I copied the keystore to the bin output folder and ran jarsigner in that folder. Then things worked.
You should try running the command in your apk path. Copy the unsigned keystore file to the apk path first.
I want to sign Android app with the same certificate used for the desktop app. I have 3 files - .cer, .p12 and .pfx. Is it possible to use any of those for signing Android app?
Update: I have successfully imported the .cer key (which appears to be X.509-format certificate) into the newly created keystore, but I can't use it for signing. Here's the error message jarsigner gives me:
Certificate chain not found for: [alias]. key must reference a valid
KeyStore key entry containing a private key and corresponding public
key certificate chain.
Perhaps, there's something else I must do with a keystore after importing the certificate to make it valid? Generate a public key or something?
Did you create the keystore with -validity then this issue will appear, remove the -validity. It will work.
keytool -importkeystore -srckeystore certificate/xxxxx.pfx -srcstoretype pkcs12 -destkeystore certificate/xxxxx.keystore -deststoretype JKS **-validity 36500**
Change to
keytool -importkeystore -srckeystore certificate/xxxxx.pfx -srcstoretype pkcs12 -destkeystore certificate/xxxxx.keystore -deststoretype JKS
I had this issue it got sorted because of trying to add validity to a pfx which has valid expiry date.