Error with keystore : Parse Generalized time, invalid format - android

I get the following error when I to use my keystore :
$ keytool -list -keystore instavert.keystore
keytool error : java.security.cert.CertificateParsingException: java.io.IOException: Parse Generalized time, invalid format
I searched on Google and SO, but none of the solution worked...
Did anyone ever experienced the same issue?

You get this exception when you specified too big value for validity. Keytool does not do a great job on input validation when creating the keys and then it is not able to read the generated keystore. It is better to keep a backup from the keystore.

Related

Android- App has been signed with an insecure key size [duplicate]

I am facing this problem while building the project. Below is the stacktrace. I created a new keystore file for release key but didn't work.
Caused by: java.io.IOException: Failed to generate v1 signature
at com.android.tools.build.apkzlib.sign.SigningExtension.onOutputZipReadyForUpdate(SigningExtension.java:292)
at com.android.tools.build.apkzlib.sign.SigningExtension.access$200(SigningExtension.java:53)
at com.android.tools.build.apkzlib.sign.SigningExtension$1.lambda$beforeUpdate$2(SigningExtension.java:171)
at com.android.tools.build.apkzlib.zip.ZFile.notify(ZFile.java:2154)
at com.android.tools.build.apkzlib.zip.ZFile.update(ZFile.java:923)
at com.android.tools.build.apkzlib.zip.ZFile.close(ZFile.java:1207)
at com.android.tools.build.apkzlib.zfile.ApkZFileCreator.close(ApkZFileCreator.java:174)
at com.google.common.io.Closer.close(Closer.java:216)
at com.android.builder.internal.packaging.IncrementalPackager.close(IncrementalPackager.java:332)
at com.android.build.gradle.tasks.PackageAndroidArtifact.doTask(PackageAndroidArtifact.java:704)
at com.android.build.gradle.tasks.PackageAndroidArtifact.splitFullAction(PackageAndroidArtifact.java:515)
at com.android.build.gradle.tasks.PackageAndroidArtifact.lambda$doFullTaskAction$3(PackageAndroidArtifact.java:396)
at com.android.build.gradle.internal.scope.BuildElements$ExecutorBasedScheduler$transform$$inlined$forEach$lambda$1.call(BuildElements.kt:121)
at com.android.build.gradle.internal.scope.BuildElements$ExecutorBasedScheduler$transform$$inlined$forEach$lambda$1.call(BuildElements.kt:110)
at java.util.concurrent.ForkJoinTask$AdaptedCallable.exec(ForkJoinTask.java:1424)
at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289)
at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1056)
at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1692)
at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:157)
Caused by: java.security.InvalidKeyException: Failed to sign using signer "CERT"
at com.android.apksig.internal.apk.v1.V1SchemeSigner.signManifest(V1SchemeSigner.java:295)
at com.android.apksig.internal.apk.v1.V1SchemeSigner.sign(V1SchemeSigner.java:256)
at com.android.apksig.DefaultApkSignerEngine.outputJarEntries(DefaultApkSignerEngine.java:424)
at com.android.tools.build.apkzlib.sign.SigningExtension.onOutputZipReadyForUpdate(SigningExtension.java:290)
... 18 more
Caused by: java.security.InvalidKeyException: Failed to sign using SHA1withDSA
at com.android.apksig.internal.apk.v1.V1SchemeSigner.generateSignatureBlock(V1SchemeSigner.java:519)
at com.android.apksig.internal.apk.v1.V1SchemeSigner.signManifest(V1SchemeSigner.java:293)
... 21 more
Caused by: java.security.InvalidKeyException: The security strength of SHA-1 digest algorithm is not sufficient for this key size
at sun.security.provider.DSA.checkKey(DSA.java:104)
at sun.security.provider.DSA.engineInitSign(DSA.java:136)
at java.security.Signature$Delegate.init(Signature.java:1152)
at java.security.Signature$Delegate.chooseProvider(Signature.java:1112)
at java.security.Signature$Delegate.engineInitSign(Signature.java:1176)
at java.security.Signature.initSign(Signature.java:527)
at com.android.apksig.internal.apk.v1.V1SchemeSigner.generateSignatureBlock(V1SchemeSigner.java:515)
Followed other questions on the forum but nothing worked. Please help.
Android Studio Version - 3.2.1
Edit- Changing the minSdkVersion from 18 to 21 fixed the issue. But not able to figure out the real reason behind this.
The error message means, that the key likely has 1024 bits strength, because it had been generated with any JDK version before JDK 8u151 - while at least 2048 bits key-strength are being expected:
The security strength of SHA-1 digest algorithm is not sufficient for this key size.
The reason behind this is, that the default key-size had changed from 1024 to 2048 bits with JDK 8u151. This change can also be found in the JRE/JDK crypto roadmap at datecode 2017-10-17:
Upgraded the jarsigner and keytool ‑sigalg default to SHA256withDSA and the ‑keysize default to 2048 for DSA keys.
The "Reverting Instructions" would be (which do not really apply for signage with Android Studio):
To use a different algorithm and/or smaller key size use the ‑sigalg and ‑keysize options of keytool and jarsigner to override the current defaults. Before this change the default values were SHA1withDSA and 1024 bits.
For an APK, it is recommend to use the apksigner instead of the jarsigner - and there meanwhile is a APK Signature Scheme v3 (these are backwards compatible - therefore it is save not to use v1).
Generating a new key with at least 2048 bits strength should permit the v1 (jar) signing. Downgrading the JDK would also be a feasible workaround (while I'd rather not suggest that).
If you've already published this key to Google Play, the best option available might be trying to migrate to Google Play App Signing (the release key would be downgraded to an upload key).
The bottom line is, that most likely your system-wide installed version of the JDK is much older than the OpenJDK bundled with the current version of Android Studio - and so you can generate as many new keys as you want, but they won't meet the minimum security requirements. Updating the system-wide installed version of the JDK should enable you to generate keys with sufficient strength; run java -version, to see what you are even using to generate keys with an insufficient strength.
or simply use the ... /android-studio/jre/jre/bin/keytool to generate them.
Generating the keystore with keysize length 2048 worked for me.
keytool -genkey -v -keystore ~/.android/debug.keystore -storepass android -alias androiddebugkey -keypass android -keyalg RSA -keysize 2048 -validity 10000
This may be caused by a wrong format of icons, there is an issue tracked here: https://issuetracker.google.com/issues/63885809
Run below command to see the resources that are in problem
./gradlew assemble --stacktrace
Find the logs like below:
Error:org.gradle.tooling.BuildException: Failed to generate v1 signature Error:java.io.IOException: Failed to generate v1 signature Error:com.android.apksig.apk.ApkFormatException: Unsupported character xxxx in ZIP entry name "xxxx/xxx?"
Try to delete the file or replace with a new one.

Volley library and HTTPS requests

I tried to look for some answers for me here, but I just fail to find anything that solves my problem.
In project I am working on we are going to change our domain. Change is bit tricky - we have to also change connection from HTTP to HTTPS. I've received .crt key (let's say, example.tech.crt - will change all of company name to "example"). After few hours of constant failures I decided to write here.
First of all, I tried using this tutorial http://ogrelab.ikratko.com/using-android-volley-with-self-signed-certificate/ - and it didn't work (I don't even mean that I had to use deprecated Apache libs because of API23). In case this is needed, this is how I created BKS file:
keytool -importcert -v -trustcacerts -file "example.tech.crt" -alias example_tech
-keystore "example_tech.bks" -provider org.bouncycastle.jce.provider.BouncyCastleProvider
-providerpath "bcprov-jdk16-146.jar" -storetype BKS
Then, I tried this approach Does Android Volley support SSL? - the one from best answer (with ignoring domain name check). I still tried to use BKS file - I've got some exceptions about casting errors, so I changed line:
CertificateFactory cf = CertificateFactory.getInstance("X.509");
to
CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");
as suggested somewhere - error still persisted. I tried to use .crt file instead of BKS - I still fail.
Every single time I get same error:
javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException:
SSL handshake aborted: ssl=0x650f83a0: Failure in SSL library, usually a protocol error
error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol
(external/openssl/ssl/s23_clnt.c:714 0x5fda0d74:0x00000000)
I tried to do pretty much same requests using Postman and they work on same address without any problem, so this is not server problem. I tried to use various domains - example.tech, www.example.tech, example.tech:80 and so on (always with https of course).
Below is example curl-like request (of course censored):
curl request: curl -X "POST"
-D "grant_type=password&password=[passwordHere]&username=[emailHere]&"
-H 'Authorization: Basic [tokenHere]
"https://example.tech/oauth/token"
I fail to see what's wrong with my code and I'd be really happy to see what I am doing wrong in here. If there's any more code needed, feel free to ask for it (but 99% of it is like in second link, only with really small changes).
Consider this topic as example of poor comunication. After hours of trying to make this work we made to work:
we are NOT using selfsigned certificates, so adding key to application is terrible idea (since they change each 3 months)
unsupported protocol exception came from older Android APIs (<20 or <21), which are supported in this application. From I do understand (considering my poor knowledge about SSL connections) our site uses TLS, but older Android systems (pre-Lollipop I guess) have this turned off by default. Proper way of fixing this was creating custom TLSSocketFactory and using it in HurlStack used to initialize RequestQueue. After that exception disappeared.

Failed to read key *** from store ***: Cannot recover key

I've go this project, and when i try to generate a signed apk, i get this error:
Failed to read key *** from store ***: Cannot recover key
(the *** is to protect privacy)
I have read multiple answerers on here about this, most of them blame either the password, or the alias. However, i can build an earlier version of the same project, using the same keystore, with the same password and the same alias.
NOTE: The new version only changed the source code, and added some dependencies. The keystore is stored on the machine, separate from the repository.
Why wont it sign?
Any help is greatly appreciated!
I know that topic is old, but I've spotted same issue.
In my case JKS keysore was using proprietary format after migrating to PKCS12 format everything started working fine.
Type this in CMD:
keytool -importkeystore -srckeystore ***.jks -destkeystore ***.jks -deststoretype pkcs12
replace *** with name of your keystore.

Android keystore cannot resolve key

i was generating update for my app but got this error
Error:Execution failed for task ':app:packageRelease'.
com.android.ide.common.signing.KeytoolException: Failed to read key brainstudio_talkingbattery from store "C:\Users\hamza\Desktop\brainstudio_talkingBattery.jks": Cannot recover key
i read almost all the related issues but did'nt find any solution.
I am sure my keystore password is correct as i got detail of key from this command
keytool -list -v -keystore brainstudio_talkingBattery.jks
plus my keystore password and key password are same
i am totally stuck into it, please help

Invalid keystore format

I was given a keystore file along with an username and password and I need to sign the updated application. However, I am getting "keytool error: java.io.IOException: Invalid keystore format" when trying to list the contents of the file, trying to create a new key in the keystore, etc.
I have looked at the similar posts, but none of them helped me.
I am looking forward to hearing a solution. Thanks in advance
It turned out that the file was an RAR archive file that contained the actual keystore.

Categories

Resources