I have finished developing an android application and decided to signed it with a keystore.
I have no problem for this process, but I do have a question regarding the keystore's password. I'm creating the keystore from eclipse, at Keystore selection window, i chosed to create new keystore. After i pressed next, under the Key Creation window, im required to key in details for the keystore ; alias, validity, password etc.
What i wanted to ask is, is there any difference between the password field in the Key Creation windows and the Keystore selection windows? I tried putting in same passwords for both and it works fine for me. Can i chose to put in different password? Does it affect anything for that particular keystore? Hopefully anyone could provide me an insight for this.
Keystores hold many keys. Whereas your key is a single item contained in the keystore. They can have the same password, but that compromises your keystore if your key's password is leaked somehow. I would recommend having the keystore and key password differ.
So yes, the password fields are for two separate things because you are creating two separate items, and following good password practices, they should each have two separate passwords.
Related
I'm trying to publish an update to an Android app that was originally published to the store back in 2014. I still have the Keystore file, but none of the development environment (e.g. Eclipse).
I originally thought I forgot the Keystore password, but then remembered that that password was empty. But yet, Android Studio won't let me use a Keystore with an empty password. So I needed to do a good bit of research to find information on how I could change this... I finally came across https://www.c-sharpcorner.com/blogs/forgot-keystore-passwordjks-file-you-can-still-recover-it which gave an example of changing from a blank password.
Once I changed this password, I was then able to get past the 'Password verification failed' message I was receiving when generating a signed app bundle through Android Studio.
The problem is now that I received the 'Cannot recover key' message when generating a signed app bundle. Doing research, this seems to be when the alias key password has been input incorrectly. I was nearly positive that I was using the correct password (the same one that I changed the Keystore password above to) but yet it won't let me. Is there any way to overcome this? As I said above, I don't have access to the gradle or logs from the development environment... and I really don't want to have to upload a new app to the store.
Any help would be greatly appreciated.
I would suggest you try opening both keystore files you have (the one with empty password and the one with the password) with Keystore Explorer.
Note that there are two sets of passwords usually with a '*.jks' file format keystore, one for the keystore having your keys or aliases, and another for unlocking a key or an alias inside the keystore, they can be different and you need to have both when signing. So also try unlocking the key or the alias in the keystore by right clicking on it and selecting "unlock" inside Keystore Expolrer.
Getting the right passwords will then let you make amends such as re-setting the password of the keystore, re-setting the password of a key or alias, or even create a new keystore completely and copy the key or alias into it, just make sure to save a copy with backups every step of the way so not to lose your key(s).
I need to upload my own new second Android application in playstore. I know it is possible to use same keystore file. But I don't have idea to use same alias or different alias need to generate for second application for playstore.
Keystore is just container holding your keys (like jar for cookies), so from technical point of view is completely irrelevant if you keep all your keys in single keystore or you have them splited among many (you can even have separated keystore file for each key - nothing prevents that).
Alias is also irrelevant - it's just "human friendly name" for your key, just for your convenience. It also makes no difference technically, however you cannot have more than one keys using the same alias in given keystore:
KeyStore Aliases
All keystore entries (key and trusted certificate
entries) are accessed via unique aliases.
http://docs.oracle.com/javase/7/docs/technotes/tools/solaris/keytool.html
However you can use the same alias in different keystores w/o any problems.
NOTE: You can technically sign all your apps with the same key but this is strongly discouraged. You should create separate key for each released app - that will make your life much easier when i.e. you will decide to sell your project for instance.
Yes You can use same keystore to upload different apps, if all the apps belongs to you or your firm.
I'm using Android Studio to create a new signing key for my application. In the creation wizard, we are prompted for a key store password, and then a separate Key password.
This post explains the difference between the two pretty well:
Android keystore password field
So two parts to the question:
Why would you want to put multiple keys into a single key store, practically, for android development? My thinking is that if I were to create more applications, I would create a new keystore for each.
In this case, using the same password for both keystore and key is fine? Is that right?
Thank you
To contradict the previous respondent:
1) Normally you would want only one private key for all your apps. A private key is a reference to an author, not an application. You don't need a new private key, or a new keystore for each app in a normal course of action.
2) Your link pretty much answers your question: it's a good practice to have all your passwords different, the decision of following or not following it is up to you.
And the official link to support my ideas.
Yes the keystore holds many keys that are used for publishing multiple apps. One circumstance where you would have a multiple keys in a keystore is if you want to provide different flavours of your app (e.g. Free version, Paid version, etc...).
With regards to your second question, you can have the same password for them but that would be a security risk since you could have a key compromised affecting all the other keys on your keystore.
I want to publish a new version of application, but I dont remember my passwords to keyStore.
I have my keyStore file and I try to retrieve password by java scripts for brute attack, but my password is too strong and had a lot of chars, that this is wrong way how to retrieve it..
I have my application in eclipse too.
Is some good way, how to easy get key Store password from old .apk file, or key store, or eclipse?
Thx a lot.
No, You can't do Anything,
simple You have to Resubmit Your App , i.e new APK Signed with new Keystore.
**Backup all your keystore and KeyStore-Passwords
but their is way as suggested in this post, but i never tried.
please check it
https://code.google.com/p/android-keystore-password-recover/
No, if there were a simple way to bypass the keystore's password that would be a big security bug.
Also you can not retrieve the private key used to sign an apk, nor the keystore password from the apk itself as it does not include them.
If you have lost your keystore or password, then there is no chance of getting it back. The best option is to resubmit the app.
Always store your keystore safely .Mail it to yourself thats the best way you can get back your keystore or its password.
I'm running into a strange error - I'm exporting an Android application in Eclipse using a keystore I had previously created and used. Now when I try to export a different application using the existing keystore, I'm unable to enter the second password. Any idea why?
You mean, the key password (as opposed to the keystore)? Then you've probably mistyped the keystore password.
If you mean that the second password box on the keystore password screen is greyed out, that's by design. The same screen is used to create a new keystore with a password and open an existing one (providing a password). You only need two copies in password creation scenario.