I'm getting a releasekey to my app Three months ago. Now I format my computer and when I was sign my app with my releasekey i got the error: java.lang.RunTimeException: keystore load: invalid keystore format.
How I should solve this error?
The command was: jarsigner -verbose -keystore "D:\releasekey.keystore" "D:\myApp.apk" releasekey
I'm using the older keystore (the fisrt one) but I get the error mentioned.
I tried and get this:
java.io.IOException: java.io.IOException: invalid keystore format
at sun.security.provider.javaKeyStore.engineLoad(JavaKeyStore.java:650)
at sun.security.provider.javaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
at java.security.KeyStrore.load(KeyStore.java:1214)
at sun.security.tools.KeyTool.doCommands(KeyTool.java:789)
at sun.security.tools.KeyTool.run(KeyTool.java:340)
at sun.security.tools.KeyTool.main(KeyTool.java:333)
The keystore holds the private encryption key used to sign the app - rerunning the command would generate a totally different key (the password just protects the file holding it - it does not have a directly relationship with the encryption key itself) - You can NOT recover/rebuild it if you lost the keystore file.
If you lost it then your users would have to uninstall the existing app completely before they can install your new version - and they will loose any data saved in the app when they uninstall it (no way around this, it's a security feature in android)
Worse then that - android play store isn't going to let you upload your new version because they aren't encoded using the same key as the old version - you'll need to release the new version under a Different package name - That means your existing users can't even upgrade automatically (they have to find the new version) - and you have no way of even telling them that they need to upgrade (you can't upload a new version of the old app...)
You gotta find that keystore file in your backups or try to recover the data from the disk - hopefully you did a 'quick' format - in which case a good data recovery service Might be able to get it back if your OS hasn't over-written it yet.
Goodluck!
Related
I've been building release versions of my app for months, and now all of a sudden I get this error.
Failed to read key ******** from store ***** Get Key Failed. Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
This is beyond frustrating.
What I've done so far
Read every post on this error and tried every solution
Verified my passwords are correct
Checked and unchecked "save passwords"
Verified my keystore location is correct
If you get error like block not properly padded, bad key or PKCS12 when signing the App Bundle or APK, try using the same password for the key and the keystore file, it works for me.
Recently, Android Studio started to show a message: "Warning: Different store and key passwords not supported for PKCS12 KeyStores. Ignoring user-specified -keypass value. in Android Studio" - so, first of all, store and key passwords should be the same, like other people said.
Besides, after getting this error even using the same password, I realized that we can't use characters like # or $ on the passwords.
Just Remove space from folder name ,where your jks file stored
I have published an app at Play Store. Now i made some changes in my application and used the same key store with key alias and key password to generate signed apk with new version. When i tried to update this app, it says that the previous version have different app signature,
here is the list which i have changed in new version
Changed the Launcher activity
Added new activities
added two more receivers
added more use permissions
If you need Manifest of my previous and new version app then i will upload it
This from logcat while updating app
09-11 11:41:13.591 18410-18437/? I/seatbelt: Scan for verification results 'clean' = com.vovoapps.freesms
09-11 11:41:14.391 2730-2913/? I/MSTG: com.vovoapps.freesms is installing..
09-11 11:41:14.451 2730-2913/? W/PackageManager: Package com.vovoapps.freesms signatures do not match the previously installed version; ignoring!
Compare the certificates of both the apk's by using below commands.
keytool -list -printcert -jarfile app.apk
If its not same then you might have missed something
I had exactly the same issue. I kept looking and couldn't solve it. Then finally I found the answer. I searched for all the apk's ever generated by me and then put all of them, one by one, on an online apk signature verifying site.
Fortunately, one of the apk had the same signature as the one displayed on developer console in error. So I went to that apk's folder and took the .jks file and signed my apk with that .jks.
This resolved the issue. I would say that you must have used keys of any of your other app mistakenly instead of the one which are in the project folder. So go and check signatures of all your .jks files and see which ones match the required one.
If I have access to the original keystore used to sign an Android apk is there a way to migrate future versions of the app to use a different keystore, preferably maintaining the ability to develop with ADT as though the second keystore had always been used?
From what I have been able to find out, it looks like we should be able to use jarsigner to sign the first update to the apk file twice with two different keystores. Then in the future any updates can be done with either key, letting the client take over app maintenance completely.
Version Keystore
1.0 A
2.0 A & B
3.0 B
4.0 B
... ...
I would like the client to be able to use ADT to export Version 2.0 apk file signed with Keystore B. When we try that their apk file contains CERT.SF mapped to Keystore B, whereas the Version 1.0 CERT.SF is mapped to Keystore A.
When I try this I still get the error:
An existing package by the same name with a conflicting signature is already installed.
I notice that when an apk is exported, it contains CERT.SF in its META-INF directory. When I sign a second time using jarsigner like this...
jarsigner -keystore /path/to/keystore_b -storepass STOREPASS -keypass KEYPASS ./AndroidApp.apk ALIAS
...the META-INF now also contains ALIAS.SF.
Is this Android upgrade is complaining because of the .SF files? CERT.SF is mapped to two different keys even though ALIAS.SF does contain the key it's looking for.
(Lesson learned: create new keystores for clients as early as possible)
If I have access to the original keystore used to sign an Android apk is there a way to migrate future versions of the app to use a different keystore, preferably maintaining the ability to develop with ADT as though the second keystore had always been used?
Alas, no. It would require modification to Android itself to support this. I did a bit of poking around on this issue last year, in conjunction of one of the researchers who wrote this paper on the subject.
From what I have been able to find out, it looks like we should be able to use jarsigner to sign the first update to the apk file twice with two different keystores
True, but all signatures need to match.
Then in the future any updates can be done with either key, letting the client take over app maintenance completely.
No, because all signatures need to match. This is the change that would be needed in Android. In your example, Version 2.0 will fail because the original app is not signed with B, even though it is signed with A.
Lesson learned: create new keystores for clients as early as possible
Consultants, or anyone else creating apps for others, probably should consider a keystore-per-app approach, or at least keystore-per-client, as you suggest.
when I updated my android app i got the following error message:
Re-installation failed due to different application signatures.
You must perform a full uninstall of the application. WARNING: This will remove the application data!
Please execute 'adb **' in a shell.
Launch canceled!
I personally got no problems with that but my question now is ... if I export the apk with the same keystore I used for previous updates. Is the app update a simple download for my users ?
Or will they have any problems with it ?
Btw: I didnt format my computer or changed anything about my eclipse folder or my folder where I save my keystore etc.
Thanks in advance!
Greets
Is the app update a simple download for my users ?
Only if it was signed by the same production signing key as you used originally, which would not appear to be the case here.
I didnt format my computer or changed anything about my eclipse folder or my folder where I save my keystore etc.
Despite that, you attempted to update an APK with one signed by a different signing key (e.g., debug vs. production). Use jarsigner -verify -verbose -certs ..., where ... is the path to your APK, to dump signing information, so you can compare your old APK to your new one.
I have uploaded an app back in January to Android Martket and I had to reformat my computer, so I backed up all the files including the Keystore and the key. The bad news is the Keystore was corrupted and cannot work for me in order to release an update.The message that I get is: invalid keystore format android. I still have the same pc that created the original Keystore.
Is there a way to replicate the first Keystore?
All you can do is to try some file restore utilities like GetDataBack in order to try to restore the keystore. No other way exists: without valid keystore you can only generate new one and release an another application.
No there is no way to regenerate the same keystore .So, you cant update the current version of the .
What you can do is just create a new keystore and launch a complete new version for the app in the market.