How to create an Android keystore RSA key with infinite validity?

Nicolas Raoul picture Nicolas Raoul · Jan 11, 2013 · Viewed 19.3k times · Source

Here is how Google suggests creating an Android keystore:

keytool -genkey -v -keystore my-release-key.keystore -alias alias_name \
  -keyalg RSA -keysize 2048 -validity 10000

While 10000 days may seem like eternity, 27 years could pass quicker than you think, and RSA might still be in use.
If tweaking a command-line argument now has a 0.01% chance of saving my market share in the future, I am willing to do it.

QUESTION: How to make this validity period as long as possible?

Answer

EJK picture EJK · Jan 11, 2013

You should be able to create a key that will be valid for 292 billion years, if I did the math correctly.

I looked at the source for keytool, http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b14/sun/security/tools/KeyTool.java, and it looks like the validity period is stored in seconds, as a long. The largest value a long can hold 263 - 1 is 9223372036854776000 seconds which equals 106751991167300 days which equals 292,271,023,045 years. There may be other factors that disallow such a large value, but this seems to be the max amount the tool can generate.