apksigner not accepting password

android apk sign
Noel De Martin picture Noel De Martin · Nov 17, 2016 · Viewed 10k times · Source

Up until now I had been signing my apks with the following method:

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore {keystore-file} {apk-file} {keystore-alias}

However I am trying to use the new apksigner tool and I cannot get it to work since it always tells me the password is invalid. Which is impossible because I have done it multiple times, with the jarsigner works and with the apksigner doesn't. The commands I have tried are the following:

apksigner sign --ks {keystore-file} {apk-file}

apksigner sign --ks {keystore-file} --ks-key-alias {keystore-alias} {apk-file}

Now the weirdest part comes when I created a new keystore to test this, and with this new keystore it's working. So I don't understand what is the difference. Here's the information obtained from calling "keytool -v -list -keystore {keystore-file}" on both.

Production keystore (I have removed some text in case this is dangerous):

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: {keystore-alias}
Creation date: Apr 4, 2016
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN={removed-text}, OU={removed-text}, O={removed-text}, L=Unknown, ST=Unknown, C=Unknown
Issuer: CN={removed-text}, OU={removed-text}, O={removed-text}, L=Unknown, ST=Unknown, C=Unknown
Serial number: {removed-text}
Valid from: Mon Apr 04 12:39:50 CEST 2016 until: Fri Aug 21 12:39:50 CEST 2043
Certificate fingerprints:
     MD5:  {removed-text}
     SHA1: {removed-text}
     SHA256: {removed-text}
     Signature algorithm name: SHA256withRSA
     Version: 3

Extensions: 

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: {removed-text}
0010: {removed-text} {removed-text}                                        ....
]
]



*******************************************
*******************************************

New test keystore:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: app
Creation date: Nov 17, 2016
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Foobar, OU=Foobar, O=foobar, L=Unknown, ST=Unknown, C=Unknown
Issuer: CN=Foobar, OU=Foobar, O=foobar, L=Unknown, ST=Unknown, C=Unknown
Serial number: 448c7afc
Valid from: Thu Nov 17 11:40:26 CET 2016 until: Mon Apr 04 12:40:26 CEST 2044
Certificate fingerprints:
     MD5:  3E:29:C0:3C:30:B4:DC:E0:A5:94:1D:2E:E9:86:58:CA
     SHA1: 3D:09:B4:42:A2:7C:14:C7:3E:54:33:0E:AB:75:2E:F1:19:23:00:FA
     SHA256: 7F:E0:51:F1:6A:53:45:56:42:B9:F9:38:92:69:81:7A:DA:71:FF:44:51:15:7F:F9:B4:1C:AA:2B:53:4A:89:72
     Signature algorithm name: SHA256withRSA
     Version: 3

Extensions: 

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: BC 1B E6 C4 6D 25 01 70   CA AC 81 34 81 4B AE 41  ....m%.p...4.K.A
0010: 10 DF D8 13                                        ....
]
]



*******************************************
*******************************************

Answer

max picture max · Dec 5, 2017

use it this way 

./apksigner sign --ks test.jks --ks-key-alias test --ks-pass pass:testtest --key-pass pass:testtest Test_Aligned.apk

Related questions

Resign apk with different keystore

Currently I'm getting the apk signed with the private keystore file but I want to sign that apk with different keystore file. How can I resign that apk..?

Read More
SignAPK - PEM file AND PK8 file

What is PEM file & Pk8 file . Where can i find these for android apk. I need to use this to sign apk manually through SignApk.jar. java -jar SignApk.jar certificate.pem key.pk8 PlatformOne.apk pf1.apk This …

Read More
Why should I sign my apk before releasing to PlayStore?

What exactly is the importance of signing an apk before releasing to the market?

Read More