Signing an APK with an upload key provided by Google Play

android google-play apk keytool android-app-signing
Ronald picture Ronald · May 19, 2017 · Viewed 53.1k times · Source

I'm trying to make sense of how to upload an app onto Google Play while using Google Play App Signing.

Here is what I did:

  1. Created an app
  2. Used keytool.exe to generate a key for that app
  3. Uploaded the app to Google Play
  4. Enrolled in the Google Play App Signing
  5. Try to upload the app again without success.

It complains that the certificate is not the certificate

Upload new APK to Production

Upload failed You uploaded an APK that is not signed with the upload certificate. You must use the same certificate. The upload certificate has fingerprint: [ SHA1: 0C:... ] and the certificate used to sign the APK that you uploaded have fingerprint: [ SHA1: 2D:... ]

After searching for a while. I find out how to put the certificated posted on my Google Play console in my keystore. Something like this:

keytool.exe -importcert -file upload.pem -keystore myapp-release-key.keystore

The certificate seems to be in. When I list the contents of the keystore, here's what I get:

keytool.exe -list -keystore trackcoachfull-release-key.keystore Enter keystore password:

Keystore type: JKS Keystore provider: SUN

Your keystore contains 2 entries

myappfull, May 18, 2017, PrivateKeyEntry, Certificate fingerprint (SHA1): 2D:... uploadkey, May 19, 2017, trustedCertEntry, Certificate fingerprint (SHA1): 0C:...

Now, where I'm blocked...

In Android Studio, I try to generate a signed APK with the uploadkey.

Build > Generate Signed APK Select the keystore above Enter the keystore password Select the uploadkey as the key alias I'm force to enter a key password.

Error in Android Studio:

Error:Execution failed for task ':app:packageFullRelease'.

com.android.ide.common.signing.KeytoolException: Failed to read key uploadkey from store "C:\Users\Admin\AndroidStudioProjects\keystores\myappfull-release-key.keystore": trusted certificate entries are not password-protected

My question is this:

How do you generate an APK signed with an upload key provided by Google Play?

Thanks

Answer

Ayaz Aslam picture Ayaz Aslam · Aug 18, 2017

I was able to sign my APK using Upload key provided by Google Play. Here are the steps I followed for a new app:

  1. Create a keystore and add a signing key using Android Studio
  2. Sign the app using the key created in (1)
  3. Upload the APK to Google Play
  4. Download "Upload certificate" from Google Play Console
  5. Add downloaded certificate to the keystore created in step (1) using command keytool.exe -importcert -file upload_cert.der -keystore <keystorefile>
  6. It should prompt that "Certificate already exists in keystore under alias . Do you still want to add it? [no]:"
  7. Type 'y' and press enter
  8. A confirmation message will appear
  9. For subsequent builds sign the app using the same process as in (2)

Important point to note here is that in step (6), the keytool import updates the original certificate with the one downloaded from Google Play.

Related questions

The apk must be signed with the same certificates as the previous version

I had uploaded my app to Google Play (back when it was called Android Market) some time ago. Today I updated the app, but I had deleted the previous keystore and created a new one. When uploading, it says the …

Read More
This version of the application is not configured for billing through Google Play

When I try to run my application with in-app billing I am getting the error: "This version of the application is not configured for billing through Google Play. Check the help center for more information". I have the billing permission …

Read More
How to zip Align APK file in android?

I am uploading my first APK file to google play but I am getting following error. You uploaded an APK that is not zip aligned. You will need to run a zip align tool on your APK and upload it …

Read More