App Release Error

[Nii Darko Darkoh]

Hi,
I get the following error when i attempted to upload my app for production on Play Store.
The name i used to package the app in Droidscript is "app.prayerlibrary.key". 

The error follow:

"You uploaded an APK that is not signed with the upload certificate. You must use the same certificate. The upload certificate has fingerprint:SHA1: B7:05:BF:A0:DC:C3:1B:79:35:51:E4:6C:B9:AF:F1:6B:D8:E8:47:CAand the certificate used to sign the APK you uploaded has fingerprint:SHA1: A2:20:37:81:D0:B9:74:AA:BF:59:E5:B2:0D:D5:A1:EC:ED:1C:87:2F

Your APK or Android App Bundle needs to have the package name app.prayerlibrary."

I really need help on this. Thanks in advance guys.

[Nii Darko Darkoh]

Hi guys,
I realized that it could be caused by the user.keystore file.
For a reason the file was lost (I have no backup either). Guys how do I get the original file I used to upload my app on playstore?
Thanks.

[Alan Hendry]

HI,

I believe that even if you create keystore on 

same device & Android & DS & Builder versions etc

It will be different.

I seem to recall a recent(ish) post where a user was asking Google to help.

Worth checking if you saved in email, Google drive, SD card.

Regards, ah

[Dave]

If you can't find the original keystore file, then you will have to ask PlayStore support to allow you to use a new signing key for your uploaded AABs or APKs.

[Nii Darko Darkoh]

Thanks Dave. 

[Nii Darko Darkoh]

Hello guys, 

I go the following reply from Google concerning my keystore file. Please see below.

Hi Developer,

Thanks for contacting Google Play Developer Support.

Now that we’ve verified your account, I’m happy to help you reset the upload key for your app. The new upload key will be used to sign APKs that you upload to Play.

We recommend that you adjust your planning to include a buffer period of 48 hours from when the upload key has been reset before you can use the new upload key. You can learn more about using app signing by Google Play here.

Here’s how to generate and register a new upload key:

1. Follow the instructions in the Android Studio Help Center to generate a new key. It must be different from any previous keys. Alternatively, you can use the following command line to generate a new key:

keytool -genkeypair -alias upload -keyalg RSA -keysize 2048 -validity 9125 -keystore keystore.jks

• This key must be a 2048 bit RSA key and have 25-year validity.

1. Export the certificate for that key to PEM format:

keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jks 

1. Reply to this email and attach the upload_certificate.pem file.

I look forward to your response.

Regards,
Rebecca
Google Play Developer Support

-----------------------

Can someone help me through this. Can I simply use DS to generate the file instead

Of Android studio?

Thanks y'all.

[Dave]

You should be able to export an upload key in .pem format from your new user.keyststore file using the keytool utility (included in java sdk).

Check on StackOverflow for help and look here too - https://developer.android.com/studio/publish/app-signing#generate-key

(user.keystore should be in jks format if you are using recent versions of DS)

[Nii Darko Darkoh]

Hi Dave,
I have generated the .jks and .pem files.
Are they supposed to have the  names   keystore.jks  and upload_certificate.pem 

or what?
I ask because the keystore file name from DS is user.keystore. 

Now having generated these new files in AndroidStudio, how do I fall back to the user.keystore file that compiles along with my apps in DS?
Thanks.        

[Nii Darko Darkoh]

Hi guys,

Kindly see the reply Google Playstore sent back to me concerning

my keystore issue:

Hi Reid,

Thanks for your reply.

Good news - I was able to register a new upload key for your app, app.prayerlibrary. The new key will be usable from: 2022-05-28 19:36:59 UTC 

Make sure to update your keystores in the following locations:

Local machine

Locked on-site server (varying ACLs)

Cloud machine (varying ACLs)

Dedicated secrets management services

(git) repos

Thanks for your patience during this process, and please let me know if you have any other questions.

Regards,

Jhem

----------

Can someone explain what the above means?

Thanks in advance.

Nii.

[Alan Hendry]

 Hi,

Local machine is your phone/tablet where you do the build

The others seem to relate to tools other than ds.

ACL is probably application component library or compatability layer,

Git repos is repository for multiple versions of files.

Regards, ah

[Dave]

Hi,

You should not be using Android studio to generate a new key.  DroidScript generates a new key in the user.keystore file for you (when you delete the old one).

The user.keystore file should be the same as a keystore.jks file, so you should use that file to generate your .pem file.

Since it seems that you have now created a fresh keystore file using Android studio and registered this as your upload key, then you will need to re-sign your DS APKs or AABs with this new key using jarsigner on the command line every time you want to upload your app - 

jarsigner -verbose -sigalg SHA256withRSA -digestalg SHA-256 -keystore ./keystore.jks "MyApp.aab" alias_name -storepass mypass123

(You can put this into a .bat or .sh file to make life simpler)

Alternatively you could generate a .pem file from your user.keystore file and ask Google to use that instead of the one your previously gave them.

[Nii Darko Darkoh]

Hi Dave,

Thanks for the response and the alternative you have presented.

Kindly show me how to generate the new .pem file from

my DS-generated user.keystore file. 

I must say that I won't mind asking Google to use the 

new .pem file previously sent out.

Thank you

Nii.

[Nii Darko Darkoh]

Thank you Alan.

On Friday, May 27, 2022 at 11:20:25 PM UTC+1 hendr...@gmail.com wrote:

[Nii Darko Darkoh]

Hi Dave,

Kindly show me how to generate the new .pem file from my user.keystore file. 

Thanks.

[Nii Darko Darkoh]

So it means -

I can generate the user.keystore file with DS on my phone-

And copy the file from my phone to PC-

And run the command keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jks  

to generate the PEM file? 
-Nii

[Dave]

Yes, but you will need to change the last parameter to user.keyststore  

Make sure that your user.keyststore file was not created by an old version of DS earlier than 2.50... if so, then just rename it and a new one will be created.

[Nii Darko Darkoh]

Thanks Dave.
Kindly confirm the ff before I send to Google please.

1.     Generate the user.keystore file with DS on my phone

2.     Copy the file from my phone to PC

3.     Run the command keytool -export -rfc -alias upload -file upload_certificate.pem -keystore user.keystore

4.     Ask Google (googleplay-dev...@google.com) to use the new PEM file (upload_certificate.pem) instead of the one I previously gave them.

Thanks.
-Nii

[Dave]

That looks right, yes. (although I've never had to do this procedure myself)

[Nii Darko Darkoh]

Hi Dave,

So I did as you confirmed and then opened CMD and pointed into the folder having the user.keystore file.
Then I did the ff:
1. Wrote the ff in CMD  "keytool -export -rfc -alias upload -file upload_certificate.pem -keystore user.keystore"
2. It requested for password but whatever password I enter (Including the correct one) fails
What am I doing wrong please?
Thanks.
-Nii

[Nii Darko Darkoh]

I also noticed that as I type the password, nothing shows on the screen
It that correct behaviour?

-Nii

[Nii Darko Darkoh]

After entering the password and pressing Enter

[Nii Darko Darkoh]

Hello everyone,
Any help yet?

[Dave]

Just to make sure it's simply because you have forgotten your password.... try renaming your user.keystore file to user.keystore_old and creating a new one (by doing a build). Probably best to use the default password for this test which is 'MyPassword' if I recall correctly.

Then try that one with the export process to see if the password works.

[Nii Darko Darkoh]

When I use the ff command, everything works:

keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jks 

but when I change the  keystore.jks to droidscript-generated  user.keyststore as follows, it gives the prompts as follow the command below
keytool -export -rfc -alias upload -file upload_certificate.pem -keystore user.keyststore  

Prompts:
Keytool was tampered with or password incorrect.
I entered correct password. Even checked the case key.

-Nii

[Nii Darko Darkoh]

Sounds promissing.. trying that now.
Will feedback asap

-Nii

[Nii Darko Darkoh]

I am using the latest DS update, but on compiling it tells me APK Builder is outdated.

Where do I get the latest builder pls?
-Nii

[Nii Darko Darkoh]

This is what I get after creating a fresh keystore file and using the MyPassword password

Please see attached.
-Nii

[Nii Darko Darkoh]

Hi,
An idea just came to mind. 

What if Droidscript can generate its own PEM file from its keystore file.
-Nii 

[Nii Darko Darkoh]

A PEM file that can be sent to Playstore (In my situation) and be acccepted to enable reactivation of one's App.

Thanks.

[Nii Darko Darkoh]

Hi,
I hope we're all well.
I found this link that seems to have a fix. It talked about the upload file name needing to change. See link below:
https://stackoverflow.com/questions/51066732/keytool-error-java-lang-exception-alias-upload-does-not-exist

My I know where do I get this upload file from Droid script?
Thanks.

[Nii Darko Darkoh]

Hi,
I also found the FF instruction to replace "upload" with your correct alias such as key0. e.g
keytool -export -rfc -alias key0 -file upload_certificate.pem -keystore keystore.jks
May I know where to find this alias file or how to generate it?
Thanks

[Right2TheV0id]

I can't help much with this, I never manipulated it myself, but according to Oracle's Keytool documentation: 

"[-alias alias]: Alias name of the entry to process".

It also states:

"Which type of import is intended is indicated by the value of the -alias option. If the alias does not point to a key entry, then the keytool command assumes you are adding a trusted certificate entry. In this case, the alias should not already exist in the keystore. If the alias does already exist, then the keytool command outputs an error because there is already a trusted certificate for that alias, and does not import the certificate. If the alias points to a key entry, then the keytool command assumes you are importing a certificate reply."

So it might not be directly a "file", but a reference of an existing certificate entry (or for the one you're creating).

Here are examples given which make use of the generated aliases to "chain" commands:  

"

The following two commands create a chain of signed certificates; ca signs ca1 and ca1 signs ca2, all of which are self-issued:

keytool -alias ca1 -certreq |
    keytool -alias ca -gencert -ext san=dns:ca1 |
    keytool -alias ca1 -importcert

keytool -alias ca2 -certreq |
    $KT -alias ca1 -gencert -ext san=dns:ca2 |
    $KT -alias ca2 -importcert

The following command creates the certificate e1 and stores it in the file e1.cert, which is signed by ca2. As a result, e1 should contain ca, ca1, and ca2 in its certificate chain:

keytool -alias e1 -certreq | keytool -alias ca2 -gencert > e1.cert

"

https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html

[Dave]

The DS keystore file uses an alias of 'alias_name' 

Here is the equivalent command line call to create a keystore file like DS uses - 

keytool -genkey -v -keystore user.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000 -keypass MyPassword -storepass MyPassword

Obviously 'MyPassword' needs to be changed to the password you originally used in DS when you first built an APK file.

[Nii Darko Darkoh]

Hi Dave,
If I generate the keystore with the ff command, will I have to go through the same keystore-generation routine anytime I have to compile with DS and upload to Playstore?

keytool -genkey -v -keystore user.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000 -keypass MyPassword -storepass MyPassword

Thanks.

-Nii

[Nii Darko Darkoh]

Hi Dave,
when I followed your instruction of creating a fresh keystore in DS with the password MyPassword>> Then bring it over and run the command " keytool -export -rfc -alias alias_name -file upload_certificate.pem -keystore  " I got the error in the attached image.
What do I do please?
-Nii.

[Nii Darko Darkoh]

Thanks @ Right2TheV0id

[Dave]

That's just a warning message, not an error message.... if it created the upload_certificate.pem, you can simply ignore it.

However you should NOT be using keytool -genkey command, I did not tell you to do that.  That's what DS does for you when it creates your user.keystore file when you build an APK.  Also, you must NOT use the password MyPassword.... make your own up.

[Nii Darko Darkoh]

Thanks Dave .. but when I generated my own keystore file with CMD and subsequently my PEM file from the  CDM-generated keystore file, everything was smooth.
Since you have just warned that its forbidden to do that I want to know the way out for me.
If you remember I reported that the keystorefile i generated from DS couldnt create the PEM file using the CMD.
So now what should I do to get a PEM file to playstore?
Thanks.
-Nii

[Nii Darko Darkoh]

I finally got the PEM file created from the DS-generated keystore file.
Thanks Dave. I am sending it over to Playstore now.
Will update you if any thing pops up.

-Nii