How to use NEW Upload Key to sign app update and upload to Google Play store?

Cdn_EuroCdn_Euro Member ✭✭✭
edited October 2018 in Xamarin.Android

Hi,

Somehow I managed to save the wrong keystore for my Android app that I developed using Xamarin and already published.
When I wanted to upload an update to the Google Play Store with the keystore that I thought was the right keystore,
the SHA certificate did not match.

Luckily I was registered for Google Play App Signing so they were able to reset the Upload Key for me.
In order to reset the upload key I:

  1. (dont know if i had to do this to generate new upload key) Generated a new archive and new keystore for the Android project in Xamarin and exported the APK to a folder. In that folder i ran the command lines in the next steps:

  2. Generated a new upload key using the command line:
    keytool -genkeypair -alias upload -keyalg RSA -keysize 2048 -validity 9125 -keystore keystore.jks

  3. Exported the certificate for that key to a *.pem file:
    keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jks

  4. Sent the *.pem to Google Play Developer Support.**

    Now that I have a *.pem file and *.jks file, how do I create the new APK file for my Xamarin Android project, signed with the new upload key in Visual Studio?

Posts

  • DeepakDYDeepakDY INMember ✭✭✭

    Hello @Cdn_Euro ,

    I have the same problem, i missed my keystore file and i want to update app in play store.
    Any solution found.

  • Cdn_EuroCdn_Euro Member ✭✭✭
    edited January 9

    @DeepakDY This is the solution:

    After sending the *.pem file to Google Play Developer support in order to reset the Upload Key, they confirmed it was successfully reset (yay Google App Signing) but it takes a couple of days for it to be active.

    When it becomes active follow these steps:

    1. Go to Visual studio and archive the Android project from Build/Archive

    2. In the Archives menu option, select the latest archive and click Open Folder. This opens a folder where an unsigned *.apk file resides. It needs to be signed manually (in step 4) with the *.jks keystore file mentioned above (keystore.jks).

    3. First zipalign the unsigned archive (make sure to add C:\Program Files\Java\jre1.8.0_191\bin to PATH in User variables):

    zipalign -v -p 4 my-app-unsigned.apk my-app-unsigned-aligned.apk

    1. Manually sign the zipaligned *.apk file with the keystore.jks

    apksigner sign --ks keystore.jks --out my-app-release.apk my-app-unsigned-aligned.apk

    1. The signing process will ask for the password used when creating the keystore.jks/*.pem file. After, the apk resulting is ready to upload to the Google Play Store as an app update. Keystore.jks is now the new Upload Key.
  • DeepakDYDeepakDY INMember ✭✭✭
    edited January 16

    hello @Cdn_Euro

    i think you said about this ssl-cert-snakeoil.pem.

    this is path of this file.

    but how can send it in google play developer.

    please help me.

  • Cdn_EuroCdn_Euro Member ✭✭✭
    edited January 19

    @DeepakDY You literally just email it to Google Play support. Contact them first. There is a form, check out that website

    General Information about keys etc:
    https://support.google.com/googleplay/android-developer/answer/9061737?hl=en&ref_topic=15868&visit_id=636834463199127387-1167344014&rd=1#ts=3055205

    The form you need to fill out, then after they will ask you for the *.pem cerificate:
    https://support.google.com/googleplay/android-developer/contact/otherbugs

    Let me know if you got it working, or if you have other questions.

  • DeepakDYDeepakDY INMember ✭✭✭

    Hello @Cdn_Euro ,

    Thanks for reply and guide me.
    i sent pem file to google paly support then i getted reply,

    Hi,

    Thanks for contacting Google Play Developer Support!

    `Hi,

    Thanks for contacting Google Play Developer Support!

    Good news - I was able to register your new upload key. Make sure to update your keystores in the following locations:

    Local machine
    Locked on-site server (varying ACLs)
    Cloud machine (varying ACLs)
    Dedicated secrets management services
    (git) repos
    

    The new key will be usable from: 2019-01-20 16:13:12 UTC.

    Thanks for your patience during this process, and please let me know if you have any other questions.`

    but i can't able to find new keystore file and where is.

  • Cdn_EuroCdn_Euro Member ✭✭✭

    @DeepakDY No worries, we are all here to help eachother. If I remember correctly when you created the *.pem file there was also a *.jks file created? That *.jks file IS your new upload key.

    (this is from when I went through the same process as you)

    Somehow I managed to save the wrong keystore for my Android app that I developed using Xamarin and already published. When I wanted to upload an update to the Google Play Store with the keystore that I thought was the right keystore, the SHA certificate did not match.

    Luckily I was registered for Google Play App Signing so they were able to reset the Upload Key for me. In order to reset the upload key I:

    1.(dont know if i had to do this to generate new upload key) Generated a new archive and new keystore for the Android project in Xamarin and exported the APK to a folder. In that folder i ran the command lines in the next steps:

    2.Generated a new upload key using the command line: keytool -genkeypair -alias upload -keyalg RSA -keysize 2048 -validity 9125 -keystore keystore.jks --> after sending associated *.pem file to Google Play this is your new Upload key

    3.Exported the certificate for that key to a *.pem file: keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jks

    4.Sent the *.pem to Google Play Developer Support.**

  • DeepakDYDeepakDY INMember ✭✭✭

    Hello @Cdn_Euro

    how can kwon my key is sign in or not

  • DeepakDYDeepakDY INMember ✭✭✭

    Hello @Cdn_Euro ,

    Google reply me.

    Just to confirm that the keystore has already been reset and you need to make sure to update your keystores in the following locations:

    • Local machine
    • Locked on-site server (varying ACLs)
    • Cloud machine (varying ACLs)
    • Dedicated secrets management services
    • (git) repos

    If you need further clarification then please let me know. I'm happy to help

  • Cdn_EuroCdn_Euro Member ✭✭✭

    how can kwon my key is sign in or not

    @DeepakDY what is the question, i didnt understand that

  • DeepakDYDeepakDY INMember ✭✭✭

    hello @Cdn_Euro ,

    Firstly i generated a new archive and new keystore for the Android project in Xamarin.

    then i ran keytool -genkeypair -alias upload -keyalg RSA -keysize 2048 -validity 9125 -keystore keystore.jks for generate keystore.jks file(i thinks this is new upload key this file(keystore.jks generated in this path "C:\Program Files (x86)\Java\jdk1.8.0_192\bin")) when i am ran this command this ask me some information about new archive such as(alias, organization, organization unit, location, county code, password and repassword).

    after i ran this command "keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jks" for generate
    *.pem file and its generated in this path "C:\Program Files (x86)\Java\jdk1.8.0_192\bin".

    then i send *.pem file to google play support.

    and google play reply this

    Good news - I was able to register your new upload key. Make sure to update your keystores in the following locations:

    Local machine
    Locked on-site server (varying ACLs)
    Cloud machine (varying ACLs)
    Dedicated secrets management services
    (git) repos
    The new key will be usable from: 2019-01-20 16:13:12 UTC.

    where i am wrong here.

  • DeepakDYDeepakDY INMember ✭✭✭

    @Cdn_Euro how can import new *.jks file for archive

  • Cdn_EuroCdn_Euro Member ✭✭✭
    edited January 21

    @DeepakDY Once you have that keystore.jks(thats what i named it in this case) associated with the *.pem file just use the *.jks like this:

    Go to Visual studio and archive the Android project from Build/Archive

    In the Archives menu option, select the latest archive and click Open Folder. This opens a folder where an unsigned *.apk file resides. It needs to be signed manually (in step 4) with the *.jks keystore file mentioned above (keystore.jks).

    First zipalign the unsigned archive (make sure to add C:\Program Files\Java\jre1.8.0_191\bin to PATH in User variables):

    zipalign -v -p 4 my-app-unsigned.apk my-app-unsigned-aligned.apk

    Manually sign the zipaligned *.apk file with the keystore.jks
    apksigner sign --ks keystore.jks --out my-app-release.apk my-app-unsigned-aligned.apk

    The signing process will ask for the password used when creating the keystore.jks/*.pem file. After, the apk resulting is ready to upload to the Google Play Store as an app update. Keystore.jks is now the new Upload Key.

    Let me know if it worked, or if I didnt understand your question.

  • DeepakDYDeepakDY INMember ✭✭✭
    edited January 24

    Hello @Cdn_Euro ,

    I am following your instruction and i ran zipalign -v -p 4 my-app-unsigned.apk my-app-unsigned-aligned.apk

    but not get my-app-unsigned-aligned.apk .

    I attached a image of Command prompt

    cmd.png 86.5K
  • Cdn_EuroCdn_Euro Member ✭✭✭
    edited January 25

    @DeepakDY put the files (your app apk package and your jks key) in the same folder and run the command prompt from within that folder. Or use command prompt to make sure you are in the folder where the apk resides.

    In command prompt type to change directory to where your apk is:

    cd c:\Users\admin\AppData\Local\Xamarin\Mono for Android\Archives\2019-01-24\CRM.Droid 1-24-19 11.34 AM.apkarchive\

    Also copy the JKS key file to that folder.

    Now assuming that com.crm.office24hr.apk is your Unsigned APK (obtained just by clicking Open Folder in visual studio after creating APK)

    The format is : zipalign -v -p 4 INPUT_FILENAME OUTPUT_FILENAME

    zipalign -v -p 4 com.crm.office24hr.apk com.crm.office24hr-aligned.apk

    Now that yhou should have your aligned apk, just sign it with the jks that should be in the same folder ( What i did is I moved the apk and the jks together somewhere else)

    The format is: sign --ks NAME_OF_KEY.JKS --out OUTPUT_FILENAME INPUT_FILENAME

    apksigner sign --ks the_name_of_your_key.jks --out com.crm.office24hr-release.apk com.crm.office24hr-aligned.apk

  • shindepranushindepranu Member ✭✭

    Great

  • DeepakDYDeepakDY INMember ✭✭✭

    Hello @Cdn_Euro

    Thanks for supporting me :smile:

    Now i am able to update my application.

    I put *.apk and *.keystore file in this path "C:\Program Files (x86)\Android\android-sdk\build-tools\25.0.3"
    because zipalign.exe file was here and ran this command "C:\Program Files (x86)\Android\android-sdk\build-tools\25.0.3>zipalign -v -p 4 com.crm.office24hr.apk com.crm.office24hr-aligned.apk".

    and generated *-aligned.apk same folder"C:\Program Files (x86)\Android\android-sdk\build-tools\25.0.3".

    then Ran this command "C:\Program Files (x86)\Android\android-sdk\build-tools\25.0.3>apksigner sign --ks keystore.jks --out com.crm.office24hr.apk com.crm.office24hr-aligned.apk" signer apk in same folder "C:\Program Files (x86)\Android\android-sdk\build-tools\25.0.3".

    signer apk is final apk and update app in play store.

    Thanks once again :smile:

  • Cdn_EuroCdn_Euro Member ✭✭✭

    @DeepakDy I am glad you solved it. And no problem

  • KonamiKonami Member

    Hello @Cdn_Euro , please can I get your audience, I also need your assistance on this topic... I've gotten the feedback from Google support team, after the day I was given, I signed my App with the .jks I generated its .PEM for reset but I was still getting the same error that I should sign my App with the correct keystore...

    Please can you help me on this, I'm stuck.

    I'm using Android Studio by the way

  • batmacibatmaci DEMember ✭✭✭✭✭

    you don't need any of these steps. just choose sign and distribute on visual studio and choose import keystore, then select your keystore.jks which you created earlier. VS will ask you to enter password you used for keystore.jks. once you enter it will be signed and ready to upload to Google Play Console

  • EbubekirSezerEbubekirSezer Member ✭✭
    edited August 25

    Thanks

Sign In or Register to comment.