App Signing Certificate App Upload Certificate Google Play

Before proceeding watch this Android Developers video to empathise the implications of your App Signing enrollment choice: https://youtu.be/odv_1fxt9BI

This guide is oriented to developers who already have an application in the Play Store. If you are starting with a new app the procedure it's much easier and you can follow the guidelines of paragraph "New apps" from here

Prerequisites that 99% of developers already have :

1. Android Studio

2. JDK 8 and later on installation you need to setup an surroundings variable in your user space to simplify terminal commands. In Windows x64 you need to add this : C:\Program Files\Coffee\{JDK_VERSION}\bin to the Path environment variable. (If you lot don't know how to do this y'all tin can read my guide to add together a folder to the Windows 10 Path environment variable).

Step 0: Open Google Play developer panel, then go to Release Management -> App Signing.

Accept the App Signing TOS.

Step one: Download PEPK Tool clicking the push identical to the image below

Pace 2: Open a last and type:

java -jar PATH_TO_PEPK --keystore=PATH_TO_KEYSTORE --alias=ALIAS_YOU_USE_TO_SIGN_APK --output=PATH_TO_OUTPUT_FILE --encryptionkey=GOOGLE_ENCRYPTION_KEY

Legend:

• PATH_TO_PEPK = Path to the pepk.jar you downloaded in Step 1, could be something like C:\Users\YourName\Downloads\pepk.jar for Windows users.
• PATH_TO_KEYSTORE = Path to keystore which you use to sign your release APK. Could be a file of blazon *.keystore or *.jks or without extension. Something like C:\Android\mykeystore or C:\Android\mykeystore.keystore etc...
• ALIAS_YOU_USE_TO_SIGN_APK = The name of the alias you use to sign the release APK.
• PATH_TO_OUTPUT_FILE = The path of the output file with .pem extension, something like C:\Android\private_key.pem
• GOOGLE_ENCRYPTION_KEY = This encryption primal should be always the same. You can find it in the App Signing page, copy and paste it. Should be in this form: eb10fe8f7c7c9df715022017b00c6471f8ba8170b13049a11e6c09ffe3056a104a3bbe4ac5a955f4ba4fe93fc8cef27558a3eb9d2a529a2092761fb833b656cd48b9de6a

Case:

java -jar "C:\Users\YourName\Downloads\pepk.jar" --keystore="C:\Android\mykeystore" --alias=myalias --output="C:\Android\private_key.pem" --encryptionkey=eb10fe8f7c7c9df715022017b00c6471f8ba8170b13049a11e6c09ffe3056a104a3bbe4ac5a955f4ba4fe93fc8cef27558a3eb9d2a529a2092761fb833b656cd48b9de6a

Press Enter and you will need to provide in order:

1. The keystore password
2. The alias password

If everything has gone OK, you at present will have a file in PATH_TO_OUTPUT_FILE folder called private_key.pem.

Pace 3: Upload the private_key.pem file clicking the button identical to the image below

Step 4: Create a new keystore file using Android Studio.

YOU Volition Need THIS KEYSTORE IN THE FUTURE TO SIGN THE Adjacent RELEASES OF YOUR APP, DON'T FORGET THE PASSWORDS

Open one of your Android projects (choose one at random). Become to Build -> Generate Signed APK and press Create new.

Now you should fill the required fields.

Fundamental shop path represent the new keystore you volition create, choose a binder and a name using the 3 dots icon on the right, i choosed C:\Android\upload_key.jks (.jks extension will be added automatically)

Notation: I used upload as the new alias proper noun but if you lot previously used the same keystore with different aliases to sign different apps, you should choose the aforementioned aliases name y'all had previously in the original keystore.

Press OK when finished, and at present you will take a new upload_key.jks keystore. You can shut Android Studio now.

Step v: Nosotros need to extract the upload certificate from the newly created upload_key.jks keystore. Open a concluding and type:

keytool -export -rfc -keystore UPLOAD_KEYSTORE_PATH -alias UPLOAD_KEYSTORE_ALIAS -file PATH_TO_OUTPUT_FILE

Legend:

• UPLOAD_KEYSTORE_PATH = The path of the upload keystore you only created. In this instance was C:\Android\upload_key.jks.
• UPLOAD_KEYSTORE_ALIAS = The new alias associated with the upload keystore. In this case was upload.
• PATH_TO_OUTPUT_FILE = The path to the output file with .pem extension. Something like C:\Android\upload_key_public_certificate.pem.

Example:

keytool -consign -rfc -keystore "C:\Android\upload_key.jks" -alias upload -file "C:\Android\upload_key_public_certificate.pem"

Press Enter and you lot will need to provide the keystore countersign.

Now if everything has gone OK, you will have a file in the folder PATH_TO_OUTPUT_FILE called upload_key_public_certificate.pem.

Step 6: Upload the upload_key_public_certificate.pem file clicking the push button identical to the image below

Footstep 7: Click ENROLL push at the end of the App Signing page.

Now every new release APK must be signed with the upload_key.jks keystore and aliases created in Stride 4, prior to exist uploaded in the Google Play Developer panel.

More Resources:

• Google documentation on Google Play App Signing
• Course to request the reset of your upload keystore if you lose it

Q&A

Q: When i upload the APK signed with the new upload_key keystore, Google Play bear witness an mistake like : You uploaded an unsigned APK. Yous need to create a signed APK.

A: Check to sign the APK with both signatures (V1 and V2) while building the release APK. Read hither for more details.

UPDATED

The step iv,5,6 are to create upload key which is optional for existing apps

"Upload key (optional for existing apps): A new fundamental you generate during your enrollment in the program. You will use the upload key to sign all time to come APKs prior to uploading them to the Play Console." https://back up.google.com/googleplay/android-developer/answer/7384423

kruegersily1960.blogspot.com

Source: https://stackoverflow.com/questions/44103024/how-to-enable-google-play-app-signing

Share this post