Android Question Keystore - key associated with b4a not a private key

[Dario126]

During creating secondary google keystore key, I replaced it in b4a IDE without mining for password of original key. I was thinking that this is project related, and saved within one project because it's easily visible in IDE. I have no copy of password, later on I tried brute force and "smart dictionary brute force", but nothing helped so far.

Then on a copy of keystore file I changed password with method like this http://blog.blundell-apps.com/tut-change-alias-passwords-of-your-android-keystore/ ..

When I load it into b4a IDE and give it new password, pressing ok on "private sign key" dialog accepts them, and all looks ok.

But on compilation I get following error:
jarsigner: key associated with b4a not a private key

I tried "clean project" option, but result is same ..

Key signature in mentioned dialog of b4a IDE looks like this (some values for this post I replaced with xxx, others are original):

Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: b4a
Creation date: 12.12.2013.
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=xxx, O=NoOrg, C=HR
Issuer: CN=xxx, O=NoOrg, C=HR
Serial number: xxx
Valid from: Thu Dec 12 20:26:18 CET 2013 until: Thu Apr 11 21:26:18 CEST 2052
Certificate fingerprints:
MD5: DD2:FE7...xxx
SHA1: 20:C7:56:C1...xxx
SHA256: B0F:7A...xxx
Signature algorithm name: SHA1withDSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 22 3E DA 00 9E 31 6E C4 A0 F6 52 5C 5A B3 E3 36 ">...1n...R\Z..6
0010: 62 BC 95 E0 b...
]
]
*******************************************

What seams to be a problem, why it says that this is not private key?

 

[Erel]

You will not be able to use the key if you don't remember the password.

 

[Dario126]

You will not be able to use the key if you don't remember the password.

I'm aware of that, but as I sad .. I changed password of keystore file with specified tool, and b4a IDE is accepting keystore file and by "decryption" of it I return info like quote above. Only by compilation of my application i get error "key associated with b4a not a private key". I'm curious why this message happens. Is keystore file changed more than just password?

 

[Erel]

I'm not familiar with this tool, but it seems like it broke the key.

 

[daemon]

Hi, I'm getting the same error when I tried to import old key from existing published app to use with b4a.

I used following command to create a new keystore compatible with b4a:
keytool -importkeystore -srckeystore play.keystore -destkeystore b4a.keystore -srcalias alias -destalias b4a

When I select b4a.keystore as sign key file and give correct password, b4a is able to show me details of the key.
However, I get the error 'jarsigner: key associated with b4a not a private key' when I try to compile.

What could be going wrong?

FYI: I had created the old one using this command:
keytool -genkey -v -keystore play.keystore -alias alias -keyalg RSA -keysize 2048 -validity 10000

Update 1: With above command, key password was still different from keystore password. On changing key password to be same as keystore password (Using -destkeypass option), the error I get is:
jarsigner error: java.security.SignatureException: private key algorithm is not compatible with signature algorithm.

Update 2: Above error is due to my key being signed with SHA256withRSA, whereas B4A supports only SHA1withDSA. I don't think keys can be converted across, so the only options are:
1) B4A supports other algorithms
http://www.b4x.com/android/forum/threads/support-for-sha256-rsa-sign-keys.45478/
2) Use a batch file to sign apks externally
http://www.b4x.com/android/forum/threads/tutorial-how-to-sign-apk-with-non-b4a-keystore.14049/

 

[Erel]

Why did you manually create the sign key?

 

[daemon]

I created them before I knew about B4A

I have some apps built using Eclipse, signed with non-B4A certificates and published.
I was planning to re-write them using B4A.