Android Question APK Sign Error

[Ydm]

Hello.
I signed an apk in advance and uploaded it to the PlayStore. Now I want to update my application. But I get the error. The problem is probably related to JDK. I've tried with all JDK versions and failed. The error I got is:

Error: keytool error: java.security.cert.CertificateException: Unable to initialize, java.io.IOException: DerInputStream.getLength(): Redundant length bytes found
java.security.cert.CertificateException: Unable to initialize, java.io.IOException: DerInputStream.getLength(): Redundant length bytes found
at java.base/sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:198)
at java.base/sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:102)
at java.base/java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:355)
at java.base/sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:717)
at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:222)
at java.base/java.security.KeyStore.load(KeyStore.java:1479)
at java.base/java.security.KeyStore.getInstance(KeyStore.java:1807)
at java.base/java.security.KeyStore.getInstance(KeyStore.java:1687)
at java.base/sun.security.tools.keytool.Main.doCommands(Main.java:910)
at java.base/sun.security.tools.keytool.Main.run(Main.java:397)
at java.base/sun.security.tools.keytool.Main.main(Main.java:390)
Caused by: java.io.IOException: DerInputStream.getLength(): Redundant length bytes found
at java.base/sun.security.util.DerInputStream.getLength(DerInputStream.java:612)
at java.base/sun.security.util.DerValue.<init>(DerValue.java:257)
at java.base/sun.security.util.DerInputStream.getDerValue(DerInputStream.java:457)
at java.base/sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1834)
at java.base/sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:195)
... 10 more

 

[DonManfred]

https://www.b4x.com/android/forum/t...ey-algorithm-is-not-compatible.87699/#content

Best solution is probably to switch to B4A 8+

 

[Ydm]

Unfortunately I get the same error.

keytool error: java.security.cert.CertificateException: Unable to initialize, java.io.IOException: DerInputStream.getLength(): Redundant length bytes found

 

[eps]

Does this help? https://stackoverflow.com/questions...in-androidstudio-redundant-length-bytes-found

 

[Ydm]

I can compile with JDK 7. But I can not use this year of life. This is necessary to run with JDK 11. So I need to update this Keystore file.

 

[eps]

then this? https://forum.unity.com/threads/key...nable-to-read-with-jdk-8.460020/#post-3466189

 

[Ydm]

JDK 1.7 works in the signature. But this time the B4A says JDK is old.
When JDK is current (8,9,11), it gives a signature error.

 

[Erel]

Which version of B4A are you using?

 

[Ydm]

8.00

 

[Erel]

I'm sorry but I don't understand. Where do you get this error? What have you changed since you first signed your APK?

 

[Ydm]

The APK was signed with an old version of the B4A. So the keystore file was created with an old B4A. The JDK version at the time was old. Now the new B4A does not like the keystore file and gives the error in the first message. When I choose the old JDK version, the new B4A doesn't like it. I need to update this keystore file somehow. Every day thousands of people wipe out my application because of this vulnerability. You asked two days ago, "What's your B4A version?" Two days later, you said, "I didn't understand the problem."

 

[Erel]

Two days later, you said, "I didn't understand the problem."

That's true. It was weekend here.

Every day thousands of people wipe out my application because of this vulnerability.

Which vulnerability?

I'm sorry but I don't understand anything from this thread.

Please explain what you did and what exactly happens right now. There is no problem to sign an APK with old keys.

 

[Ydm]

I use google translate. Maybe he's doing some ridiculous translations. I wrote down the errors I took, the versions I used. There's nothing I can write about. B4A-8.00 gives an error in the old keystore file. I searched the forums, says the old version of JDK use. When I use the old JDK, the new B4A gives other errors. There's a mismatch. Create a keystore file with a very old version of B4A and version 1.7 of JDK. Then open the application with the new version of B4A. Choose the newest version as JDK. Compile in release mode. You will see errors.

 

[Erel]

Can you post a screenshot?