Android Question Do we need to create New keystore for google app signing (app bundle)

[mcqueccu]

I have one Keystore file created with the IDE since 2016 which I used for all my applications. In preparation to optin in to google app signing and to test the app bundle for NEW APP, I tried some things but it giving me error and headache.

1. The Problem
Using pepk.jar with my existing Keystore to create upload key following the instructions here https://www.b4x.com/android/forum/threads/google-play-app-signing.91703/

java -jar pepk.jar --keystore=MY_KEYSTORE_NAME.keystore --alias=b4a --output=encrypted_private_key_path --encryptionkey=MY_KEY_FROM_GOOGLE

I end up getting a file that is NOT accepted by google (Error: The file is not a zip file).

but when i use the code from google below with the old keystore, the zip file is Okay but I got this error The private key was not properly encrypted or is not a type of key we support.

java -jar pepk.jar --keystore=MY_KEYSTORE_NAME.keystore --alias=b4a --output=output.zip --include-cert --encryptionkey=MY_KEY_FROM_GOOGLE

2. What seems to work
Using keytool from openjdk 11 folder, I created a temp.keystore
Again, the pepk.jar command from b4a google app signing instruction page, created a corrupted zip file.

I switched to the command from google release dashboard using the new temp.Keystore i created with the keytool and the zip worked. The uploaded zip was also accepted and everything was succesful.

QUESTION:
Will our old keystore file be able to work to create upload key, or henceforth, we must switch to new keystore file created from keytool?

 

[MarcoRome]

Hi. Do you see this

App Bundle Signed

Ok. To update it is very simple, no action is required. Now i am trying to load a new app. When try to load a new app it gives me the message: "For new apps, Android App Bundles must be signed with an RSA key." ( see in red in follow picture ) Anyway i dont see Release Management - App...

www.b4x.com

Without create output=output.zip, in tutorial by @Erel i dont see this. Why do you want xreate a zup file ?

 

[mcqueccu]

When I used exactly what Erel used ie encrypted_private_key_path , I got an error that its not a zip file

 

[MarcoRome]

When I used exactly what Erel used ie encrypted_private_key_path , I got an error that its not a zip file

Anyway i see that you have solved the problem.
Relating to your question:

Will our old keystore file be able to work to create upload key, or henceforth, we must switch to new keystore file created from keytool?

I think it will still be able to work anyway (for example regarding updates, I think you are obliged to use the old upload key in the update signature). For new projects i would use the new key.

 

[mcqueccu]

Anyway i see that you have solved the problem.

Its not solved. The file generated, when i upload it, google says its not a zip file

 

[MarcoRome]

I switched to the command from google release dashboard using the new temp.Keystore i created with the keytool and the zip worked. The uploaded zip was also accepted and everything was succesful.

 

[mcqueccu]

Yes, it was a new temporary Keystore I created using keytool, just for testing.

But my problem is creating Upload key with my OLD existing Keystore. That does not work

 

[MarcoRome]

I understand, but still you wouldn't have any problems.
Because the old projects that you will need to eventually update, you can simply create an aab with the old key. Without having to add anything.
With new projects you can use the new key

 

[mcqueccu]

Yes, I can use new keystore for new apps. But I will still need to debug this problem.

Tracing my steps
I have java 8, and openjdk 11 and 14.
The IDE uses java 11.

Steps:
After creating new app project, when to production, create new release

A. Then I select Manage App signing in the picture below

B. Then I download pepk.jar, and copy the encryption key

c. I placed the pepk.jar into same folder as the keystore

D. I run the cmd from that location

java -jar pepk.jar --keystore=leafy.keystore --alias=b4a --output=encrypted_private_key_path --encryptionkey=MY_ENCRYPTION_KEY_HERE

AND i GOT THIS

E. I uploaded the generated file to playstore

F. I then click CONTINUE

 

[MarcoRome]

Yes, I can use new keystore for new apps. But I will still need to debug this problem.

Tracing my steps
I have java 8, and openjdk 11 and 14.
The IDE uses java 11.

Steps:
After creating new app project, when to production, create new release

A. Then I select Manage App signing in the picture below
View attachment 109404



B. Then I download pepk.jar, and copy the encryption key

View attachment 109405



c. I placed the pepk.jar into same folder as the keystore

View attachment 109406

D. I run the cmd from that location

java -jar pepk.jar --keystore=leafy.keystore --alias=b4a --output=encrypted_private_key_path --encryptionkey=MY_ENCRYPTION_KEY_HERE

View attachment 109407

AND i GOT THIS

View attachment 109409

E. I uploaded the generated file to playstore
View attachment 109410


F. I then click CONTINUE


View attachment 109411

Also to me yesterday at the first attempt did the same thing. Then i went out and back from the Play Store, tried to create a new app, loaded the previously created file and it didn't give me any errors.

 

[mcqueccu]

Hi, @MarcoRome thanks for sticking with me.

2 days I tried using my existing keystore file to generate upload key but it doesnt not work.

I feel, the problem is with the keystore file, hence my inability to extract the upload key with the pepk.jar

Reference to this thread: Someone was facing the same problem with keystore file created with the IDE.

Google Play Upload: The private key was not properly encrypted or is not a type of key we support.

Hi, I created a new App release on Google Play Console and followed all the instructions to create the output.zip from my b4a keystore file using the pepk.jar provided by Google. When I upload the output.zip containing the encrypted private key and the certificate I receive an error message on...

www.b4x.com

Edit: And this Maybe Unrelated

jarsigner error: java.security.SignatureException: private key algorithm is not compatible

Private sign keys created with B4A v7.80 or less together with Java 8u151+ will fail with the above error message. Note that it does not affect existing keys. It is related to a change in the default key size. It is fixed for the next update of B4A. As a workaround you can switch to Java...

www.b4x.com

 

[Cebuvi]

Hello,
I am trying to use pepk.jar with the keystore of an old app and I have a problem.
When I run the file, it asks me to enter the password, but when I try to type it, it doesn't let me, it doesn't write any symbol, and if I press Enter, it gives me an error.
Could someone help me?
Thanks.

 

[mcqueccu]

When you are typing the password, nothing will show but make sure sure you type your correct password and press ENTER

Or

Copy and paste your password and hit ENTER

 

[Cebuvi]

Thank you for your quick response.
The first step works, but what is the password for key?

 

[mcqueccu]

Both Password and Alias password should be the same

 

[Cebuvi]

Thank you very much, I already had a headache. You saved my life
Have a nice weekend

 

[Cebuvi]

One last question, with this key will I be able to upload new applications or do I have to repeat the process for each app?

 

[mcqueccu]

No need to repeat the process