Android Question How to sign app bundle with upload key?

Vern · Nov 2, 2021

I opted in to Google app signing, uploaded the signing key for my existing app, created an upload key and downloaded the certificate.
When I use "Build App Bundle" in B4A (v11.0) to create the aab file, the bundle is signed with the key in my old keystore file.
I believe it needs to be signed with the upload key. I've been reading posts for a couple days now, but I'm still not sure what to do. Any help would be appreciated.

MikeSW17 · Nov 2, 2021

Have you followed the tutorial? https://www.b4x.com/android/forum/threads/google-play-app-signing.91703/

Vern · Nov 3, 2021

Yes, I have seen that post. It's a manual way to create an apk file, sign and zip it. I'm trying to create an aab bundle and sign it with the upload key.

Erel · Nov 3, 2021

Select the correct key with Tools - Private Sign Key.

Or set it with #SignKeyFile attribute.

Vern · Nov 3, 2021

Thanks for the response. However in Tools, Private Sign Key when I specify the my-release-key.jks file, I get this error:

keytool error: java.io.IOException: Integrity check failed:
java.security.NoSuchAlgorighmException: Algorithm HmacPBESHA256 not available

When I use #SignKeyFile it produces a similar error:

Compiling resources (0.67s)
Linking resources (0.48s)
Compiling generated Java code. (7.22s)
Convert byte code - optimized dex. (9.95s)
Copying libraries resources (0.59s)
Building app bundle (1.20s)
Signing AAB file Error

jarsigner error: java.lang.RuntimeException: keystore load: Integrity check failed: java.security.NoSuchAlgorithmException: Algorithm HmacPBESHA256 not available

It looks like B4A does not recognize my-release-key.jks as a keystore. Any clues how to fix this?

Computersmith64 · Nov 4, 2021

The basic steps are:

1) Build your app (as an aab) with the keystore key you've always used;
2) Opt in to Google Play app signing & then follow the instructions to generate the encrypted key that is uploaded to your developer console. If you have Android Studio installed you can export it from there, otherwise you can download the tool (there's a link in the instructions) & run it to generate the key;
3) Upload the encrypted key to the developer console;
4) Upload the aab.

If you follow the instructions when you opt in, it's a very straightforward process.

- Colin.

Vern · Nov 5, 2021

If you build your app with the old keystore key you will discover it does not match the encrypted key that Google has and you end up with a message like:

Your Android App Bundle is signed with the wrong key. Ensure that your App Bundle is signed with the correct signing key and try again. Your App Bundle is expected to be signed with the certificate with fingerprint:
SHA1: 65:3C:AE:37

8:23:C4:...
but the certificate used to sign the App Bundle you uploaded has fingerprint:
SHA1: 37:1E

5:C4:60:B9:B4:...

I'm out of time working on this, so I used the command line to create the apk, signed it and uploaded it successfully. However it's probably only a matter of time before Google stops apk files from being uploaded. It's safer for them to extract it from the aab bundle and they can optimize your app at the same time.

Computersmith64 · Nov 6, 2021

Vern said:
If you build your app with the old keystore key you will discover it does not match the encrypted key that Google has and you end up with a message like:

Not true. I have opted in to Play App Signing for several of my existing apps & have continued to use the same signing key I always did. I simply signed the bundle with that key, then exported & uploaded the encrypted key to the console. I'd say if you're getting that message, you have either not used the same signing key as the one you last used to release the app, or you have exported & uploaded the wrong key.

- Colin.

mcqueccu · Nov 6, 2021

Vern said:
If you build your app with the old keystore key you will discover it does not match the encrypted key that Google has and you end up with a message like:

Your Android App Bundle is signed with the wrong key. Ensure that your App Bundle is signed with the correct signing key and try again. Your App Bundle is expected to be signed with the certificate with fingerprint:
SHA1: 65:3C:AE:378:23:C4:...
but the certificate used to sign the App Bundle you uploaded has fingerprint:
SHA1: 37:1E5:C4:60:B9:B4:...

I'm out of time working on this, so I used the command line to create the apk, signed it and uploaded it successfully. However it's probably only a matter of time before Google stops apk files from being uploaded. It's safer for them to extract it from the aab bundle and they can optimize your app at the same time.

This simply means you are Signing the app with different from what you previously used. Check the Private Key and compare the SHA1 to determine the correct keyfile

Android Question How to sign app bundle with upload key?

Vern

Member

MikeSW17

Active Member

Vern

Member

Erel

B4X founder

Vern

Member

Computersmith64

Well-Known Member

Vern

Member

Computersmith64

Well-Known Member

mcqueccu

Well-Known Member

Similar Threads