Suddenly unable to build for Android due to keystore issue

Hi,

I just installed the latest 3100 build and I’m now unable to build for Android (though I can’t say for sure if the problem started before 3100 because I haven’t tried to build for a while, but I know it did work a few months ago).  

What’s happening is when I go to build, and I select the debug keystore and enter the password “android”, I get the message:

“The password for the key store located at c:\program files (x86)\corona labs\corona\resources\debug.keystore was not valid, or the key store was not valid”

Now, distressingly, I get the same problem with my own keystore, a keystore that I used to sign a released game early this year.  So it’s not specific to the debug keystore.  Which means I can’t update my own game at the moment

Now,I did some googling and this seems to be a problem related to JDK installation.  Indeed, I have the latest JDK installed and I have BOTH 32-bit and 64-bit installed.  Everything I’m reading says Corona needs the 32-bit, so shouldn’t be a problem.  

I tried a couple of things.  First, I removed the JAVA_HOME environment variable and I also removed any reference to Java (JDK or JRE) from the path.  So, Java can’t be run from a command line now.  Still, Corona gives me the same error… which is weird because it makes me think it’s picking up Java’s location some other way - more on that later.

So, next, I added JAVA_HOME pointed to the 32-bit JDK, and added a path entry to that JDK’s bin directory.  Java runs now of course, but Corona has the same problem.  And, even though I didn’t expect it to work, I did the same with the 64-bit JDK, still no love, as expected.

Finally, I found the registry keys that seem to be associated with Java in the registry, and I updated them to point to the 32-bit JDK (even though that might break other things, I figured maybe Corona was looking at the keys to find Java) but that didn’t fix it either.

Finally, I uninstalled 3100 and re-installed, but that didn’t make a difference.  Interestingly, things like my account information and preferences remained, so I searched the registry and sure enough, that’s all stored there.  So, I thought maybe Corona had cached a reference to a previously installed JDK (since I likely have updated since the last time I build for Android) but searching the registry for “corona” and scrutinizing every entry didn’t lead me to anything like that.

The only thing I haven’t tried at this point is uninstalling both JDKs and Corona, then re-installing just the 32-bit JDK, then Corona.  But, even if that does work, it’s not a suitable solution because I also need the 64-bit JDK on my system for other work, and ideally that’s the JRE I’d want to be used by default.

At this point, I’m at a total loss.  Can anyone offer any idea how to deal with this?  I know that this has been a long-running issue with Corona, but this is the first time I haven’t been able to resolve it somehow on my own.  Very frustrating

Thanks,

Frank

It may sound silly but have you tried a reboot?

Always a good suggestion, even if your name isn’t Roy or Moss  But yes, I did try that, more than once after making changes.  No luck.

The only thing I haven’t tried yet is a complete uninstall of both Corona and JDK, followed by a re-install of just the 32-bit JDK and then Corona.  I’m reluctant to do that though because, really, I shouldn’t have to.

What is your Path to JDK?  Mine is *C:\Program Files (x86)\Java\jdk1.8.0_77\bin* and that works fine.

Java.exe is version 8.0.770.3

JAVA_HOME now set to C:\Program Files (x86)\Java\jdk1.8.0_131.  Path set to C:\Program Files (x86)\Java\jdk1.8.0_131\bin.  No other Java-related entries defined, running java from command prompt shows it’s using this JDK (also did a locate java to be safe and yep, correct one located).  After a reboot, still no good.  And, we’re essentially on the same version, mine’s just newer by a few point releases… could always be a breakage in a version newer than what you have, but that’s a bit of a stretch IMO.

Any other ideas?

Did you find a solution for this? As I’m running into it myself too. Same specifications, same JDK version, etc.

Can you remove the 64 bit version and try?

Hi,

I’m getting the same problem. Tried to make an update on Google Play and got the following error message when trying to upload the APK:

You uploaded an APK with an invalid signature (learn more about signing). Error from apksigner: ERROR (Jar signer IAPPS.RSA): JAR signature META-INF/IAPPS.RSA uses digest algorithm 2.16.840.1.101.3.4.2.1 and signature algorithm 1.2.840.113549.1.1.1 which is not supported on API Levels [[15, 17]]

Have you found a solution?

Thanks in advance!

Hi Impossible (and Rob);

I had exactly the same problem building and uploading an app update to Google Play from my Mac about 3 weeks ago. Since I could find no mention of anything similar on this forum at that time, I tackled it with a lot of poking around and research on my own. The fix I found (for building from my Mac running Sierra) was a complete uninstall of Java SDK 1.8 and install of Java SDK 1.6. Once I was back to building using SDK 1.6, submission to Google went perfectly.

Note that I tried all of the mundane stuff such as building the app update with different Corona builds (3007, 3012, 3085) and lots of the other normal voodoo without any success in fixing the problem. From my research, it was definitely a Java SDK thing having to do with security hashes and signing.

Here was my upload error message from Google (about 90% similar to yours).

=======================================================================

Upload failed

You uploaded an APK with an invalid signature (learn more about signing). Error from apksigner: ERROR (Jar signer ADVERKEY.RSA): JAR signature META-INF/ADVERKEY.RSA uses digest algorithm 2.16.840.1.101.3.4.2.1 and signature algorithm 1.2.840.113549.1.1.1 which is not supported on API Levels [[10, 17]]

=======================================================================

Now a topic for Rob to contemplate. This is what threw me the most about the whole thing:

1. On about June 16th, I did an update build of a different app (Just Jumble) using Corona Build 3007. Google analyzed it and accepted it without any errors. It used the same KeyStore/signature as the update I would do next. My Mac had been upgraded to Sierra prior to this and I “think” I was using Java SDK 1.8. I can’t remember changing/upgrading Java any time recently.

2. June 30th, two weeks later, was when I did the subsequent update build on the app Just 2 Words using Corona Build 3007. again, I don’t “think” anything of significance (same Sierra and same Java SDK 1.8) changed on my Mac in those two weeks. And yet, Google gave me the error that we are talking about now.

This all makes me wonder if something changed in those 2 weeks in one of two places: #1 - Google’s App Analysis Tools that analyze submitted apps. #2 – Corona’s Build Process and something in the process related to keystone/signature.

And finally, an aside to contemplate that also relates to Java SDK version. The update I made back on June 16 (with Java SDK 1.8) has generated about 6-8 e-mails from users reporting “Unable to Install - 103” errors. There is another thread in the Corona Forums now on this problem and Googling will bring up some info from non-Corona developers who are also seeing this. The fix for this seems to be to NOT build with Java SDK 1.8 because of some security hash incompatibilities on certain older Android devices running certain Android versions. I’m about to do an interim update of the app we updated back on June 16th in order to build it with Java SDK 1.6 and get back on those devices.

Hope this info helps.

Steve

Hi Steve,

Thanks a lot for the detailed answer

I will give it a try a tell you if it works for me.

Cleverson

So, for me, it seems like 32 vs. 64-bit doesn’t make a difference, it doesn’t work either way.  But, I tried what Cleverson suggested and went back to a 1.6 JDK and yep, there it seems to work, though I haven’t submitted to the store so if there are other problems lurking I can’t say, and certainly there seems to be based on what he said.  This of course isn’t an option for me because I have other work that requires the latest JDK, so I’m kind of dead in the water (though, knowing this, I can at least spin up a VM to do my Android builds in, so I guess not really dead in the water - just a bit inconvenienced I suppose ).  

Fortunately, I don’t currently have a big Corona project going so it’s not the end of the world, but it DOES mean that I can’t (easily) update my existing apps - and I in fact may not WANT to given the possibility of introducing issues.  Though, like I said, a VM with 1.6 is at least a viable fallback it seems.

Still, would be really nice to figure out what’s going on so I can work using my usual environment and workflow when needed.

There are two different issues here. @fzammetti is having password problems. @impossibleapps & @sbullock seem to be experiencing a different issue.

I don’t have a lot to add to @fzammetti’s issue yet. Can I get a screen shot of your build screen just before you hit the build button? Please do not blur/block out any field.

Now for the other problem.  

Oracle at some point in the keytool/jarsigner process changed the default encryption method (from SHA128 to SHA256 I think). Older versions of Android do not know how to read the new encryption and the apps fail to install. Using Java 1.6 keeps you signing with the old method.  1.7 and later use the new method and Android 4 (again I think) can’t deal with this.  

It appears that Google is now checking for this.  API 10 is 2.2.3 which older versions of Corona might still support. Our current minimum is API 15 (4.0.3) and it appears that API 17 is the last version to have this issue (4.2).  It looks like Google might be flagging apps that support these older devices that are signed with the newer method and rejecting them.

Can you tell me more about how you got rejected? I just did a build on my Mac and uploaded it to Alpha and didn’t get an error. Is this something that comes in email later? As soon as you upload it? Can I get more context on it?

Thanks

Rob

I don’t believe it’s a password problem per se, I think it’s just presenting that way.

Here’s the screenshot:

What happens is that when I try to select a Key Alias, which is blank, it tells me “The password for the key store located at c:\program files (x86)\corona labs\corona\resources\debug.keystore was not valid, or the key store was not valid”.  So I hit Ok, and I enter “android”, which I believe is the correct password for the debug keystore, and it repeats that error message.  I run into this same issue using MY OWN keystore, which of course I know the password to.

This DOES NOT seem to happen when using JDK 1.6.  So it seems like back to the same sort of JDK issues I’ve seen in the past, but now it’s just that I need to have the latest JDK installed, and as far as I know there’s no way to tell Corona to use a specific JDK, other wise I’d just have them installed side-by-side and be good to go (that would REALLY be handy feature by the way!).

In the drop down for Keystore do you have the option for “Debug” with no path information?

If so select it and try the known debug keystore password.

The Keystore field isn’t a dropdown, it’s a path selection.  Do you mean the Key Alias?  Because that’s a dropdown, but when I click it, it’s empty (which only makes sense: if it can’t read from the keystore it’s not going to be able to populate the key aliases).  Also, as soon as the Keystore field loses focus is when I get the error about the incorrect password, seems like regardless of what keystore it’s pointed at.

Hi Rob;

You asked:

“Can you tell me more about how you got rejected? I just did a build on my Mac and uploaded it to Alpha and didn’t get an error. Is this something that comes in email later? As soon as you upload it? Can I get more context on it?”

This comes in a “New Release to Production” – which may have different analysis by Google.

After you upload your APK (and, in my case, with an expansion file) the error message would appear in the screen that I am showing in the image here. I “think” the error message appeared after I tapped the “SAVE DRAFT” button (it has been about 2 weeks since I had the problem) but it may have appeared after the APK upload reached 100% and Google did its instant analysis of the file.

The included image is from an upload of an update this morning (which doesn’t throw this error because it uses 1.6) – so it is more to show you where the Google error message occurs.

Best;

Steve

@fzammetti Sorry about asking about the drop down. I use a Mac mostly. On the Mac build screen there is an option called “Debug” which picks the keystore for me. 

For Windows picking the debug.keystore from C:\Program Files (x86)\Corona Labs\Corona SDK\Resources\ folder should not ask you for a password. We handle that internally. If you’re being prompted, then perhaps that file is corrupt.

This file should be read only, but any one or process running as an Administrator can make changes.  Can you bring up a Windows Explorer window and to into that folder and right click on debug.keystore file and choose “Properties” and report the size to me? A screen shot of that dialog would be useful so i can look at other values as well.

The Java version has an impact at signing time. FWIW on my Windows machine, I only have the Java 32 bit JRE 1.8.0_131 and the 32 bit JDX 1.8.0_131 installed. I don’t have any 64 bit or older versions.

Making a release keystore is tricky. People try and copy/paste the command from our guide which only works on Macs since keytool.exe is never added to a PATH on Windows. You either have to CD to the folder where keytool.exe exists and specify a full path to where you want to save your keystore (can’t save it where keytool.exe is, it’s read only)  or CD to where you want to save the keystore and run keytool.exe with the full path. Since everyone’s Java is likely to be a little bit differently, we can’t make an easy Copy/paste command for windows.

For the other issue, Engineering is  looking into it. 

Rob

No worries Rob, I appreciate the help!  Here’s the screenshot:

Interesting, you say it should be read-only, which it’s not… but, I re-installed Corona from scratch when I started having these problems, so this is as it was installed.  I suppose it’s possible something munged it between then and now but I know I didn’t mess with it and I can’t think of anything else that would have (virus scans with multiple tools all come up clean, and I have Eset running all the time, so that possibility seems very unlikely).

And yeah, it definitely prompts for password as soon as focus leaves the Keystore field, for any keystore I point it to, Corona-supplied or my own, so something definitely seems funky here.

Hi everyone,

Just confirming that the problem is solved. I followed Steve’s suggestion and switched to Java 1.6 (I was using Java 8). Google accepted my APK with no error messages.

Thanks a lot for your help!

Br,

Cleverson

What version of Corona do you have installed?