Suddenly unable to build for Android due to keystore issue

Solar2D General Questions/Discussion
#61

As long as your old one works for Google keep using it. You can use the new one as needed.  You can also update the old one to a new one using the commands in the other threads!

Rob

#62

Does anyone have an update on this?  I’m running in to the same issue.

#63

I would recommend updating to the latest daily build and trying. I believe we’ve made some changes around those areas.

Rob

#64

Hello, any update on this issue? I face the same problem, my build is 2017.3184, my problem started when I tried signing my own keystore for release, password wont verify. Tried the debug.keystore, and it wont verify either (keep asking for password, when “android” is supplied, it says wrong password or JDK not found)

Any update would be appreciated. thanks :slight_smile:

#65

the console produces these every time I try building (firewall is already off on my machine):

00:31:18.061  jarsigner: unable to sign jar: no response from the Timestamping Authority. When connecting from behind a firewall an HTTP or HTTPS proxy may need to be specified. Supply the following options to jarsigner:

00:31:18.061    -J-Dhttp.proxyHost=<hostname>

00:31:18.061    -J-Dhttp.proxyPort=<portnumber>

00:31:18.061  or

00:31:18.061    -J-Dhttps.proxyHost=<hostname> 

00:31:18.061    -J-Dhttps.proxyPort=<portnumber> 

#66

a little update, I’m currently using build 2018.3316, tried JDK 6, 8, 10. uninstalling, reinstalling, removing Corona & JDK from registry each time. nothing works. What else can I try?

#67

Is there more information in the console log?

Rob

#68

After reading this forum I am concerned about the update to JDK 1.8 I just did because I am trying to get a SHA256 Signature for Amazon messaging. After updating to JDK 1.8 my certs still only show MD5 & SHA1. So I am not sure what to do next and/or how it might impact all my apps so any advice would be appreciated. Can I keep using my old keystore but use a new one just for Amazon apps that I want to use messaging?

#69

As long as your old one works for Google keep using it. You can use the new one as needed.  You can also update the old one to a new one using the commands in the other threads!

Rob

#70

I have the same or similar issue. I have tried all versions of JDK and Corona. 

My issue might be slightly different in that I am unable to use a keystore with my Google upload key added into it. I have been building and updating for Google Play for years, and today hit a wall, cannot update an app.

Since I last updated the app (about 5 days ago), I tried to ‘update’ the keystore (from a warning message in the console) – after copying first, of course – to pkcs12 format, but I am not sure that is relevant. I have tried backing everything out, but cannot get a build Google Play will accept – either it says debug key or it says keys do not match.

Currently JDK 1.8.0_181,  Corona 2018.3326

Lazy on my part, but I had always built Android using Debug keystore and keys. It seems that no longer works. But I have Google manage and re-sign my apps for the deployment, so loss of key is not supposed to be a problem. Or so I thought.

My problem now is getting a build signed with the ‘upload’ key that Google gives me to submit an app.

My steps:

  1. make a copy of debug.keystore (ideategames.keystore)

  2. add the Google ‘upload’ key (upload_cert.der) to the keystore with keytool (keytool -import -trustcacerts -alias upload -file upload_cert.der -keystore ideategames.keystore)

  3. Try to build the app with the upload alias

First problem: no matter what password I put on the new alias, it never works when I try to open it in Corona. So, I put no password, and then I just ‘cancel’ the request for password prompt, and it does not jump out.

Second problem: when the build happens, I get a 256 build error, which is ‘Failed to sign the APK.’

I am wondering if it is a SHA1 vs SHA256 problem? But this is territory I am not that familiar with.

Any help? How do I get a build signed with the Google-supplied key?

BTW, the Corona help page on signing for Google Release Build (https://docs.coronalabs.com/guide/distribution/androidBuild/index.html) is…well… kinda half-done, at best. " Supply the requested information and tap enter to sign your Android app." – this is certainly false, as all this will do is create a keystore with one key in it, not sign the app. And when I do that, I cannot use that keystore to sign the app anyway.

Any help?

#71

I downloaded the ‘upload’ key (which, as I read the documentation, is the key I used to upload on the previous build, that is what the upload key is supposed to be on the Google App signing page) not the ‘App Signing Key’, which is the key Google uses to re-sign the app. When Google manages the app signing, as on my app, it can create a new upload key any time I ask, and I need to be able to sign the app with that upload key.

The ‘original’ key I uses was the debug key, the default key that comes with Corona. It used to be that Google allowed you to use the debug key, as long as you uploaded the first version with that key. Something changed that, probably something I did, it no longer works.

I don’t think the key is the problem, I think the problej is Corona acceptance of a key loaded into a keystore, at least the way I am doing it (per other directions on how to load the ‘upload_cert.der’ key into a keystore). But perhaps it is because the Google keys have SHA1, SHA256, and MD5 all in the same der file, and Corona does not know how to parse such an entry?

Whatever the case with the past keys, Google allows me to upload an update that is signed with the upload key. So, somehow, I need to sign the apk with the upload key. I cannot figure out how to do that in a way Corona accepts.

The mismatched keys is not from using the upload key, it is from using my older key. The core problem I am having is that I cannot figure out how to sign with a key that I load into a keystore – I always get a 256 error, no matter how I try to configure it.

#72

I was able to fix this keystore problem by creating a new upload key, and sending it to Google. My app final signing is managed by Google, so this is possible (for lost key, new computer, whatever).

  1. I sent a note to Google (there is a form for upload key problems) saying I wanted to create a new upload key.
  2. They answered (4 days) requesting my new .pem file
  3. I created a new keystore and key according to their directions, with two simple steps (below)
  4. Sent the extracted .pem file to Google (available on the app upload page 3 days later)
  5. Rebuilt the app with the new keystore and alias (find it in the build dialog and enter the keystore password); upload will be automatically selected as the alias because it is the only one

Steps to create a new keystore and upload alias:

keytool -genkeypair -alias upload -keyalg RSA -keysize 2048 -validity 9125 -keystore xxx.keystore

keytool -export -rfc -alias upload -file upload_certificate.pem -keystore xxx.keystore

The only gotcha I noticed is that I had to set the keystore password and the key alias password the same. If I made them different, then Corona seemed to have a problem, but perhaps I didn’t try enough variations. Anyway, this worked, and took less than a minute.

I think the difference between this success and my problems before is that for these I started fresh with a new keystore with only one alias in it, instead of trying to load a key into an existing keystore and using that new key in Corona. That is my best guess.

#73

Hello, any update on this issue? I face the same problem, my build is 2017.3184, my problem started when I tried signing my own keystore for release, password wont verify. Tried the debug.keystore, and it wont verify either (keep asking for password, when “android” is supplied, it says wrong password or JDK not found)

Any update would be appreciated. thanks :slight_smile:

#74

the console produces these every time I try building (firewall is already off on my machine):

00:31:18.061  jarsigner: unable to sign jar: no response from the Timestamping Authority. When connecting from behind a firewall an HTTP or HTTPS proxy may need to be specified. Supply the following options to jarsigner:

00:31:18.061    -J-Dhttp.proxyHost=<hostname>

00:31:18.061    -J-Dhttp.proxyPort=<portnumber>

00:31:18.061  or

00:31:18.061    -J-Dhttps.proxyHost=<hostname> 

00:31:18.061    -J-Dhttps.proxyPort=<portnumber> 

#75

a little update, I’m currently using build 2018.3316, tried JDK 6, 8, 10. uninstalling, reinstalling, removing Corona & JDK from registry each time. nothing works. What else can I try?

#76

Is there more information in the console log?

Rob

#77

I have the same or similar issue. I have tried all versions of JDK and Corona. 

My issue might be slightly different in that I am unable to use a keystore with my Google upload key added into it. I have been building and updating for Google Play for years, and today hit a wall, cannot update an app.

Since I last updated the app (about 5 days ago), I tried to ‘update’ the keystore (from a warning message in the console) – after copying first, of course – to pkcs12 format, but I am not sure that is relevant. I have tried backing everything out, but cannot get a build Google Play will accept – either it says debug key or it says keys do not match.

Currently JDK 1.8.0_181,  Corona 2018.3326

Lazy on my part, but I had always built Android using Debug keystore and keys. It seems that no longer works. But I have Google manage and re-sign my apps for the deployment, so loss of key is not supposed to be a problem. Or so I thought.

My problem now is getting a build signed with the ‘upload’ key that Google gives me to submit an app.

My steps:

  1. make a copy of debug.keystore (ideategames.keystore)

  2. add the Google ‘upload’ key (upload_cert.der) to the keystore with keytool (keytool -import -trustcacerts -alias upload -file upload_cert.der -keystore ideategames.keystore)

  3. Try to build the app with the upload alias

First problem: no matter what password I put on the new alias, it never works when I try to open it in Corona. So, I put no password, and then I just ‘cancel’ the request for password prompt, and it does not jump out.

Second problem: when the build happens, I get a 256 build error, which is ‘Failed to sign the APK.’

I am wondering if it is a SHA1 vs SHA256 problem? But this is territory I am not that familiar with.

Any help? How do I get a build signed with the Google-supplied key?

BTW, the Corona help page on signing for Google Release Build (https://docs.coronalabs.com/guide/distribution/androidBuild/index.html) is…well… kinda half-done, at best. " Supply the requested information and tap enter to sign your Android app." – this is certainly false, as all this will do is create a keystore with one key in it, not sign the app. And when I do that, I cannot use that keystore to sign the app anyway.

Any help?

#78

I downloaded the ‘upload’ key (which, as I read the documentation, is the key I used to upload on the previous build, that is what the upload key is supposed to be on the Google App signing page) not the ‘App Signing Key’, which is the key Google uses to re-sign the app. When Google manages the app signing, as on my app, it can create a new upload key any time I ask, and I need to be able to sign the app with that upload key.

The ‘original’ key I uses was the debug key, the default key that comes with Corona. It used to be that Google allowed you to use the debug key, as long as you uploaded the first version with that key. Something changed that, probably something I did, it no longer works.

I don’t think the key is the problem, I think the problej is Corona acceptance of a key loaded into a keystore, at least the way I am doing it (per other directions on how to load the ‘upload_cert.der’ key into a keystore). But perhaps it is because the Google keys have SHA1, SHA256, and MD5 all in the same der file, and Corona does not know how to parse such an entry?

Whatever the case with the past keys, Google allows me to upload an update that is signed with the upload key. So, somehow, I need to sign the apk with the upload key. I cannot figure out how to do that in a way Corona accepts.

The mismatched keys is not from using the upload key, it is from using my older key. The core problem I am having is that I cannot figure out how to sign with a key that I load into a keystore – I always get a 256 error, no matter how I try to configure it.

#79

I was able to fix this keystore problem by creating a new upload key, and sending it to Google. My app final signing is managed by Google, so this is possible (for lost key, new computer, whatever).

  1. I sent a note to Google (there is a form for upload key problems) saying I wanted to create a new upload key.
  2. They answered (4 days) requesting my new .pem file
  3. I created a new keystore and key according to their directions, with two simple steps (below)
  4. Sent the extracted .pem file to Google (available on the app upload page 3 days later)
  5. Rebuilt the app with the new keystore and alias (find it in the build dialog and enter the keystore password); upload will be automatically selected as the alias because it is the only one

Steps to create a new keystore and upload alias:

keytool -genkeypair -alias upload -keyalg RSA -keysize 2048 -validity 9125 -keystore xxx.keystore

keytool -export -rfc -alias upload -file upload_certificate.pem -keystore xxx.keystore

The only gotcha I noticed is that I had to set the keystore password and the key alias password the same. If I made them different, then Corona seemed to have a problem, but perhaps I didn’t try enough variations. Anyway, this worked, and took less than a minute.

I think the difference between this success and my problems before is that for these I started fresh with a new keystore with only one alias in it, instead of trying to load a key into an existing keystore and using that new key in Corona. That is my best guess.