Using Google Play App Signing

Is it possible to use the new Google Play App Signing with Corona?

I have accidentally accepted enrollment for my app in the new method. Now I can’t roll back to using the old keystore method.

I’m referring to the new process of sigining with an upload certificate and the play store signing the binary after the upload as described here: https://support.google.com/googleplay/android-developer/answer/7384423

I believe you just need two keystores. One you upload with and one Google will use to re-sign the app.  Search the forums for this. There was another user who got it working.

Rob

@Rob: I’ve been looking in the forum threads but I cannot find anything on how to make the Googla play app signing work with Corona. Do you perhaps remember the username of the user you are referrring to who got it working? 

@amirfl7: how did you get this to work?

My understanding is you need two keystores, one you sign with using Corona and one you upload to Google and they will resign the app.  Also unless they are now requiring this, there isn’t a reason to agree to their new signing system for now. Just upload your apps like you normally do. At some point I expect Google will make this a requirement. Also once you agree to it, you have to use it, but I think it’s on an app-by-app basis.

Rob

Yes, there are two keys involved, one is the “Upload key” which is used to sign the apk file before uploading it to Google. The other key is the “App signing key”, which is used by Google to re-sign the apk file once it is uploaded.

For the “Upload key”, I have the fingerprints (MD5, SHA-1 and SHA-256) and I can download the certificate (a file named “upload_cert.der”), but I don’t know how to use either of them to sign the apk when I build with Corona. I have tried to set the downloaded file as the keystore but Corona just says that it is not a valid keystore.

I know this is an opt-in thing but I clicked the button believing this was a good thing, partly because Google keeps my keys so that I don’t have to worry about losing them. I really regret that choice now… The thing is that this app has a fair number of downloads and unless I solve this, that app is dead. I know I made a stupid mistake by opting in, but I have to solve this nevertheless.

So I guess the real question I’m asking is how to use the fingerprints or the certificate file when building with Corona. How do I “convert” them so that Corona accepts either of them as a valid keystore when building?

Avoid like the plague unless you do not integrate with any social networks that require SHA1 fingerprints like Facebook… more trouble than its worth.

Just backup your keys to a USB drive and hide that in a cupboard/at your mums house.

I believe you just need two keystores. One you upload with and one Google will use to re-sign the app.  Search the forums for this. There was another user who got it working.

Rob

@Rob: I’ve been looking in the forum threads but I cannot find anything on how to make the Googla play app signing work with Corona. Do you perhaps remember the username of the user you are referrring to who got it working? 

@amirfl7: how did you get this to work?

My understanding is you need two keystores, one you sign with using Corona and one you upload to Google and they will resign the app.  Also unless they are now requiring this, there isn’t a reason to agree to their new signing system for now. Just upload your apps like you normally do. At some point I expect Google will make this a requirement. Also once you agree to it, you have to use it, but I think it’s on an app-by-app basis.

Rob

Yes, there are two keys involved, one is the “Upload key” which is used to sign the apk file before uploading it to Google. The other key is the “App signing key”, which is used by Google to re-sign the apk file once it is uploaded.

For the “Upload key”, I have the fingerprints (MD5, SHA-1 and SHA-256) and I can download the certificate (a file named “upload_cert.der”), but I don’t know how to use either of them to sign the apk when I build with Corona. I have tried to set the downloaded file as the keystore but Corona just says that it is not a valid keystore.

I know this is an opt-in thing but I clicked the button believing this was a good thing, partly because Google keeps my keys so that I don’t have to worry about losing them. I really regret that choice now… The thing is that this app has a fair number of downloads and unless I solve this, that app is dead. I know I made a stupid mistake by opting in, but I have to solve this nevertheless.

So I guess the real question I’m asking is how to use the fingerprints or the certificate file when building with Corona. How do I “convert” them so that Corona accepts either of them as a valid keystore when building?

Avoid like the plague unless you do not integrate with any social networks that require SHA1 fingerprints like Facebook… more trouble than its worth.

Just backup your keys to a USB drive and hide that in a cupboard/at your mums house.