android – How to sign your app using the upload key-ThrowExceptions

Exception or error:

I’m trying to publish my app to Google playstore, and I can not figure out how to sign the app use the upload key, as stated in https://developer.android.com/studio/publish/app-signing.html

I use Android Studio, and I signed the apk use Build -> generate signed APK, and created my own key at my own key store path/file. Now, to do the release, I need to use the google upload key, which confused me. So,

  1. where can I find my upload key in Google Play Console? Under App signing of this app, I can see Upload certificate of MD5, SHA-1, SHA-256 and even download a upload.pem file. What do I do with it?

  2. then exactly how do I use the Build -> generate signed APK in Android Studio to sign it with this so-called upload key?

My app uses google sign in to authenticate users. Right now it works if I just install my own apk. But if I download it from google store, it can not do the google authentication, for which I assume I screwed up the publication procedure.

FYI, I’m using the “Use Google Play App Signing” process.

Please help.

How to solve:

I think I’ve figured this out…

When you elect to use the Google App Signing process, Google Play CHANGES your uploaded app’s signature to the SHA-1 certificate fingerprint of the App signing certificate (as against the Upload certificate). See Figure 1 at this Studio document for the process flow.

[Btw, you can find both app’s certificates at Google Play Console -> Release Management -> App Signing]

This means that, for Oauth to work, you must create a new OAuth 2.0 credential (at console.developers.google.com) that uses the App signing certificate’s fingerprint (as against the Upload certificate’s fingerprint) with the same package name.

Your package will now have 2 Oauth credentials, one for production releases, the other for your development/testing. Both will have the same package name; the production credential will use the App signing fingerprint, while the dev/testing credential will use the Upload (or local keystore) fingerprint.

Obviously, you will not know the App signing fingerprint until your app is first deployed to Google play (GP assigns it). So, the production credential will need to be created after uploading to Google Play for the first time, but prior to clicking “Rollout to Production”.

###

With the new system, the upload key is a simple and normal keystore which you can create with android studio.
So, juste sign your apk, et send it to playstore.

Google will remove this key, and use the application key declared (and generated in google play)

###

Which process you want to follow, there are two ways available:-

  1. Manage the key and keystore by self or
  2. Using google app signing.(Which later on provide the support for retrieve key even when you loses it).

Let’s talk about the First one which is used most the time and easy.
Steps:-

  1. Create Keystore file and save password, alias and alias password on some safe place.
  2. Keep that keystore file on the same place where you kept the file with above credentials.
  3. Now go to build->Generate Signed APK-> Select keystore file you have just created, provide all the required credentials like:- password, alias, alias password.
  4. Android studio generate the Signed APK for you and you can upload the same on playstore.
  5. When next time you again generate a APK you need to follow only step 3 and step 4, as you keystore file is going to use same as you have used earlier, because you are pushing an app update. And when you want to update a app the APK should sign with the same keystore or you can say same SHA certificate.

If you want to do whole process by cammand then you can add the buildType in app.gradle file, which is more better and appropriate way.

To add buildType configuration please see the gradle code:-

android{
buildTypes {
        debug {
            debuggable true
            minifyEnabled false
            proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
        }

        release {
            minifyEnabled false
            proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
            storeFile file("path for release.keystore")
            storePassword keystore_password
            keyAlias keystore_alias
            keyPassword keystore_alias_password
        }
    }
} 

In above configuration you need to provide file path of release keystore file in storeFile tag, and also need to provide the credentials in storePassword, keyAlias and keyPassword as mentioned.

After adding above configuration now you can generate signed apk by simple gradlew command:- ./gradlew clean assembleRelease

If you want to go with second method Signing with google app key details are available here if you getting any problem at any step please mention that step so I can solve the problem.

For generating the Upload key first you need to do this:-

keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000

then sign the apk using :

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keys

You can also use github lib to automate whole process from here.

Or you can refer here for more details.

###

Steps to generate signed apk which can be uploaded on playstore

1) First go to build variant and select Release ,by default the debug is selected.

2) Then go to generate Build menu and select Generate signed apk
.here you will find option to select the existing keystore or create a new keystore

3) Fill up the required details such as path to keystore file .Keystore password , key alias and password

4) and then you will get build-release apk of the android app that you want to publish on playstore

Now go to google developer console and in Manage release menu select option to create release and upload the apk

###

If google is signing your app for your, you’ll have to use the SHA from the google play store. In your Google Play Console, Go into Release Management and App Signing.

From the section App signing certificate, grab the SHA-1 certificate fingerprint value (do not grab the SHA1: part):

11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:AA:BB:CC:DD:EE

and use it in this command

echo "11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:AA:BB:CC:DD:EE" | xxd -r -p | openssl base64

it should give you your hash

Leave a Reply

Your email address will not be published. Required fields are marked *