Background:
I let Google Play Store manage my key singing. Therefore, when creating a signed bundle in Andriod Studio I have to use the key I gave over to Google. Otherwise, when uploading the .aab Google notifies me, that the "App Bundle is signed with the wrong key". So I had to:
keytool -list -v -keystore keystorefile.jks
through all the keystore files to find the key I inititially gave over to Google.
Now following issue aroused:
When generating the signed bundle in Andriod Studio with the key that had the right signature. Andriod Studio was giving me following error message
trusted certificate entries are not password-protected
I learned here that the issue may be that the entry of the key I am using is not PrivateKeyEntry but trustedCertEntry. So I checked the entry of the key by using again the above keytool command. And yes, my key entry is trustedCertEntry.
OK, in the meantime I understood: you cannot turn a trustedCertEntry into a PrivateKeyEntry. You have to find the key with the PrivateKeyEntry - the private key.
Therefore I kept searching all my keystore with the keytool command above to finally find the one private key that has the right signature.
No further questions from my side. Back up your keys!
Related
I am getting this error everytime I tried to generate my signed apk through Android Studio:
No key with alias 'Operator_keystore' found in keystore PATH/OrderOperator_keystore
Previously I successfully submitted builts with the same keystore. The problem arises when I move my whole project folder to another folder, also I invalidated the cache of android studio.
I am signing apk like this
Any help would be appreciated.
Open a terminal and run the following command:
keytool -list -v -keystore </path/to/your/keystore.jks>
After you enter the keystore password, it will display the list of certificates stored in that keystore, including the alias names, e.g.
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: androiddebugkey
Creation date: Nov 19, 2018
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
...
Look at the alias name displayed, and compare that with the value you put in the Key alias field in that Studio window.
Make sure you key store path is correct with the location of the new folder and also make sure you're entering the correct password for both key store and alias. If that doesn't work try changing
keystore PATH/OrderOperator_keystore
To
keystore PATH/
There shouldn't be any space between keystone Path also
you can use Gradle into signingReport and generate a hash key or sha1 key and also refresh the app level build.gradle file after submitting the form for keystore
I manage a site www.abc.com which already has a SSL certificate which is expiring in 2 weeks. So I created a .CSR from the existing .JKS file and sent it to the CA. I got back a .PEM and imported the pem file to the existing jks and deleted the old certificate in jks.
When I installed the new jks in web logic server 10.3.6 it threw exception saying the keystore does not have the private key. What would have caused this? Deleting the old certificate using its alias would have deleted the private key as well? Is there a way to check the validity of jks before installing it?
Regards,
Arun
Deleting the old certificate caused the private key to be deleted, recreated the JKS and worked just fine.
I uploaded my fully working app on Google Play and when download it from there, facebook login doesn't work!! I properly configure my facebook app and works with eclipse environment. After searching, it can be done due to facebook key hashes. However, I obtained it like:
How to generate Key Hash for facebook SDK In Mac
Seems that a key hash for distribution must be also obtained... but how? Thank you.
Alternative 1:
Use this with the app signed with your release key. Not the one that is deployed from Eclipse.
Run this piece of code in the first Activity of your app:
try {
PackageInfo info = getPackageManager().getPackageInfo(
"YOUR_PACKAGE_NAME", PackageManager.GET_SIGNATURES);
for (Signature signature: info.signatures) {
MessageDigest md = MessageDigest.getInstance("SHA");
md.update(signature.toByteArray());
Log.e("FACEBOOK APP SIGNATURE", Base64.encodeToString(md.digest(), Base64.DEFAULT));
}
} catch (Exception e) {
// TODO: handle exception
e.printStackTrace();
}
This line: Log.e("FACEBOOK APP SIGNATURE", Base64.encodeToString(md.digest(), Base64.DEFAULT)); will log the Key Hash in DDMS.
Alternative 2:
Download OpenSSl for Windows and extract the .zip to a simple location like: c:\openssl with all the contents of the zip extracted in this folder's root.
Copy your signing key file to your JRE installation's bin folder. For example, in my case: C:\Program Files\Java\jre7\bin
While in the bin folder where you copied the signing key, Press SHIFT+ Right Click -> Open command window here.
Run this command: keytool -exportcert -alias YOUR_ALIAS -keystore YOUR_SIGNING_KEY > c:\openssl\bin\debug.txt
Enter your password for the signing key
Now, navigate to the c:\openssl\bin folder and type in the following commands:
openssl sha1 -binary debug.txt > debug_sha.txt
And then,
openssl base64 -in debug_sha.txt > debug_base64.txt
Done! The debug_base64.txt contains your Key Hash. Copy this in your app console and you are all set.
In my experiece, both the methods have given me the correct Key Hash. However, in a few cases (rather random ones), the first alternative did not give the correct Key Hash while the second alternative has always worked. See which works for you.
While generating release Hash key, Note this
When generating the hash key for production you need to use openssl-0.9.8e_X64.zip on windows, you cannot use openssl-0.9.8k_X64.zip
The versions produce different hash keys, for some reason 9.8k does not work correctly... 9.8e does.
OR
Use this below flow
This is how I solved this problem
Download your APK to your PC in java jdk\bin folder
in my case C:\Program Files\Java\jdk1.7.0_121\bin
go to java jdk\bin folder and run cmd then
copy the following command in your cmd
keytool -list -printcert -jarfile yourapkname.apk
Copy the SHA1 value to your clip board
like this CD:A1:EA:A3:5C:5C:68:FB:FA:0A:6B:E5:5A:72:64:DD:26:8D:44:84
and open Hex To Base 64 to convert your SHA1 value to base64.
Try this solution, for me I was getting the same error, but working fine now after trying hours.
Login Error: There is an error in logging you into this application. Please try again later
Im having trouble to get the md5 hash (ascii) from my keystore, I just get a hex fingerprint but don't know how to get the right ascii md5 to put on facebook android app.
I just read a lot about using jdk 1.6 but I get the same result.
Regards
You should post more on what you have so far, but this is the instructions I always use to get my key hash:
You should verify that ~/.android/debug.keystore exists, and that keytool and openssl is installed on your machine.
Run the following command in a terminal:
keytool -exportcert -alias MY_ALIAS_HERE -keystore ~/path/to/my/android.keystore | openssl sha1 -binary | openssl base64
and when prompted for the pw, type android.
If it still doesn't work don't worry! Our documentation also provides another alternative by following this tutorial:
Enable debugging in our Android SDK by modifying Util.java:
private static boolean ENABLE_LOG = true;
Follow steps 6.1 to 6.3, which is mainly just making sure your app has permission to access the Internet, and SSO enabled.
Build and run the app on your phone or emulator. You should not see the permissions dialog because you did not input the application signature in your app's dashboard. Check the Android SDK debug logs via logcat (since you enabled logging in step 1), and look at your log entries for an entry with ''Android key mismatch''. This error will also provide you with the key that was sent to Facebook. Note the key's value and enter it into your Facebook app settings and make sure to save your settings.
Turn off debugging once SSO completes successfully by modifying Util.java:
private static boolean ENABLE_LOG = false;
Let me know if that helps!
I have a problem with signing my jar files with jarsigner. I used this tutorial to sign my jar files, but with the last step(signing the jar), I got this error:
jarsigner error: java.lang.RuntimeException: keystore load: Invalid keystore format
and I didn't use step #10, I used instead step #5 from this site since, I'm using a real certificate not a fake one ...
Note:
I'm having my certificate in .spc & .pvk format...
But, since I'm using jarsigner, I have to convert them to .p12 format. So, I convert them first to .pfx using pvkimprt.exe then to .p12. I used the method that I specified in the link that I mentioned it before.
Also, I tried to create a fake certificate to make sure that the problem is not from the pvkimprt.exe tool or from the certificate. It gave me the same error.
The certificate is just fine. So, where is the problem came from?
The error you are facing indicates that jarsigner does not understand the format of the keystore containing the key.
If you converted your key & certificate into a PKCS#12 file you have to specify the type of used keystore to jarsigner with the -storetype PKCS12 command line option and the P12 password with -storepass mystorepassword
(actually most of the time .pfx and .p12 are used for the same file format therefore I am not sure that the firefox import/export step in the tutorial is mandated)
Not really an answer, just a comment - I found that the upper case was crucial - "pkcs12" didn't work but "PKCS12" did, using Jcs's answer.
This is what I did and that worked:
<ant:signjar alias="le-f0b73c88-1f82-4497-8c3f-e10d399b4c9c" storetype="pkcs12"
storepass="fount-current"
keystore="/vobs/oam_base/loadbuild_tools/common/src/conf/kunal.pfx">
Store pass should be the lower case, this is the working order or arguments, some time wrong order with throw the runtime padding exception.
[signjar] jarsigner error: java.lang.RuntimeException: keystore load: