I am getting this error everytime I tried to generate my signed apk through Android Studio:
No key with alias 'Operator_keystore' found in keystore PATH/OrderOperator_keystore
Previously I successfully submitted builts with the same keystore. The problem arises when I move my whole project folder to another folder, also I invalidated the cache of android studio.
I am signing apk like this
Any help would be appreciated.
Open a terminal and run the following command:
keytool -list -v -keystore </path/to/your/keystore.jks>
After you enter the keystore password, it will display the list of certificates stored in that keystore, including the alias names, e.g.
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: androiddebugkey
Creation date: Nov 19, 2018
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
...
Look at the alias name displayed, and compare that with the value you put in the Key alias field in that Studio window.
Make sure you key store path is correct with the location of the new folder and also make sure you're entering the correct password for both key store and alias. If that doesn't work try changing
keystore PATH/OrderOperator_keystore
To
keystore PATH/
There shouldn't be any space between keystone Path also
you can use Gradle into signingReport and generate a hash key or sha1 key and also refresh the app level build.gradle file after submitting the form for keystore
Related
Background:
I let Google Play Store manage my key singing. Therefore, when creating a signed bundle in Andriod Studio I have to use the key I gave over to Google. Otherwise, when uploading the .aab Google notifies me, that the "App Bundle is signed with the wrong key". So I had to:
keytool -list -v -keystore keystorefile.jks
through all the keystore files to find the key I inititially gave over to Google.
Now following issue aroused:
When generating the signed bundle in Andriod Studio with the key that had the right signature. Andriod Studio was giving me following error message
trusted certificate entries are not password-protected
I learned here that the issue may be that the entry of the key I am using is not PrivateKeyEntry but trustedCertEntry. So I checked the entry of the key by using again the above keytool command. And yes, my key entry is trustedCertEntry.
OK, in the meantime I understood: you cannot turn a trustedCertEntry into a PrivateKeyEntry. You have to find the key with the PrivateKeyEntry - the private key.
Therefore I kept searching all my keystore with the keytool command above to finally find the one private key that has the right signature.
No further questions from my side. Back up your keys!
I changed the keystore password on Mac through the command line like so:
1) Open Terminal and cd to where your .jks is located
2) keytool -storepasswd -new NEWPASSWORD -keystore YOURKEYSTORE.jks
3) enter your current password
When I now try to generate a signed APK I get the following error:
Error:Execution failed for task ':app:packageRelease'.
com.android.ide.common.signing.KeytoolException: Failed to read key user_key from store "/Users/user/Documents/App Information/user_key.jks": Cannot recover key
When I enter the current password in the command line it works so it is not as if I am entering the wrong password. I have invalidated the cache too. I can change this password correctly through the command line again with no errors.
I have also checked the directory path of the key, this is correct also.
What am I doing wrong?
Edit
If I reset the password to what it was originally it works?
I believe that your "Key password" is wrong
Generate Signed APK
I am supplied with a jks keystore named ABCC_client.store. When I import this keystore to cacerts and try connecting it says No such Algorithm error. PFA the stacktrace
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
at java.security.Provider$Service.newInstance(Provider.java:1245)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:220)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:147)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125)
at javax.net.ssl.SSLContext.getDefault(SSLContext.java:68)
at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:102)
at org.apache.axis.components.net.JSSESocketFactory.initFactory(JSSESocketFactory.java:61)
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:79)
... 32 more
Caused by: java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(KeyProtector.java:311)
at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:121)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:38)
at java.security.KeyStore.getKey(KeyStore.java:763)
at com.sun.net.ssl.internal.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:113)
at com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:48)
at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:239)
at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.getDefaultKeyManager(DefaultSSLContextImpl.java:170)
at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.<init>(DefaultSSLContextImpl.java:40)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at java.security.Provider$Service.newInstance(Provider.java:1221)
... 39 more
But if I use this keystore independently i.e without adding it to cacerts it works.
Some googling led to me to http://joewlarson.com/blog/2009/03/25/java-ssl-use-the-same-password-for-keystore-and-key/ which says that password might me different for the key and the keystore.
If using Tomcat 6 and earlier, make sure the keystore password and the key password are same. If using Tomcat 7 and later, make sure they are the same or that the key password is specified in the server.xml file.
The private key password defined in your app/config is incorrect. First try verifying the the private key password by changing to another one as follows:
keytool -keypasswd -new changeit -keystore cacerts -storepass changeit -alias someapp -keypass password
The above example changes the password from password to changeit. This command will succeed if the private key password was password.
In order to not have the Cannot recover key exception, I had to apply the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files to the installation of Java that was running my application. Version 8 of those files can be found here or the latest version should be listed on this page. The download includes a file that explains how to apply the policy files.
Since JDK 8u151 it isn't necessary to add policy files. Instead the JCE jurisdiction policy files are controlled by a Security property called crypto.policy. Setting that to unlimited with allow unlimited cryptography to be used by the JDK. As the release notes linked to above state, it can be set by Security.setProperty() or via the java.security file. The java.security file could also be appended to by adding -Djava.security.properties=my_security.properties to the command to start the program as detailed here.
Since JDK 8u161 unlimited cryptography is enabled by default.
I had the same error when we imported a key into a keystore that was build using a 64bit OpenSSL Version. When we followed the same procedure to import the key into a keystore that was build using a 32 bit OpenSSL version everything went fine.
Check if password you are using is correct one by running below command
keytool -keypasswd -new temp123 -keystore awsdemo-keystore.jks -storepass temp123 -alias movie-service -keypass changeit
If you are getting below error then your password is wrong
keytool error: java.security.UnrecoverableKeyException: Cannot recover key
Sometimes this seems to be happening for no reason. I too faced the same and tried all methods like Keytool explorer etc.
Ultimately ended requesting Google to reset the key since I had Google play signing enabled. This is a good recommendation to follow.
https://support.google.com/googleplay/android-developer/answer/9842756?hl=en
I have a problem with signing my jar files with jarsigner. I used this tutorial to sign my jar files, but with the last step(signing the jar), I got this error:
jarsigner error: java.lang.RuntimeException: keystore load: Invalid keystore format
and I didn't use step #10, I used instead step #5 from this site since, I'm using a real certificate not a fake one ...
Note:
I'm having my certificate in .spc & .pvk format...
But, since I'm using jarsigner, I have to convert them to .p12 format. So, I convert them first to .pfx using pvkimprt.exe then to .p12. I used the method that I specified in the link that I mentioned it before.
Also, I tried to create a fake certificate to make sure that the problem is not from the pvkimprt.exe tool or from the certificate. It gave me the same error.
The certificate is just fine. So, where is the problem came from?
The error you are facing indicates that jarsigner does not understand the format of the keystore containing the key.
If you converted your key & certificate into a PKCS#12 file you have to specify the type of used keystore to jarsigner with the -storetype PKCS12 command line option and the P12 password with -storepass mystorepassword
(actually most of the time .pfx and .p12 are used for the same file format therefore I am not sure that the firefox import/export step in the tutorial is mandated)
Not really an answer, just a comment - I found that the upper case was crucial - "pkcs12" didn't work but "PKCS12" did, using Jcs's answer.
This is what I did and that worked:
<ant:signjar alias="le-f0b73c88-1f82-4497-8c3f-e10d399b4c9c" storetype="pkcs12"
storepass="fount-current"
keystore="/vobs/oam_base/loadbuild_tools/common/src/conf/kunal.pfx">
Store pass should be the lower case, this is the working order or arguments, some time wrong order with throw the runtime padding exception.
[signjar] jarsigner error: java.lang.RuntimeException: keystore load:
I have imported a certificate into a private ~/.keystore file:
keytool -list
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
mylyn-mantis, Jul 15, 2010, trustedCertEntry
and am trying to sign a jar with it, but I get a 'certificate chain not found' error.
jarsigner -verbose /home/robert/file.jar mylyn-mantis
jarsigner: Certificate chain not found for: mylyn-mantis. mylyn-mantis must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.
How can I solve this problem?
It seems that your keystore contains only a certificate (public key) you need a complete key entry, with a private key, and the whole certificate chain to be able to sign anything
Short Answer
Use your alias key instead of key store like this:
jarsigner -verbose -keystore [Your signature storage path] -signedjar [signed filename] [unsigned filename] [Your alias key]
More Details
Here are the easiest way to solve this error:
Go to bin folder .. it may be in this path:
C:\Users[Your computer name]\jdk\bin
or this path:
C:\Program Files\Java\jre1.8.0_77\bin
To prevent issues caused by the configuration of environment variables, please copy both the empty package to be signed, and your key store [the private key for signature] to the bin directory under JDK.
Get your alias key by run this command:
keytool -keystore [your key store] -list -v
Finally run this command:
jarsigner -verbose -keystore [Your signature storage path] -signedjar [signed filename] [unsigned filename] [Your alias key]
I faced same issue. I am having .p12 file issued by CA and I was trying to sign jar file. However I was getting error:
jarsigner: Certificate chain not found for:
Basically I was copying alias name from console. It was having wrong character 'question mark' (?) causing this error. Instead I redirected output of keytool to text file and then I copied alias name from there.
Issue this command:
keytool -list -v -storetype pkcs12 -keystore "mycertificate.p12" > cert.txt
(This is very important. Always redirect to txt file. Do not copy from console output. It can contain wrong characters)
Find out alias name in certificate. Open cert.txt and copy string as it is mentioned in front of "Alias name:"
Let's say this string is "my alias name, a.p.’s my ca limited id"
Use jarsigner:
jarsigner -storetype pkcs12 -keystore "mycertificate.p12" myjarfile.jar "my alias name, a.p.’s my ca limited id"
I had this error, but it was a different issue. When you send off a CSR to a CA it comes from a particular private key with a particular alias that you generated. When you receive the cert back again you must import it using the same alias name or else the two certs will not be wired together.
If you have done it right, when you use keytool -list -v you wil see a single entry with the alias name, of type
Entry type: PrivateKeyEntry
Certificate chain length: 3
For the entry.
If you have done it wrong the you will have two entries
Entry type: PrivateKeyEntry
Certificate chain length: 1
and
Entry type: trustedCertEntry
I encountered this error because I was using a Jenkins "certificate" credential. The Jenkins credential configuration dialog has a text box called Description, whose help says it is a free comment describing the credential. In fact, the Jenkins pipeline block withCredentials uses the Description text box to populate the environment variable named in the aliasVariable property.
withCredentials([certificate(
credentialsId: my_credentials,
keystoreVariable: 'MY_KEYSTORE',
aliasVariable: 'MY_ALIAS', // Set value in Description textbox
passwordVariable: 'MY_PASSWORD')]) {
bat 'mvn clean deploy -Dmy.keystore=%MY_KEYSTORE% -Dmy.alias=%MY_ALIAS% -Dmy.password=\"%MY_PASSWORD%\"'
}
This is not mentioned in the Jenkins documentation.
mylyn-mantis should be the actual alias name you used when you generate the signing key.