I changed the keystore password on Mac through the command line like so:
1) Open Terminal and cd to where your .jks is located
2) keytool -storepasswd -new NEWPASSWORD -keystore YOURKEYSTORE.jks
3) enter your current password
When I now try to generate a signed APK I get the following error:
Error:Execution failed for task ':app:packageRelease'.
com.android.ide.common.signing.KeytoolException: Failed to read key user_key from store "/Users/user/Documents/App Information/user_key.jks": Cannot recover key
When I enter the current password in the command line it works so it is not as if I am entering the wrong password. I have invalidated the cache too. I can change this password correctly through the command line again with no errors.
I have also checked the directory path of the key, this is correct also.
What am I doing wrong?
Edit
If I reset the password to what it was originally it works?
I believe that your "Key password" is wrong
Generate Signed APK
Related
I am getting this error everytime I tried to generate my signed apk through Android Studio:
No key with alias 'Operator_keystore' found in keystore PATH/OrderOperator_keystore
Previously I successfully submitted builts with the same keystore. The problem arises when I move my whole project folder to another folder, also I invalidated the cache of android studio.
I am signing apk like this
Any help would be appreciated.
Open a terminal and run the following command:
keytool -list -v -keystore </path/to/your/keystore.jks>
After you enter the keystore password, it will display the list of certificates stored in that keystore, including the alias names, e.g.
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: androiddebugkey
Creation date: Nov 19, 2018
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
...
Look at the alias name displayed, and compare that with the value you put in the Key alias field in that Studio window.
Make sure you key store path is correct with the location of the new folder and also make sure you're entering the correct password for both key store and alias. If that doesn't work try changing
keystore PATH/OrderOperator_keystore
To
keystore PATH/
There shouldn't be any space between keystone Path also
you can use Gradle into signingReport and generate a hash key or sha1 key and also refresh the app level build.gradle file after submitting the form for keystore
I uploaded my fully working app on Google Play and when download it from there, facebook login doesn't work!! I properly configure my facebook app and works with eclipse environment. After searching, it can be done due to facebook key hashes. However, I obtained it like:
How to generate Key Hash for facebook SDK In Mac
Seems that a key hash for distribution must be also obtained... but how? Thank you.
Alternative 1:
Use this with the app signed with your release key. Not the one that is deployed from Eclipse.
Run this piece of code in the first Activity of your app:
try {
PackageInfo info = getPackageManager().getPackageInfo(
"YOUR_PACKAGE_NAME", PackageManager.GET_SIGNATURES);
for (Signature signature: info.signatures) {
MessageDigest md = MessageDigest.getInstance("SHA");
md.update(signature.toByteArray());
Log.e("FACEBOOK APP SIGNATURE", Base64.encodeToString(md.digest(), Base64.DEFAULT));
}
} catch (Exception e) {
// TODO: handle exception
e.printStackTrace();
}
This line: Log.e("FACEBOOK APP SIGNATURE", Base64.encodeToString(md.digest(), Base64.DEFAULT)); will log the Key Hash in DDMS.
Alternative 2:
Download OpenSSl for Windows and extract the .zip to a simple location like: c:\openssl with all the contents of the zip extracted in this folder's root.
Copy your signing key file to your JRE installation's bin folder. For example, in my case: C:\Program Files\Java\jre7\bin
While in the bin folder where you copied the signing key, Press SHIFT+ Right Click -> Open command window here.
Run this command: keytool -exportcert -alias YOUR_ALIAS -keystore YOUR_SIGNING_KEY > c:\openssl\bin\debug.txt
Enter your password for the signing key
Now, navigate to the c:\openssl\bin folder and type in the following commands:
openssl sha1 -binary debug.txt > debug_sha.txt
And then,
openssl base64 -in debug_sha.txt > debug_base64.txt
Done! The debug_base64.txt contains your Key Hash. Copy this in your app console and you are all set.
In my experiece, both the methods have given me the correct Key Hash. However, in a few cases (rather random ones), the first alternative did not give the correct Key Hash while the second alternative has always worked. See which works for you.
While generating release Hash key, Note this
When generating the hash key for production you need to use openssl-0.9.8e_X64.zip on windows, you cannot use openssl-0.9.8k_X64.zip
The versions produce different hash keys, for some reason 9.8k does not work correctly... 9.8e does.
OR
Use this below flow
This is how I solved this problem
Download your APK to your PC in java jdk\bin folder
in my case C:\Program Files\Java\jdk1.7.0_121\bin
go to java jdk\bin folder and run cmd then
copy the following command in your cmd
keytool -list -printcert -jarfile yourapkname.apk
Copy the SHA1 value to your clip board
like this CD:A1:EA:A3:5C:5C:68:FB:FA:0A:6B:E5:5A:72:64:DD:26:8D:44:84
and open Hex To Base 64 to convert your SHA1 value to base64.
Try this solution, for me I was getting the same error, but working fine now after trying hours.
Login Error: There is an error in logging you into this application. Please try again later
I'm trying to import a trusted certificated into the Java cacerts keystore, but I have a problem. I tried to list existing trusted certificates and it seems that the keystore isn't password protected.
$ keytool -list -keystore cacerts
Enter keystore password:
***************** WARNING WARNING WARNING *****************
* The integrity of the information stored in your keystore *
* has NOT been verified! In order to verify its integrity, *
* you must provide your keystore password. *
***************** WARNING WARNING WARNING *****************
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 76 entries
I tried to import a trusted certificate:
$ keytool -importcert -alias "JiraCert" -file /root/c9ssl.crt -keystore /etc/java-6-sun/security/cacerts
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Too many failures - try later
I also tried to change the password from "none" to something:
$ keytool -storepasswd -keystore cacerts.back
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Too many failures - try later
which means that cacerts keystore isn't password protected
That's a false assumption. If you read more carefully, you'll find that the listing was provided without verifying the integrity of the keystore because you didn't provide the password. The listing doesn't require a password, but your keystore definitely has a password, as indicated by:
In order to verify its integrity, you must provide your keystore password.
Java's default cacerts password is "changeit", unless you're on a Mac, where it's "changeme" up to a certain point. Apparently as of Mountain Lion (based on comments and another answer here), the password for Mac is now also "changeit", probably because Oracle is now handling distribution for the Mac JVM as well.
The password of keystore by default is: "changeit". I functioned to my commands you entered here, for the import of the certificate. I hope you have already solved your problem.
In case if dealing with Google sign-in for android, the password for the debug keystore is android, as specified in here: https://developers.google.com/android/guides/client-auth
Mac Mountain Lion has the same password now it uses Oracle.
Getting into a non-password protected Java keystore and changing the password can be done with a help of Java programming language itself.
That article contains the code for that:
thetechawesomeness.ideasmatter.info
I have a problem with signing my jar files with jarsigner. I used this tutorial to sign my jar files, but with the last step(signing the jar), I got this error:
jarsigner error: java.lang.RuntimeException: keystore load: Invalid keystore format
and I didn't use step #10, I used instead step #5 from this site since, I'm using a real certificate not a fake one ...
Note:
I'm having my certificate in .spc & .pvk format...
But, since I'm using jarsigner, I have to convert them to .p12 format. So, I convert them first to .pfx using pvkimprt.exe then to .p12. I used the method that I specified in the link that I mentioned it before.
Also, I tried to create a fake certificate to make sure that the problem is not from the pvkimprt.exe tool or from the certificate. It gave me the same error.
The certificate is just fine. So, where is the problem came from?
The error you are facing indicates that jarsigner does not understand the format of the keystore containing the key.
If you converted your key & certificate into a PKCS#12 file you have to specify the type of used keystore to jarsigner with the -storetype PKCS12 command line option and the P12 password with -storepass mystorepassword
(actually most of the time .pfx and .p12 are used for the same file format therefore I am not sure that the firefox import/export step in the tutorial is mandated)
Not really an answer, just a comment - I found that the upper case was crucial - "pkcs12" didn't work but "PKCS12" did, using Jcs's answer.
This is what I did and that worked:
<ant:signjar alias="le-f0b73c88-1f82-4497-8c3f-e10d399b4c9c" storetype="pkcs12"
storepass="fount-current"
keystore="/vobs/oam_base/loadbuild_tools/common/src/conf/kunal.pfx">
Store pass should be the lower case, this is the working order or arguments, some time wrong order with throw the runtime padding exception.
[signjar] jarsigner error: java.lang.RuntimeException: keystore load:
I have imported a certificate into a private ~/.keystore file:
keytool -list
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
mylyn-mantis, Jul 15, 2010, trustedCertEntry
and am trying to sign a jar with it, but I get a 'certificate chain not found' error.
jarsigner -verbose /home/robert/file.jar mylyn-mantis
jarsigner: Certificate chain not found for: mylyn-mantis. mylyn-mantis must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.
How can I solve this problem?
It seems that your keystore contains only a certificate (public key) you need a complete key entry, with a private key, and the whole certificate chain to be able to sign anything
Short Answer
Use your alias key instead of key store like this:
jarsigner -verbose -keystore [Your signature storage path] -signedjar [signed filename] [unsigned filename] [Your alias key]
More Details
Here are the easiest way to solve this error:
Go to bin folder .. it may be in this path:
C:\Users[Your computer name]\jdk\bin
or this path:
C:\Program Files\Java\jre1.8.0_77\bin
To prevent issues caused by the configuration of environment variables, please copy both the empty package to be signed, and your key store [the private key for signature] to the bin directory under JDK.
Get your alias key by run this command:
keytool -keystore [your key store] -list -v
Finally run this command:
jarsigner -verbose -keystore [Your signature storage path] -signedjar [signed filename] [unsigned filename] [Your alias key]
I faced same issue. I am having .p12 file issued by CA and I was trying to sign jar file. However I was getting error:
jarsigner: Certificate chain not found for:
Basically I was copying alias name from console. It was having wrong character 'question mark' (?) causing this error. Instead I redirected output of keytool to text file and then I copied alias name from there.
Issue this command:
keytool -list -v -storetype pkcs12 -keystore "mycertificate.p12" > cert.txt
(This is very important. Always redirect to txt file. Do not copy from console output. It can contain wrong characters)
Find out alias name in certificate. Open cert.txt and copy string as it is mentioned in front of "Alias name:"
Let's say this string is "my alias name, a.p.’s my ca limited id"
Use jarsigner:
jarsigner -storetype pkcs12 -keystore "mycertificate.p12" myjarfile.jar "my alias name, a.p.’s my ca limited id"
I had this error, but it was a different issue. When you send off a CSR to a CA it comes from a particular private key with a particular alias that you generated. When you receive the cert back again you must import it using the same alias name or else the two certs will not be wired together.
If you have done it right, when you use keytool -list -v you wil see a single entry with the alias name, of type
Entry type: PrivateKeyEntry
Certificate chain length: 3
For the entry.
If you have done it wrong the you will have two entries
Entry type: PrivateKeyEntry
Certificate chain length: 1
and
Entry type: trustedCertEntry
I encountered this error because I was using a Jenkins "certificate" credential. The Jenkins credential configuration dialog has a text box called Description, whose help says it is a free comment describing the credential. In fact, the Jenkins pipeline block withCredentials uses the Description text box to populate the environment variable named in the aliasVariable property.
withCredentials([certificate(
credentialsId: my_credentials,
keystoreVariable: 'MY_KEYSTORE',
aliasVariable: 'MY_ALIAS', // Set value in Description textbox
passwordVariable: 'MY_PASSWORD')]) {
bat 'mvn clean deploy -Dmy.keystore=%MY_KEYSTORE% -Dmy.alias=%MY_ALIAS% -Dmy.password=\"%MY_PASSWORD%\"'
}
This is not mentioned in the Jenkins documentation.
mylyn-mantis should be the actual alias name you used when you generate the signing key.