apksigner not accepting password

Question

Up until now I had been signing my apks with the following method:

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore {keystore-file} {apk-file} {keystore-alias}

However I am trying to use the new apksigner tool and I cannot get it to work since it always tells me the password is invalid. Which is impossible because I have done it multiple times, with the jarsigner works and with the apksigner doesn't. The commands I have tried are the following:

apksigner sign --ks {keystore-file} {apk-file}

apksigner sign --ks {keystore-file} --ks-key-alias {keystore-alias} {apk-file}

Now the weirdest part comes when I created a new keystore to test this, and with this new keystore it's working. So I don't understand what is the difference. Here's the information obtained from calling "keytool -v -list -keystore {keystore-file}" on both.

Production keystore (I have removed some text in case this is dangerous):

Keystore type: JKS Keystore provider: SUN  Your keystore contains 1 entry  Alias name: {keystore-alias} Creation date: Apr 4, 2016 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: Owner: CN={removed-text}, OU={removed-text}, O={removed-text}, L=Unknown, ST=Unknown, C=Unknown Issuer: CN={removed-text}, OU={removed-text}, O={removed-text}, L=Unknown, ST=Unknown, C=Unknown Serial number: {removed-text} Valid from: Mon Apr 04 12:39:50 CEST 2016 until: Fri Aug 21 12:39:50 CEST 2043 Certificate fingerprints:      MD5:  {removed-text}      SHA1: {removed-text}      SHA256: {removed-text}      Signature algorithm name: SHA256withRSA      Version: 3  Extensions:   #1: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: {removed-text} 0010: {removed-text} {removed-text}                                        .... ] ]    ******************************************* ******************************************* 

New test keystore:

Keystore type: JKS Keystore provider: SUN  Your keystore contains 1 entry  Alias name: app Creation date: Nov 17, 2016 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=Foobar, OU=Foobar, O=foobar, L=Unknown, ST=Unknown, C=Unknown Issuer: CN=Foobar, OU=Foobar, O=foobar, L=Unknown, ST=Unknown, C=Unknown Serial number: 448c7afc Valid from: Thu Nov 17 11:40:26 CET 2016 until: Mon Apr 04 12:40:26 CEST 2044 Certificate fingerprints:      MD5:  3E:29:C0:3C:30:B4:DC:E0:A5:94:1D:2E:E9:86:58:CA      SHA1: 3D:09:B4:42:A2:7C:14:C7:3E:54:33:0E:AB:75:2E:F1:19:23:00:FA      SHA256: 7F:E0:51:F1:6A:53:45:56:42:B9:F9:38:92:69:81:7A:DA:71:FF:44:51:15:7F:F9:B4:1C:AA:2B:53:4A:89:72      Signature algorithm name: SHA256withRSA      Version: 3  Extensions:   #1: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: BC 1B E6 C4 6D 25 01 70   CA AC 81 34 81 4B AE 41  ....m%.p...4.K.A 0010: 10 DF D8 13                                        .... ] ]    ******************************************* ******************************************* 

Answer 1

use it this way

./apksigner sign --ks test.jks --ks-key-alias test --ks-pass pass:testtest --key-pass pass:testtest Test_Aligned.apk