Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to create an Android keystore RSA key with infinite validity?

Here is how Google suggests creating an Android keystore:

keytool -genkey -v -keystore my-release-key.keystore -alias alias_name \   -keyalg RSA -keysize 2048 -validity 10000 

While 10000 days may seem like eternity, 27 years could pass quicker than you think, and RSA might still be in use.
If tweaking a command-line argument now has a 0.01% chance of saving my market share in the future, I am willing to do it.

QUESTION: How to make this validity period as long as possible?

like image 406
Nicolas Raoul Avatar asked Jan 11 '13 06:01

Nicolas Raoul


People also ask

What is keystore validity?

Summary. When creating a new self-signed certificate and keystore using Java's keytool command, the default validity is 90 days. In order to extend this, you can modify the keystore creation command to include the validity parameter.

How do I make an Android signing key?

In the menu bar, click Build > Generate Signed Bundle/APK. In the Generate Signed Bundle or APK dialog, select Android App Bundle or APK and click Next. Below the field for Key store path, click Create new. On the New Key Store window, provide the following information for your keystore and key, as shown in figure 2.


2 Answers

"1000 years" example:

I have created "1000 years" JKS keystore without problem as well:

keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 365000

Then, checked for expiration period:

keytool -list -v -keystore my-release-key.keystore

Enter keystore password:    Keystore type: JKS Keystore provider: SUN  Your keystore contains 1 entry ... Valid from: Tue Aug 04 15:28:01 BST 2015 until: Mon Dec 05 14:28:01 GMT 3014 

So, the key is valid until Mon Dec 05 14:28:01 GMT 3014

like image 163
Danail Avatar answered Oct 07 '22 01:10

Danail


You should be able to create a key that will be valid for 292 billion years, if I did the math correctly.

I looked at the source for keytool, http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b14/sun/security/tools/KeyTool.java, and it looks like the validity period is stored in seconds, as a long. The largest value a long can hold 263 - 1 is 9223372036854776000 seconds which equals 106751991167300 days which equals 292,271,023,045 years. There may be other factors that disallow such a large value, but this seems to be the max amount the tool can generate.

like image 34
EJK Avatar answered Oct 07 '22 03:10

EJK