Signing an APK with an upload key provided by Google Play

Question

I'm trying to make sense of how to upload an app onto Google Play while using Google Play App Signing.

Here is what I did:

1. Created an app
2. Used keytool.exe to generate a key for that app
3. Uploaded the app to Google Play
4. Enrolled in the Google Play App Signing
5. Try to upload the app again without success.

It complains that the certificate is not the certificate

Upload new APK to Production

Upload failed You uploaded an APK that is not signed with the upload certificate. You must use the same certificate. The upload certificate has fingerprint: [ SHA1: 0C:... ] and the certificate used to sign the APK that you uploaded have fingerprint: [ SHA1: 2D:... ]

After searching for a while. I find out how to put the certificated posted on my Google Play console in my keystore. Something like this:

keytool.exe -importcert -file upload.pem -keystore myapp-release-key.keystore

The certificate seems to be in. When I list the contents of the keystore, here's what I get:

keytool.exe -list -keystore trackcoachfull-release-key.keystore Enter keystore password:

Keystore type: JKS Keystore provider: SUN

Your keystore contains 2 entries

myappfull, May 18, 2017, PrivateKeyEntry, Certificate fingerprint (SHA1): 2D:... uploadkey, May 19, 2017, trustedCertEntry, Certificate fingerprint (SHA1): 0C:...

Now, where I'm blocked...

In Android Studio, I try to generate a signed APK with the uploadkey.

Build > Generate Signed APK Select the keystore above Enter the keystore password Select the uploadkey as the key alias I'm force to enter a key password.

Error in Android Studio:

Error:Execution failed for task ':app:packageFullRelease'.

com.android.ide.common.signing.KeytoolException: Failed to read key uploadkey from store "C:\Users\Admin\AndroidStudioProjects\keystores\myappfull-release-key.keystore": trusted certificate entries are not password-protected

My question is this:

How do you generate an APK signed with an upload key provided by Google Play?

Thanks

Answer 1

I was able to sign my APK using Upload key provided by Google Play. Here are the steps I followed for a new app:

1. Create a keystore and add a signing key using Android Studio
2. Sign the app using the key created in (1)
3. Upload the APK to Google Play
4. Download "Upload certificate" from Google Play Console
5. Add downloaded certificate to the keystore created in step (1) using command keytool.exe -importcert -file upload_cert.der -keystore <keystorefile>
6. It should prompt that "Certificate already exists in keystore under alias . Do you still want to add it? [no]:"
7. Type 'y' and press enter
8. A confirmation message will appear
9. For subsequent builds sign the app using the same process as in (2)

Important point to note here is that in step (6), the keytool import updates the original certificate with the one downloaded from Google Play.