Menu
I read this article about signing your Android applications. I used Eclipse to export my Android application, had to create a keystore (which succeeded) and a private key with an alias (which also succeeded). So I know that I have to sign the application with a private key.
However, the article does not make clear anything on the following questions:
607
The Android Keystore system lets you store cryptographic keys in a container to make it more difficult to extract from the device. Once keys are in the keystore, they can be used for cryptographic operations with the key material remaining non-exportable.
The default location is /Users/<username>/. android/debug. keystore.
RSA is a public-key or asymmetric crypto system. It uses a public key for encryption and a private key for decryption. Anyone can use the public key to encrypt a message but it can be decrypted only by the private key owner.
Go to the Google Maps Platform > Credentials page. On the Credentials page, click Create credentials > API key. The API key created dialog displays your newly created API key. Click Close.
A private key is a cryptographic tool that verifies you are the owner of the app. Any build that is being updated to the Google Play store must be signed by your private key to prove it is a legitimate build.
So each different application that you want to upload to the store should have its own private key. If you ever lose this key, you will not be able to upload any new versions of your app, so make sure to store it somewhere safe and make backups!
However, you can store multiple private keys in the same keystore for convenience. (Although I do not, I find it more convenient to have a different keystore for every project as well.)
An alias is simply an easy to read name for the key. Nothing more or less.
It's worth noting, when you do an Eclipse "Run", it uses something called the debug key to run the application. This works fine because you are not trying to upload this build to the store, but this is why you need to use a separate build process to build your application for deployment.
The lifetime validity is a technical requirement. Just set it way in the future and don't worry about it.
183
Signing is like a certificate for your Android application (think web certificates to have some idea) - it proves that you're the owner of that application. Every app must be signed, as the link you provided clearly says.
In theory, every application from a developer should be under the same signature (after all, it's >your< signature, not the app's)
The alias is just that: an alias for your key, which you use to refer to the keystore when signing the application.
And about the lifespan, not everything lasts forever. Those signatures (or certificates if you will) can last over 25 years. Not something you have to worry about.
37
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
