I'm working on an android app which was release on Google Play Console in 2024 January. I used the Windows keystore "mafirstkeystoreformyapp.keystore".
Because I wanted to upgrade my laptop, I bought a new one, get back my project from my GitHub repository, do my test : everything was ok.
So I formated my first laptop.
But I realised, when I wanted to create a new version for Google Play Console that my app signature/footprint is not recognized :
Your android App Bundle was signed with the bad key. be sure your app bundle is signed with the good key and retry. The imported app bundle should be signed with the certificate associated to the "footprint" SHA1: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:B2 , but the certificate used is associated to the footprint SHA1: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:A5
So I contacted the Google Play Console support that made me :
create a JKS file from my MAUI project :
keytool -genkeypair -alias upload -keyalg RSA -keysize 2048 -validity 9125 -keystore keystore.jks
Export the certificate for that key to PEM format
keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jks
Update the certificate from my account (2 days needed)
But this .jks file has no meaning for me : windows keystore are recognized as .keystore file, so it is useless
Is there a way to transform this .jks to .keystore ? Or to easily recreate a valid Keystore from an existing "Importation Key Certificate" ?
There is many stackoverflow about the second question (which is linked to the first one) but, even if the response seems to be no, it look like the current situation evolved. Android: I lost my android key store, what should I do? I lost my .keystore file? Recreate keystore file from private key and certificate
I found this : Android Package Signing for .NET MAUI app It's pretty close but the user issue is linked to his "App Signing key", whereas I must to use the "App Importation Key" (so his resolving steps cannot be done)
I tried to :
create a new .keystore from Visual Studio, get the .der key from Play Console to add it : KO (the certificate is added but not used during Distribution)
create a new key store, delete the default key, import the .der key from Play Console to add it : KO (the keystore seems to be "corrupted" and so Visual Studio doesn't allow me to Distribute the app)
import the .der key from Play Console and create keystore from it : KO (the keystore seems to be "corrupted" and so Visual Studio doesn't allow me to Distribute the app)
(do 3 before that) import the new keystore from the dedicated windows dialog : KO (a java error appears)
à System.Runtime.InteropServices.Marshal.SecureStringToGlobalAllocUnicode(SecureString s)
à Xamarin.VisualStudio.SecureStringExtensions.ToUnsecureString(SecureString input) dans D:\a\_work\1\s\src\Core\VisualStudio\Extensions\SecureStringExtensions.cs:ligne 16
à Xamarin.VisualStudio.Publishing.Presentation.ViewModels.AndroidImportKeyViewModel.<ImportAsync>d__49.MoveNext() dans D:\a\_work\1\s\src\Core\VisualStudio.Publishing\Presentation\ViewModels\AndroidImportKeyViewModel.cs:ligne 138
I used Keytool to update/create keystore :
keytool -import -alias vilolaboratory -file upload_cert.der -keystore vilolboratory.keystore
Okay, after many tries and research, the help of this How to convert .JKS to "keystore" format? helped me to publish a new version : I was able to recover usable .keystore file for my current app.
So here it is a summary of the main steps :
You will need to use Keytool, a command line tool offered by JDK (this stackoverflow can help if you are experiencing issue : ERROR:'keytool' is not recognized as an internal or external command, operable program or batch file). More infos about keytool usecases : https://support.smartbear.com/collaborator/faq/how-to-update-an-expired-certificate-in-the-existi/
Start by creating the new Keystore :
keytool -genkeypair -alias {alias-name} -keyalg RSA -keysize 2048 -validity 9125 -keystore keystore.jks
Then ask for the Key Importation Certificate reinitialization
It will ask you to create a new certificate through Keytools. Normally, it will be something like this (but follow the link upon it's better) :
keytool -export -rfc -keystore keystore.jks -alias {alias-name} -file upload_certificate.pem
It will allow you to have
Upload the .pem certificate file to Google Play Console and wait for two days.
You will need to use keytool again to convert the JKS file. Thanks to @Geo367 :
keytool -importkeystore -srckeystore {generatedfile}.jks -srcstoretype JKS -destkeystore {TemporaryName}.p12 -deststoretype PKCS12
keytool -importkeystore -srckeystore {TemporaryName}.p12 -srcstoretype PKCS12 -destkeystore {DefinitiveName}.keystore -deststoretype JKS
But the file generated will not be correctly identified by Visual studio there. So continue with :
keytool -importkeystore -srckeystore {DefinitiveName}.keystore -destkeystore {DefinitiveName} -deststoretype pkcs12
It will apply the last keystore format (cannot be more specific about it : I don't masterize this subject at all)
Move the Keystore file in C:\Users{USER}\AppData\Local\Xamarin\Mono for Android\Keystore
Then, in visual studio, go in "Show/Displays archives" and push "Distribute..."
Normally, an "{alias-name}" keystore will appears : that's your hero.
/!\ in my case I needed to delete the last archive created and republish in order to correctly refresh the datas and be able to watch the last keystore.
Once everything is done, you will be able to publish an app correctly signed with the last certificate through the adequate keystore.