androidmauikeystoregoogle-play-console

Recreate a valid Keystore from an existing "Importation Key Certificate" for my MAUI Android Project


I'm working on an android app which was release on Google Play Console in 2024 January. I used the Windows keystore "mafirstkeystoreformyapp.keystore".

Because I wanted to upgrade my laptop, I bought a new one, get back my project from my GitHub repository, do my test : everything was ok.

So I formated my first laptop.

But I realised, when I wanted to create a new version for Google Play Console that my app signature/footprint is not recognized :

Your android App Bundle was signed with the bad key. be sure your app bundle is signed with the good key and retry. The imported app bundle should be signed with the certificate associated to the "footprint" SHA1: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:B2 , but the certificate used is associated to the footprint SHA1: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:A5

So I contacted the Google Play Console support that made me :

But this .jks file has no meaning for me : windows keystore are recognized as .keystore file, so it is useless

Is there a way to transform this .jks to .keystore ? Or to easily recreate a valid Keystore from an existing "Importation Key Certificate" ?

There is many stackoverflow about the second question (which is linked to the first one) but, even if the response seems to be no, it look like the current situation evolved. Android: I lost my android key store, what should I do? I lost my .keystore file? Recreate keystore file from private key and certificate

What I already tried

I found this : Android Package Signing for .NET MAUI app It's pretty close but the user issue is linked to his "App Signing key", whereas I must to use the "App Importation Key" (so his resolving steps cannot be done)

I tried to :

  1. create a new .keystore from Visual Studio, get the .der key from Play Console to add it : KO (the certificate is added but not used during Distribution)

  2. create a new key store, delete the default key, import the .der key from Play Console to add it : KO (the keystore seems to be "corrupted" and so Visual Studio doesn't allow me to Distribute the app)

  3. import the .der key from Play Console and create keystore from it : KO (the keystore seems to be "corrupted" and so Visual Studio doesn't allow me to Distribute the app)

  4. (do 3 before that) import the new keystore from the dedicated windows dialog : KO (a java error appears)

        à System.Runtime.InteropServices.Marshal.SecureStringToGlobalAllocUnicode(SecureString s) 
     à Xamarin.VisualStudio.SecureStringExtensions.ToUnsecureString(SecureString input) dans D:\a\_work\1\s\src\Core\VisualStudio\Extensions\SecureStringExtensions.cs:ligne 16
    à Xamarin.VisualStudio.Publishing.Presentation.ViewModels.AndroidImportKeyViewModel.<ImportAsync>d__49.MoveNext() dans D:\a\_work\1\s\src\Core\VisualStudio.Publishing\Presentation\ViewModels\AndroidImportKeyViewModel.cs:ligne 138
    

I used Keytool to update/create keystore :

keytool -import -alias vilolaboratory -file upload_cert.der -keystore vilolboratory.keystore

Solution

  • Okay, after many tries and research, the help of this How to convert .JKS to "keystore" format? helped me to publish a new version : I was able to recover usable .keystore file for my current app.

    So here it is a summary of the main steps :

    1st step : Generate .JKS et new .PEM certificate

    You will need to use Keytool, a command line tool offered by JDK (this stackoverflow can help if you are experiencing issue : ERROR:'keytool' is not recognized as an internal or external command, operable program or batch file). More infos about keytool usecases : https://support.smartbear.com/collaborator/faq/how-to-update-an-expired-certificate-in-the-existi/

    Start by creating the new Keystore :

    keytool -genkeypair -alias {alias-name} -keyalg RSA -keysize 2048 -validity 9125 -keystore keystore.jks
    

    Then ask for the Key Importation Certificate reinitialization Play Console > Settings > Application signature

    It will ask you to create a new certificate through Keytools. Normally, it will be something like this (but follow the link upon it's better) :

    keytool -export -rfc -keystore keystore.jks -alias {alias-name} -file upload_certificate.pem
    

    It will allow you to have

    Upload the .pem certificate file to Google Play Console and wait for two days.

    2nd step : Convert the .jks to .keystore

    You will need to use keytool again to convert the JKS file. Thanks to @Geo367 :

    keytool -importkeystore -srckeystore {generatedfile}.jks -srcstoretype JKS -destkeystore {TemporaryName}.p12 -deststoretype PKCS12
    
    keytool -importkeystore -srckeystore {TemporaryName}.p12 -srcstoretype PKCS12 -destkeystore {DefinitiveName}.keystore -deststoretype JKS
    

    But the file generated will not be correctly identified by Visual studio there. So continue with :

    keytool -importkeystore -srckeystore {DefinitiveName}.keystore -destkeystore {DefinitiveName} -deststoretype pkcs12
    

    It will apply the last keystore format (cannot be more specific about it : I don't masterize this subject at all)

    3rd step : Prepare Visual studio

    Move the Keystore file in C:\Users{USER}\AppData\Local\Xamarin\Mono for Android\Keystore

    Then, in visual studio, go in "Show/Displays archives" and push "Distribute..." enter image description here

    Normally, an "{alias-name}" keystore will appears : that's your hero.

    /!\ in my case I needed to delete the last archive created and republish in order to correctly refresh the datas and be able to watch the last keystore.

    Once everything is done, you will be able to publish an app correctly signed with the last certificate through the adequate keystore.