使用提供的upload_cert.der签署发布的Android APK文件 [英] Use provided upload_cert.der to sign a release Android APK file
问题描述
我刚刚注册了Google Play应用签名程序,该程序需要上传发行密钥库的加密版本,并具有创建上传密钥库的可选"步骤-可选用引号引起来,因为我认为应该是一个必需的步骤,但是无论如何,在成功注册之后,我现在得到的是上传证书,该证书应该以某种方式用于签署我将来的应用版本.
I've just enrolled in the Google Play App Signing program, which required uploading an encrypted version of the release keystore and had an "optional" step for creating an upload keystore - optional is in quotes, because I think it should be a required step, but anyway, after a successful enrollment, I'm now left with an Upload certificate, which I should somehow use to sign my future app releases.
到目前为止,我所做的是:我从Android Studio创建了一个新的密钥库,设置了存储和别名密码,并尝试将 upload_cert.der 导入现有的别名-失败:
What I've done so far: I created a new keystore from Android Studio, set the store and alias passwords and tried to import the upload_cert.der to the existing alias - failed:
keytool -importcert -file upload_cert.der -alias upload -keystore upload-keystore.jks
keytool错误:java.lang.Exception:答复和密钥库中的公共密钥 不匹配
keytool error: java.lang.Exception: Public keys in reply and keystore don't match
我还尝试了在不指定别名(或删除现有别名并创建新别名)或使用其他别名的情况下导入上传证书:
I've also tried to import the upload certificate without specifying an alias (or removing the existing alias and creating a new one), or with a different alias:
keytool -importcert -file upload_cert.der -keystore upload-keystore.jks
...也失败:最终创建了一个名为 mykey 的新别名,该别名没有密码保护,并失败,并显示以下消息:
...failed as well: ended up creating a new alias called mykey, which wasn't password protected and failed with the message:
原因:java.lang.RuntimeException:com.android.ide.common.signing.KeytoolException:无法从商店"/path/to/upload-keystore.jks"读取密钥上载:受信任的证书条目不是密码保护的
Caused by: java.lang.RuntimeException: com.android.ide.common.signing.KeytoolException: Failed to read key upload from store "/path/to/upload-keystore.jks": trusted certificate entries are not password-protected
...很自然地,我尝试为别名设置密码:
...so naturally, I tried to set a password for the alias:
keytool -keypasswd -alias upload -keystore upload-keystore.jks
也失败,并显示以下消息:
which failed as well with the message:
keytool错误:java.lang.Exception:别名没有密钥
keytool error: java.lang.Exception: Alias has no key
...现在我的想法已经用光了.
...and now I've run out of ideas.
在此期间,我已向Google Play支持人员发送了一个问题/请求以更新我的上传密钥,但是,我希望可以解决这种情况(该支持人员的回复速度很慢),因为文档并不暗示一定要生成一个上传密钥库并上传该密钥库的加密私钥.因此,说明文件含糊不清/不清楚/错误,或者有一种使用生成的upload_cert.der的方法.有什么想法吗?
In the meantime, I've sent a question/request to Google Play Support to renew my upload key, but, I'm hoping there is a solution to this situation (the support is kinda slow to reply), since the documentation doesn't imply in any way that generating an upload keystore and uploading the encrypted private key of that key store is a requirement. So, either the documentation is vague/unclear/wrong, or there is a way to use the generated upload_cert.der. Any thoughts?
感谢 Pierre 提供的答案和评论,我意识到,如果您不创建/提供上传密钥, ,则应使用现有的原始签名密钥,并使用 upload_cert.der .因此,唯一的要求是通过运行以下命令插入上传证书:
Thanks to the answer and comment provided by Pierre, I realized that if you do not create/provide an upload key, your existing original signing key should be used, with the upload_cert.der. So, the only requirement would be to insert the upload certificate by running:
keytool -importcert -file upload_cert.der -keystore original-signing-keystore.jks
...,您应该能够继续将应用发布到Play商店.
...and you should be able to continue publishing your applications to the Play Store.
推荐答案
您上传到Play控制台的.der文件(也可以从Play控制台的应用签名"页面下载).密钥,它仅包含公共密钥,因此您将无法对其进行任何签名.
The .der file you uploaded to the Play Console (and that is also available for download in the App Signing page in the Play Console) does not contain the private key, it only contains the public key, so you won't be able to sign anything with it.
只有您创建的用于生成上传证书的密钥库包含私钥,并且该密钥库必须用于对APK(或应用捆绑包)进行签名.
Only the keystore you created to generate your upload certificate contains the private key and must be used to sign your APKs (or App Bundles).
换句话说,您不应在注册Play签名后创建另一个密钥库,而应使用创建的密钥库来生成上传证书来对以后的工件进行签名.
In other words, you shouldn't create another keystore after enrollment in Play Signing, you should use the keystore you have created to generate the upload certificate to sign your future artifacts.
希望有帮助.
这篇关于使用提供的upload_cert.der签署发布的Android APK文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
