如何启用Google Play应用签名 [英] How to enable Google Play App Signing

问题描述

我认为很多开发人员正试图详细了解Google I / O 2017上展示的新版Google Play App Signing功能。

keystore在Google Play中对应用程序进行签名，节省您安全存储密钥存储的成本，并且可以帮助系统根据硬件和操作系统特性优化为每台设备提供的APK。

您可以在以下官方文档中阅读有关此主题的更多信息：

接受App签署TOS。

第1步：下载PEPK工具点击与下图完全相同的按钮

<第2步：打开一个终端并输入：
$ b

java -jar PATH_TO_PEPK --keystore = PATH_TO_KEYSTORE
--alias = ALIAS_YOU_USE_TO_SIGN_APK --output = PATH_TO_OUTPUT_FILE --encryptionkey = GOOGLE_ENCRYPTION_KEY

传说：

• PATH_TO_PEPK =您在第1步中下载的pepk.jar的路径，可能类似于 C：\Users\YourName\Downloads\pepk.jar for Windows users。


• PATH_TO_KEYSTORE =您用于签署APK版本的密钥库路径。可能是* .keystore或* .jks类型的文件，或者没有扩展名。像 C：\Android\mykeystore 或 C：\Android\mykeystore.keystore 等等。 。


• ALIAS_YOU_USE_TO_SIGN_APK =您用于签署发行版APK的别名的名称。 / em> =扩展名为.pem的输出文件的路径，类似于 C：\Android\private_key.pem


• GOOGLE_ENCRYPTION_KEY =此加密密钥应始终保持不变。您可以在应用程序签名页面找到它，并将其复制并粘贴。应该采用以下格式： eb10fe8f7c7c9df715022017b00c6471f8ba8170b13049a11e6c09ffe3056a104a3bbe4ac5a955f4ba4fe93fc8cef27558a3eb9d2a529a2092761fb833b656cd48b9de6a

示例：

java -jarC：\Users\YourName\Downloads\pepk.jar--keystore =C：\Android\ mykeystore
--alias = myalias --output = C：\Android\private_key.pem --encryptionkey = eb10fe8f7c7c9df715022017b00c6471f8ba8170b13049a11e6c09ffe3056a104a3bbe4ac5a955f4ba4fe93fc8cef27558a3eb9d2a529a2092761fb833b656cd48b9de6a

按Enter键，您需要按顺序提供：

1. 密钥存储密码


2. 别名密码

如果一切正常，您现在将在PATH_TO_OUTPUT_FILE文件夹中有一个名为 private_key.pem 。

第3步：上传private_key.pem文件，点击bu tton与下图完全相同

第4步：使用Android Studio创建新的密钥库文件。 $ b

您将需要此KEYSTORE在未来签署
您的应用程序的未来发行版，请勿忘记密码

打开一个Android项目（随机选择一个）。转到 Build - > 生成签名APK ，然后按创建新的。

a href =https://i.stack.imgur.com/O9okH.png =noreferrer>

现在您应该填写必填字段。
$ b

密钥存储路径代表您要创建的新密钥库，使用右侧的3个点图标选择一个文件夹和一个名称，我选择 C：\Android\upload_key.jks （将自动添加.jks扩展名）

注意：I使用 upload 作为新的别名，但如果您以前使用了具有不同别名的相同密钥库来签署不同的应用程序，则应该选择以前在原始密钥库中的相同别名。

完成后按OK，现在您将拥有一个新的 upload_key.jks 密钥库。您可以立即关闭Android Studio。

第5步：我们需要从新创建的 upload_key中提取上传证书.jks 密钥库。
打开终端并键入：

keytool -export -rfc -keystore UPLOAD_KEYSTORE_PATH -alias UPLOAD_KEYSTORE_ALIAS
-file PATH_TO_OUTPUT_FILE

图例：

• UPLOAD_KEYSTORE_PATH =您刚刚创建的上传密钥库的路径。在这种情况下， C：\Android\upload_key.jks 。


• UPLOAD_KEYSTORE_ALIAS =新别名与上传密钥库相关联。在这种情况下， upload 。


• PATH_TO_OUTPUT_FILE =扩展名为.pem的输出文件的路径。例如 C：\Android\upload_key_public_certificate.pem 。

示例：
$ b

keytool -export -rfc -keystoreC：\Android\upload_key.jks-alias upload -fileC： \Android\upload_key_public_certificate.pem

按Enter键，您将需要提供密钥存储密码。

现在如果一切正常，您将在文件夹PATH_TO_OUTPUT_FILE中有一个文件，名为 upload_key_public_certificate.pem 。

第6步：上传 upload_key_public_certificate.pem 文件，点击与下图完全相同的按钮

第7步 ENROLL 按钮在应用程序签名页面的末尾。

现在每个新版APK都必须使用 upload_key.jks 在第4步中创建的密钥库和别名，然后上传到Google Play Developer控制台。

更多资源：

• 有关Google Play应用签名的Google文档
表单，用于请求重置您的上传密钥库，如果您丢失它的话

$ Q：当我上传使用新的upload_key密钥存储库签名的APK时，Google播放出现如下错误：您上传了未签名的APK。您需要创建一个签名的APK

答：在构建APK版本时，选中两个签名（V1和V2）签名APK。阅读此处获取更多详情。

I think a lot of developers are trying to learn more about the new Google Play App Signing feature presented at Google I/O 2017.

The ability to store the keystore to sign the apps inside Google Play save you the effort to safely store the keystore and can help the system to optimize the APKs served to every device, based on hardware and OS characteristics.

You can read more about this topic in the official documentation here : https://developer.android.com/studio/publish/app-signing.html#google-play-app-signing.

With the following answer, i will explain a bit better the steps you need to follow to upload your original keystore and how to create the new upload keystore, which you will need to sign your APK from this point onwards.

解决方案

This guide is oriented to developers who already have an application in the Play Store. If you are starting with a new app the process it's much easier and you can follow the guidelines of paragraph "New apps" from here

Prerequisites that 99% of developers already have :

1. Android Studio

2. JDK 8 and after installation you need to setup an environment variable in your user space to simplify terminal commands. In Windows x64 you need to add this : C:\Program Files\Java\{JDK_VERSION}\bin to the Path environment variable. (If you don't know how to do this you can read my guide to add a folder to the Windows 10 Path environment variable).

Step 0: Open Google Play developer console, then go to Release Management -> App Signing.

Accept the App Signing TOS.

Step 1: Download PEPK Tool clicking the button identical to the image below

Step 2: Open a terminal and type:

java -jar PATH_TO_PEPK --keystore=PATH_TO_KEYSTORE --alias=ALIAS_YOU_USE_TO_SIGN_APK --output=PATH_TO_OUTPUT_FILE --encryptionkey=GOOGLE_ENCRYPTION_KEY

Legend:

• PATH_TO_PEPK = Path to the pepk.jar you downloaded in Step 1, could be something like C:\Users\YourName\Downloads\pepk.jar for Windows users.
• PATH_TO_KEYSTORE = Path to keystore which you use to sign your release APK. Could be a file of type *.keystore or *.jks or without extension. Something like C:\Android\mykeystore or C:\Android\mykeystore.keystore etc...
• ALIAS_YOU_USE_TO_SIGN_APK = The name of the alias you use to sign the release APK.
• PATH_TO_OUTPUT_FILE = The path of the output file with .pem extension, something like C:\Android\private_key.pem
• GOOGLE_ENCRYPTION_KEY = This encryption key should be always the same. You can find it in the App Signing page, copy and paste it. Should be in this form: eb10fe8f7c7c9df715022017b00c6471f8ba8170b13049a11e6c09ffe3056a104a3bbe4ac5a955f4ba4fe93fc8cef27558a3eb9d2a529a2092761fb833b656cd48b9de6a

Example:

java -jar "C:\Users\YourName\Downloads\pepk.jar" --keystore="C:\Android\mykeystore" --alias=myalias --output="C:\Android\private_key.pem" --encryptionkey=eb10fe8f7c7c9df715022017b00c6471f8ba8170b13049a11e6c09ffe3056a104a3bbe4ac5a955f4ba4fe93fc8cef27558a3eb9d2a529a2092761fb833b656cd48b9de6a

Press Enter and you will need to provide in order:

1. The keystore password
2. The alias password

If everything has gone OK, you now will have a file in PATH_TO_OUTPUT_FILE folder called private_key.pem.

Step 3: Upload the private_key.pem file clicking the button identical to the image below

Step 4: Create a new keystore file using Android Studio.

YOU WILL NEED THIS KEYSTORE IN THE FUTURE TO SIGN THE NEXT RELEASES OF YOUR APP, DON'T FORGET THE PASSWORDS

Open one of your Android projects (choose one at random). Go to Build -> Generate Signed APK and press Create new.

Now you should fill the required fields.

Key store path represent the new keystore you will create, choose a folder and a name using the 3 dots icon on the right, i choosed C:\Android\upload_key.jks (.jks extension will be added automatically)

NOTE: I used upload as the new alias name but if you previously used the same keystore with different aliases to sign different apps, you should choose the same aliases name you had previously in the original keystore.

Press OK when finished, and now you will have a new upload_key.jks keystore. You can close Android Studio now.

Step 5: We need to extract the upload certificate from the newly created upload_key.jks keystore. Open a terminal and type:

keytool -export -rfc -keystore UPLOAD_KEYSTORE_PATH -alias UPLOAD_KEYSTORE_ALIAS -file PATH_TO_OUTPUT_FILE

Legend:

• UPLOAD_KEYSTORE_PATH = The path of the upload keystore you just created. In this case was C:\Android\upload_key.jks.
• UPLOAD_KEYSTORE_ALIAS = The new alias associated with the upload keystore. In this case was upload.
• PATH_TO_OUTPUT_FILE = The path to the output file with .pem extension. Something like C:\Android\upload_key_public_certificate.pem.

Example:

keytool -export -rfc -keystore "C:\Android\upload_key.jks" -alias upload -file "C:\Android\upload_key_public_certificate.pem"

Press Enter and you will need to provide the keystore password.

Now if everything has gone OK, you will have a file in the folder PATH_TO_OUTPUT_FILE called upload_key_public_certificate.pem.

Step 6: Upload the upload_key_public_certificate.pem file clicking the button identical to the image below

Step 7: Click ENROLL button at the end of the App Signing page.

Now every new release APK must be signed with the upload_key.jks keystore and aliases created in Step 4, prior to be uploaded in the Google Play Developer console.

More Resources:

• Google documentation on Google Play App Signing
• Form to request the reset of your upload keystore if you lose it

Q&A

Q: When i upload the APK signed with the new upload_key keystore, Google Play show an error like : You uploaded an unsigned APK. You need to create a signed APK.

A: Check to sign the APK with both signatures (V1 and V2) while building the release APK. Read here for more details.

这篇关于如何启用Google Play应用签名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！