Visual Studio的AndroidApkSigner在密钥库中找不到密钥 [英] Visual Studio's AndroidApkSigner does not find key in keystore

问题描述

在Visual Studio中创建APK时出现此错误:

I am getting this error when creating an APK within Visual Studio:

Failed to load signer "signer #1": C:\...\googleplay.keystore entry "googleplay" does not contain a key

我是一个长期的ASP.NET开发人员，他熟悉Visual Studio，但这是我的第一个Xamarin项目. (我没有使用Android Studio.)我正在尝试将Android版本部署到Google Play.我从未将APK上传到Google Play，所以我无法使用Visual Studio的自动部署；我必须先按照Google和Microsoft的说明执行手动部署.

I am a longtime ASP.NET developer who is familiar with Visual Studio but this is my first Xamarin project. (I am not using Android Studio.) I am trying to deploy the Android build to Google Play. I have never uploaded an APK to Google Play so I cannot use Visual Studio's automatic deployment; I must perform a manual deployment first per Google's and Microsoft's instructions.

我正在使用JDK 1.8运行Visual Studio 2017 15.7.5(最新).我的项目使用的是NETStandard.Library 2.0.3，Xamarin.Forms 3.1.0和Microsoft.EntityFrameworkCore 2.1.1.

I am running Visual Studio 2017 15.7.5 (latest) with JDK 1.8. My project is using NETStandard.Library 2.0.3, Xamarin.Forms 3.1.0, and Microsoft.EntityFrameworkCore 2.1.1.

这个问题类似于这个没有答案的问题，但我从Visual Studio中得到错误.如果这是重复的话，我表示歉意，但无法添加有关该问题的其他详细信息.

This question is similar to this question that has no answers but I am getting the error from within Visual Studio. If this is a duplicate, I apologize but I am unable to add additional details on that question.

我正在使用Google Play应用签名.我已经通过Google Play创建了密钥.我以.der格式下载了证书.我已使用keytool(来自c:\ Program Files \ Java \ jdk1.8.0_172 \ bin)通过以下命令将.der文件转换为.keystore:

I am using Google Play App Signing. I have created a key through Google Play. I downloaded the certificate in .der format. I have used keytool (from c:\Program Files\Java\jdk1.8.0_172\bin) to convert the .der file to .keystore with the following command:

keytool -importcert -alias googleplay -file "C:\...\deployment_cert.der"

我已经多次运行此实用程序，更改了选项，以为keytool提示输入的别名或密码中的特殊字符可能存在区分大小写的问题.在这种情况下，别名全为小写字母，密码为全小写字母数字. keytool要求信任此证书，然后按"y".

I have re-run this utility a few times changing the options thinking perhaps that there might be a problem with case sensitivity on the alias or special characters in the password that keytool prompts for. In this instance, the alias is all alpha, all lowercase, and the password is alpha-numeric all lowercase. keytool asks to trust this certificate and I press "y".

这将产生一个名为.keystore的文件.我将其重命名为googleplay.keystore，并将其移至更合适的位置.

This results in a file named .keystore. I renamed this to googleplay.keystore and I moved it to a more appropriate place.

我可以通过运行以下命令来再次检查密钥库文件中是否存在googleplay别名:

I can double-check that the googleplay alias is present in the keystore file by running this command:

C:\Program Files\Java\jdk1.8.0_172\bin>keytool -v -list -keystore "C:\...\googleplay.keystore" -alias googleplay
Enter keystore password:
Alias name: googleplay
Creation date: Jul 23, 2018
Entry type: trustedCertEntry

Owner: CN=Android, OU=Android, O=Google Inc., L=Mountain View, ST=California, C=US
Issuer: CN=Android, OU=Android, O=Google Inc., L=Mountain View, ST=California, C=US
Serial number: e8************************************8a
Valid from: Thu Jul 19 14:18:56 EDT 2018 until: Sun Jul 19 14:18:56 EDT 2048
Certificate fingerprints:
         MD5:  0D:**:**:**:**:**:**:**:**:**:**:**:**:**:**:C8
         SHA1: 11:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:CD
         SHA256: D0:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:74
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 4096-bit RSA key
Version: 3

Extensions:

#1: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

"googleplay"别名绝对存在！证书指纹与Google给我的密钥(已编辑)匹配.

The "googleplay" alias most definitely exists! The certificate fingerprints match the keys that Google gave me (redacted).

在Visual Studio中，我将解决方案配置设置为发布"模式，清理了整个解决方案(成功)，重新构建了整个解决方案(成功)，然后右键单击我的Android项目，然后根据Archive... ="https://docs.microsoft.com/zh-cn/xamarin/android/deploy-test/release-prep/?tabs=vswin#archive" rel ="nofollow noreferrer">这些说明.

In Visual Studio, I set the solution configuration to Release mode, I cleaned my entire solution (successful), rebuilt my entire solution (successful), and then right-clicked my Android project and clicked Archive... per these instructions.

作为一个附带说明，该Microsoft文章非常令人沮丧，因为它没有提及签名或此问题以及他们的签名与Google Play的运行方式不符，并且似乎假设您已将正确的APK上传到Google已经玩过了(绕过了Ceg-22鸡或蛋).

As a side-note, that Microsoft article is extremely frustrating because it does not mention signing or this issue, and their articles on signing do not match how Google Play operates and seem to assume you have a correct APK uploaded to Google Play already (bypassing the chicken-or-egg Catch-22).

起初，我所得到的只是The archiving process has failed. Please see the Errors section for more details..错误列表"面板为空.输出面板只是说"java.exe" exited with code 2.我去了Tools -> Options -> Projects and Solutions -> Build and Run并将MSBuild project build output verbosity从Minimal更改为Diagnostic并重复了最后几个步骤(清理，重建，存档).现在，输出"面板(略作编辑)显示:

At first all I got was The archiving process has failed. Please see the Errors section for more details. The Error List panel is empty. The Output panel just says "java.exe" exited with code 2. I went to Tools -> Options -> Projects and Solutions -> Build and Run and changed MSBuild project build output verbosity from Minimal to Diagnostic and repeated the last few steps (clean, rebuild, archive). Now, the Output panel (slightly redacted) says:

Using "AndroidApkSigner" task from assembly "C:\...\MSBuild\Xamarin\Android\Xamarin.Android.Build.Tasks.dll".
Task "AndroidApkSigner"
AndroidApkSigner:
  ApkSignerJar: C:\Program Files (x86)\Android\android-sdk\build-tools\27.0.3\lib\apksigner.jar
  ApkToSign: bin\Release\com.mycompany.myproject.apk
  ManifestFile: obj\Release\android\AndroidManifest.xml
  AdditionalArguments: 
C:\Program Files\Java\jdk1.8.0_172\\bin\java.exe -jar "C:\Program Files (x86)\Android\android-sdk\build-tools\27.0.3\lib\apksigner.jar" sign --ks "C:\...\googleplay.keystore" --ks-pass pass:******** --ks-key-alias googleplay --key-pass pass:******** --min-sdk-version 19 --max-sdk-version 27  C:\...\myproject.Android\bin\Release\com.mycompany.myproject.apk 
Failed to load signer "signer #1": C:\...\googleplay.keystore entry "googleplay" does not contain a key
"java.exe" exited with code 2.
Done executing task "AndroidApkSigner" -- FAILED.
Done building target "_Sign" in project "myproject.Android.csproj" -- FAILED.
Done building project "myproject.Android.csproj" -- FAILED.
Build FAILED.

从上面的输出中，您可以在我项目的属性的Android Package Signing选项卡中看到(已编辑)值.通过反复试验，我发现密钥库密码，别名和别名密码都是必需的.我将密钥库密码"和别名密码"设置为相同，因为与此密钥库关联的密码只有一个.如上所述，密码是低位字母数字(根据另一个SO问题的建议，无特殊字符).

From the above output you can see what the (redacted) values are in my project's property's Android Package Signing tab. Through trial and error I discovered that the Keystore Password, Alias, and Alias Password are all required. I set the Keystore Password and Alias Password to be the same, since there is only one password associated with this keystore. As mentioned above, the password is lower-alpha-numeric (no special characters following the advice from another SO question).

为什么当keytool毫无问题地找到密钥时，AndroidApkSigner为什么无法在密钥库中找到所提供别名的密钥?

而且，我不能成为唯一遇到此问题的人吗?从Visual Studio部署到Google Play应该是一个相当普遍的工作流程，但我找不到其他人(除了

And, I can't be the only one with this problem? Deploying from Visual Studio to Google Play should be a fairly common workflow, but I am not finding anybody else (besides this other unanswered SO question) who is experiencing this issue. What am I doing wrong?

推荐答案

我已经找到了问题的答案. Android开发者网站上的文档不适用于Visual Studio. Xamarin随附的ApkSigner不知道如何使用它.而是使用此命令创建您自己的发布密钥:

I have discovered the answer to my question. The documentation on the Android Developer site will not work with Visual Studio. The ApkSigner that comes with Xamarin does not know what to do with it. Instead, use this to create your own release key:

keytool -v -list -keystore c:\temp\myreleasekey.keystore -alias myalias -storetype pkcs12

注意最后的-storetype pkcs12.该命令还被修改为(1)将文件写入Program Files之外的其他位置；(2)使用Visual Studio喜欢的.keystore扩展名；(3)避免使用Visual Studio不喜欢的别名中的特殊字符.我读了. (也请避免在密码中使用特殊字符.)

Note the -storetype pkcs12 at the end. This command is also modified to (1) write the file somewhere besides Program Files, (2) uses .keystore extension which Visual Studio likes, and (3) avoids special characters in the alias, which Visual Studio does not like, from what I've read. (Avoid special characters in the password, too.)

请注意，keytool位于c:\Program Files\Java\jdk[version]\bin中.

当我按照文档中的说明进行操作时，我得到了警告来自keytool:

When I followed the instructions on the documentation, I got a warning from keytool:

警告: JKS密钥库使用专有格式.建议使用keytool -importkeystore -srckeystore c:\temp\myreleasekey.jks -destkeystore c:\temp\myreleasekey.jks -deststoretype pkcs12迁移到行业标准格式PKCS12.

Warning: The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using keytool -importkeystore -srckeystore c:\temp\myreleasekey.jks -destkeystore c:\temp\myreleasekey.jks -deststoretype pkcs12.

验证密钥正确时，我也收到此警告:

I also got this warning when verifying the key is correct:

keytool -v -list -keystore c:\temp\myreleasekey.jks -alias myalias

如果您有一个现有密钥并需要转换，请按照警告中的命令进行操作.

If you have an existing key and need to convert it, follow the command in the warning.

我要感谢尼克解释所有密钥签名和区分背后的原因.

I want to thank Nick for explaining the reasoning behind signing and differentiating between all the keys.

乔恩(Jon)，谢谢您指出如何创建自己的私钥.

And thank you, Jon, for pointing me toward how to create my own private key.

这篇关于Visual Studio的AndroidApkSigner在密钥库中找不到密钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！