如何使用上传密钥对您的应用进行签名 [英] How to sign your app using the upload key
问题描述
我正尝试将我的应用发布到Google Playstore,但我不知道如何使用上传密钥对应用进行签名,如
I'm trying to publish my app to Google playstore, and I can not figure out how to sign the app use the upload key, as stated in https://developer.android.com/studio/publish/app-signing.html
我使用Android Studio,并使用Build->签署了apk,并生成了已签署的APK,并在自己的密钥存储路径/文件中创建了自己的密钥.现在,要进行发布,我需要使用google上传密钥,这使我感到困惑.所以,
I use Android Studio, and I signed the apk use Build -> generate signed APK, and created my own key at my own key store path/file. Now, to do the release, I need to use the google upload key, which confused me. So,
-
在Google Play控制台的哪里可以找到我的上传密钥?在此应用的应用签名下,我可以看到MD5,SHA-1,SHA-256的上传证书,甚至可以下载upload.pem文件.我该怎么办?
where can I find my upload key in Google Play Console? Under App signing of this app, I can see Upload certificate of MD5, SHA-1, SHA-256 and even download a upload.pem file. What do I do with it?
然后究竟该如何使用Build->在Android Studio中生成已签名的APK并使用此所谓的上传密钥对其进行签名?
then exactly how do I use the Build -> generate signed APK in Android Studio to sign it with this so-called upload key?
我的应用使用Google登录来验证用户身份.现在,如果我只安装自己的apk,它就可以工作.但是,如果我从Google商店下载它,它就无法进行Google身份验证,为此我认为我搞砸了发布程序.
My app uses google sign in to authenticate users. Right now it works if I just install my own apk. But if I download it from google store, it can not do the google authentication, for which I assume I screwed up the publication procedure.
仅供参考,我正在使用使用Google Play应用签名"过程.
FYI, I'm using the "Use Google Play App Signing" process.
请帮助.
推荐答案
我想我已经知道了...
I think I've figured this out...
当您选择使用Google App签名过程时,Google Play会将您上传的应用程序的签名更改为App签名证书的SHA-1证书指纹(与Upload证书相对).有关流程,请参见此Studio文档中的图1.
When you elect to use the Google App Signing process, Google Play CHANGES your uploaded app's signature to the SHA-1 certificate fingerprint of the App signing certificate (as against the Upload certificate). See Figure 1 at this Studio document for the process flow.
[顺便说一句,您可以在Google Play控制台->版本管理->应用签名中找到这两个应用的证书]
[Btw, you can find both app's certificates at Google Play Console -> Release Management -> App Signing]
这意味着,要使Oauth能够正常工作,您必须创建一个新的OAuth 2.0凭据(位于console.developers.google.com),该凭据使用应用程序签名证书的指纹 >(与上载证书的指纹相对)具有相同的程序包名称.
This means that, for Oauth to work, you must create a new OAuth 2.0 credential (at console.developers.google.com) that uses the App signing certificate's fingerprint (as against the Upload certificate's fingerprint) with the same package name.
您的软件包现在将具有2个Oauth凭据,一个用于生产版本,另一个用于您的开发/测试.两者将具有相同的程序包名称;生产凭证将使用App签名指纹,而开发/测试凭证将使用Upload(或本地密钥库)指纹.
Your package will now have 2 Oauth credentials, one for production releases, the other for your development/testing. Both will have the same package name; the production credential will use the App signing fingerprint, while the dev/testing credential will use the Upload (or local keystore) fingerprint.
很明显,只有在您的应用程序首次部署到Google Play(GP为其分配)后,您才知道该应用程序的签名指纹.因此,将需要在首次上传到Google Play之后但在单击向生产推广"之前创建生产凭据.
Obviously, you will not know the App signing fingerprint until your app is first deployed to Google play (GP assigns it). So, the production credential will need to be created after uploading to Google Play for the first time, but prior to clicking "Rollout to Production".
这篇关于如何使用上传密钥对您的应用进行签名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
