由于证书不同,无法将更新的 APK 上传到 Google Play [英] Can't upload updated APK to Google Play due to different certificate
问题描述
我正在使用 Android Studio 构建我的 Android 项目,当我将我的 APK 上传到 Google Play 时,尽管使用了我之前使用的相同的密钥库,但它一直向我显示此错误我的应用版本:
<块引用>上传失败
您上传的 APK 使用与之前的 APK 不同的证书签名.您必须使用相同的证书.
您现有的 APK 已使用带指纹的证书进行签名:
[ SHA1: 89:2F:11:FE:CE:D6:CC:DF:65:E7:76:3E:DD:A7:96:4F:84:DD:BA:33 ]
并且用于签署您上传的 APK 的证书具有指纹:
[ SHA1: 20:26:F4:C1:DF:0F:2B:D9:46:03:FF:AB:07:B1:28:7B:9C:75:44:CC ]
首先,Google Play 不太可能在这里出错.你确定你没有错误地使用你的调试密钥吗?
检查使用的签名密钥
您应该使用以下命令仔细检查旧 APK 和新 APK 包含哪些证书:
jarsigner -verify -verbose:summary -certs old.apkjarsigner -verify -verbose:summary -certs new.apk这会显示有关在每个 APK 中签名的文件的信息,如下所示:
sm 4642892 Thu Apr 17 10:57:44 CEST 2014 classes.dex(还有 412 个)X.509,CN=我的应用程序,O=我的公司,C=DE,L=科隆[证书有效期为11/11/13 12:12至29/03/41 12:12][CertPath 未验证:Path 不与任何信任锚链接]如果新 APK 显示 X.509, CN=Android Debug, O=Android, C=US,则您已使用调试密钥而不是原始发布密钥对 APK 进行签名.
如果 X.509 身份字符串在其他方面不同,或者两个 APK 之间的证书日期不同,则您刚刚确认您没有没有为两个 APK 使用相同的签名密钥.
您可以忽略任何CertPath 未验证"消息;在这种情况下不相关.
搜索原始密钥库
如果证书信息不同,你需要找到原始的keystore,即Google Play告诉你的第一个SHA1值的文件.
搜索您能找到的所有密钥库文件,直到找到具有正确 SHA1 指纹的文件:
keytool -list -keystore my-release.keystore我找不到原始密钥库
如果您找不到原始密钥库,您将永远无法发布此特定应用的任何更新.
Android 在签署您的应用程序页面上明确提到了这一点:><块引用>
警告:将您的密钥库和私钥保存在安全可靠的地方,并确保对它们进行安全备份.如果您将应用发布到 Google Play,然后丢失了用于签署应用的密钥,您将无法发布应用的任何更新,因为您必须始终使用相同的密钥签署应用的所有版本.
在首次发布 APK 后,所有后续版本都必须使用完全相同的密钥进行签名.
我可以从原始 APK 中提取原始签名密钥吗?
没有.这不可能.APK 只包含公开信息,不包含您的私钥信息.
我可以迁移到新的签名密钥吗?
没有.即使找到了原件,也不能用密钥 A 对 APK 进行签名,然后用密钥 A 和 B 对下一次更新进行签名,然后仅用密钥 B 对下一次更新进行签名.
使用多个密钥对 APK(或任何 JAR 文件)进行签名技术是可行的,但 Google Play 不接受具有多个签名的 APK.
我能做什么?
您必须使用新的应用 ID(例如从com.example.myapp"更改为com.example.myapp2")构建您的应用,并在 Google Play 上创建一个全新的列表.
可能您还必须更改代码,以便人们即使安装了旧应用程序也可以安装新应用程序,例如您需要确保您没有冲突的内容提供者.
您将失去现有的安装基础、评论等,并且必须找到一种方法让您的现有客户卸载旧应用并安装新版本.
再次确保您备份了用于此版本的密钥库和密码.
I'm using Android Studio to build my Android projects and, when I upload my APK to Google Play, it keeps showing me this error in spite of using the same keystore which I used for earlier versions of my app:
Upload failed
You uploaded an APK that is signed with a different certificate to your previous APKs. You must use the same certificate.
Your existing APKs are signed with the certificate(s) with fingerprint(s):
[ SHA1: 89:2F:11:FE:CE:D6:CC:DF:65:E7:76:3E:DD:A7:96:4F:84:DD:BA:33 ]
and the certificate(s) used to sign the APK you uploaded have fingerprint(s):
[ SHA1: 20:26:F4:C1:DF:0F:2B:D9:46:03:FF:AB:07:B1:28:7B:9C:75:44:CC ]
Firstly, it's unlikely that Google Play is wrong here. Are you sure you didn't use your debug key by mistake?
Check the signing keys used
You should double-check which certificates the old APK and new APK contain, with the commands:
jarsigner -verify -verbose:summary -certs old.apk
jarsigner -verify -verbose:summary -certs new.apk
This shows you information about the files signed in each APK, like this:
sm 4642892 Thu Apr 17 10:57:44 CEST 2014 classes.dex (and 412 more)
X.509, CN=My App, O=My Company, C=DE, L=Köln
[certificate is valid from 11/11/13 12:12 to 29/03/41 12:12]
[CertPath not validated: Path does not chain with any of the trust anchors]
If the new APK says X.509, CN=Android Debug, O=Android, C=US, then you have signed the APK with your debug key instead of the original release key.
If the X.509 identity strings are otherwise different, or the certificate dates are different between the two APKs, you've just confirmed that you did not use the same signing key for both APKs.
You can ignore any "CertPath not validated" message; it's not relevant in this case.
Search for the original keystore
If the certificate information is different, you need to find the original keystore, i.e. the file with the first SHA1 value that Google Play told you.
Search through all the keystore files you can find until you have the one with the correct SHA1 fingerprint:
keytool -list -keystore my-release.keystore
I can't find the original keystore
If you cannot find the original keystore, you will never be able to publish any updates to this particular app.
Android mentions this explicitly on the Signing Your Application page:
Warning: Keep your keystore and private key in a safe and secure place, and ensure that you have secure backups of them. If you publish an app to Google Play and then lose the key with which you signed your app, you will not be able to publish any updates to your app, since you must always sign all versions of your app with the same key.
After the first release of an APK, all subsequent releases must be signed with the exact same key.
Can I extract the original signing key from the original APK?
No. This is not possible. The APK only contains public information, and not your private key information.
Can I migrate to a new signing key?
No. Even if you do find the original, you can't sign an APK with key A, then sign the next update with both keys A and B, then sign the next update with only key B.
Signing an APK (or any JAR file) with multiple keys technically possible, but Google Play does not accept APKs with multiple signatures.
What can I do?
You will have to build your app with a new application ID (e.g. change from "com.example.myapp" to "com.example.myapp2") and create a brand new listing on Google Play.
Possibly you will also have to change your code so that people can install the new app even if they have the old app installed, e.g. you need to make sure that you don't have conflicting content providers.
You will lose your existing install base, reviews etc., and will have to find a way to get your existing customers to uninstall the old app and install the new version.
Again, ensure you have backups of the keystore and password you use for this version.
这篇关于由于证书不同,无法将更新的 APK 上传到 Google Play的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
