如何在 Android Studio 的 Play 商店中使用 upload_cert.der? [英] How do I use upload_cert.der from play store in Android Studio?
问题描述
我从 Play 商店下载了 upload_cert.der 文件.我将根证书添加到我的密钥库中就好了.但是 Android Studio 不允许我使用它,因为它没有密码.Android Studio 抱怨我必须输入密钥密码才能让我进行构建.
I downloaded the upload_cert.der file from the Play store. I added the root certificate to my keystore just fine. But Android Studio won't let me use it because there is no password for it. Android Studio complains that I must enter a key password before it let's me do the build.
- 有没有办法从此upload_cert.der 文件生成受密码保护的私钥?
- 有没有办法让 Android Studio 让我克服这个错误"并进行构建?
- 我使用的是 Windows,upload_cert.der 文件已添加到我的 Windows 证书存储中.我可以在 Android Studio 之外签署 APK 吗(即使我宁愿留在工具中)?
我发现其他人问了这个问题,没有一个答案提到密码,只是解释为什么密钥库中有多个错误类型的条目等.要清楚,我可以在密钥库中创建一个密钥我自己制作并有密码,就好了.在尝试添加任何类型的键之前,我会先删除别名.当 Android Studio 需要密钥密码而没有密码时,我只是不知道如何使用 Play 商店中的 .der 文件!
I found someone else ask this question and none of the answers mentioned the password, just explanations for why there are multiple entries of the wrong type in the keystore, etc. To be clear, I can create a key in the keystore of my own making and with a password, just fine. I deal with deleting an alias before I try to add a key of any sort. I just don't know how to use the .der file from the play store when Android Studio wants a password for the key and there is none!
如果我使用随机乱码的密码,这里是确切的错误:无法从存储C:\Users\xxxx\xxxx.jks"读取密钥代表:受信任的证书条目不受密码保护所以很明显没有办法以某种方式伪造它.
Here's the exact error if I use a password that is just random jiberish: Failed to read key rep from store "C:\Users\xxxx\xxxx.jks": trusted certificate entries are not password-protected So it's clear that there is no way to fake this out somehow.
推荐答案
你忽略的重要事实:
Google Play 绝不会为您提供用于签名的密钥.它只为您提供用于验证的证书.
Google Play never gives you a key you use to sign things. It only ever gives you certificates to verify with.
我将从您可能知道的基础知识开始.在公钥密码学中,有一个私钥和一个公钥.只有签名的人拥有私钥.否则任何人都可以签字.任何人都可以拥有的公钥.他们可以用它来检查签名是否有效.
I'll start with the basics you probably know. In public key cryptography, there is a private key and a public key. Only the person who signs has the private key. Otherwise anyone could sign. The public key anyone can have. They can use it to check the signature is valid.
upload_cert.der 下载只包含公钥.Google Play 允许您下载以进行验证的原因.您可以离线验证您的签名是否符合 Play 商店的要求.您可能永远不需要这样做.
The upload_cert.der download only contains the public key. The reason Google Play lets you download it for verification. You can verify offline your signatures match what the Play Store expects. You probably never need to do this.
Google Play 没有为您提供上传证书的私钥有两个原因.
Google Play doesn't give you the private key for the upload certificate for 2 reasons.
- Google 没有您上传密钥的私有部分!您在注册 Google Play 应用签名时创建了上传密钥的私钥部分.你从来没有把它交给谷歌.Google 所拥有的只是公钥部分.
- 如果 Google 确实将其提供给您,那么该密钥将毫无价值.上传密钥的全部意义在于,即使黑客闯入了您的 Play 管理中心帐户,他们仍然无法上传您应用的新版本.他们也需要上传密钥.上传密钥意味着 Google Play 知道该应用程序来自您.如果他们让您从您的帐户下载签名密钥,那么黑客也可以下载它.那么它就毫无价值了.
如何获取签名所需的上传密钥?
所以现在您可能遇到的问题是我如何获得签名所需的公钥?".答案是你创造它".当您第一次上传 APK 时,该 APK 已使用密钥签名(Google 坚持使用).它可能存储在您的 Android Studio 中.该密钥将成为您的上传密钥.找到你保存它的地方.
How do I get the upload key I need for signing?
So now the question you probably have is "how do I get the public key I need for signing?". The answer is "you create it". When you first upload your APK, that APK was signed with a key (Google insists on it). It was probably stored in your Android Studio. That key becomes your upload key. Find where you kept it.
现在您可能不知道最初使用的密钥在哪里.这是 Google Play 应用签名的一大优点.如果您自己为应用程序签名并丢失了签名密钥,那么您将被卡住,您必须创建一个新应用程序.但是通过 Google Play App Signing,您可以联系 Play Console 支持,他们可以为您提供帮助.该过程位于帮助页面.
Now you might be in a place where you don't know where the key is that you originally used. This is the great thing about Google Play App Signing. If you were signing your app yourself and lost the signing key you would be stuck, you'd have to create a new app. But with Google Play App Signing you can contact Play Console support and they can help you. The process is on the help page.
查看标题为创建新的上传密钥"的部分.请注意,第 1 步是您创建密钥.谷歌仍然没有它.
Look at the section entitled "Create a new upload key". Notice step 1 is you create the key. Google still never has it.
这篇关于如何在 Android Studio 的 Play 商店中使用 upload_cert.der?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
