Still problems with creating the neccessary file for keystore reset (Lengthy mail)
Klaus major-k
klaus at major-k.de
Tue Aug 27 08:06:22 EDT 2024
Hi all,
"The torture never stops" (F.Z.)
We are still struggling with creating the correct file for Google to reset the upload key,
and I get the feeling that Google is incompatible with Google!?
The very long story:
-------------------------------------------------------------------------
LC 10rc1, macOS 14.6.1 on a M2 Mac Mini
Android Studio Iguana | 2023.2.1 Patch 1
Build #AI-232.10300.40.2321.11567975, built on March 13, 2024
Runtime version: 17.0.9+0-17.0.9b1087.7-11185874 aarch64
VM: OpenJDK 64-Bit Server VM by JetBrains s.r.o.
macOS 14.6.1
GC: G1 Young Generation, G1 Old Generation
Memory: 2048M
Cores: 8
Metal Rendering is ON
Registry:
ide.experimental.ui=true
Google support reponded to my question (Can I rest the upload keystore?) with the instructions quoted below.
I created a new keystore file with "Android Studio":
> 1. • Follow the instructions in the Android Studio Help Center to generate a new key.
> It must be different from any previous keys, be a 2048-bit RSA key, and have 25-year validity.
> Alternatively, you can use the following command line to generate a new key:
> • keytool -genkeypair -alias upload -keyalg RSA -keysize 2048 -validity 9125 -keystore keystore.jks
Worked out fine and Matthias Rebbe and I could use it with LC to sign my Android app without any problems!
-----------------------------------------
Keystore file -> android_upload.keystore
Password: XXX1
Key:
Alias: sehenkey
Password: XXX2
-----------------------------------------
> 2. • Export the certificate for that key to PEM format:
> • keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jks
Created the PEM file successfully -> upload_certificate.pem
> 3. • Once you have generated a PEM file please follow the steps below:
> • Go to Setup > App integrity > App Signing.
> • Request Upload key reset.
> • Give a reason why you’re requesting a key reset.
> • Enter PEM file.
> • Click Request.
Google does not accept the above mentioned PEM file (BIG fun, thank you support) and shows a JAVA terminal
command that would output a ZIPped PEM file to upload to Google.
See a screenshot here: <https://major-k.de/java_terminal.png>
(Strangely Matthias Rebbe saw a completely differenet command in HIS account on the app signing page!?)
And also let me download a JAR file "pepk.jar" which obviously does the actual work.
Matthias was so kind to check the terminal stuff for me with a higher JAVA version (jdk 20), so I could avoid the SDK "dance" :-)
The script with all placeholder replaced with my data, maybe this is not completely correct?
------------------------------------------------------------------------------------
java -jar pepk.jar --keystore=android_upload.keystore --alias=sehenkey --output=output.zip signing-keystore=android_upload.keystore --signing-key-alias=upload-key-alias --rsa-aes -encryption --encryption-key-path=upload_certificate.pem
------------------------------------------------------------------------------------
But here is what he got:
------------------------------------------------------------------------------------
Error: Unable to parse the input: [--keystore=android_upload.keystore, --alias=sehenkey, --output=output.zip, signing-keystore=android_upload.keystore, --signing-key-alias=upload-key-alias, --rsa-aes, -encryption, --encryption-key-path=upload_certificate.pem]
java.lang.IllegalArgumentException: Invalid argument: signing-keystore=android_upload.keystore
at com.google.wireless.android.vending.developer.signing.tools.extern.export.Utils.processArgs(Utils.java:32)
at com.google.wireless.android.vending.developer.signing.tools.extern.export.ExportEncryptedPrivateKeyTool.main(ExportEncryptedPrivateKeyTool.java:110)
USAGE:
java -jar pepk.jar
--keystore <release_keystore>
--alias <key_alias>
--output=<output_file>
(--rsa-aes-encryption --encryption-key-path=</path/to/encryption_public_key.pem> | --encryptionkey=<encryption_key_hex>)
[--signing-keystore <keystore> [--signing-key-alias=<alias>]]
[--include-cert]
pepk (Play Encrypt Private Key) is a tool for exporting private keys from a
Java Keystore and encrypting them for transfer to Google Play as part of
enrolling in App Signing by Google Play.
REQUIRED FLAGS
--keystore Path to the keystore containing the private key to export.
--alias Alias of the private key in the keystore.
--output File in which to output the encrypted private key.
OPTIONAL FLAGS
--keystore-pass Password for the keystore. If not set, will be prompted on
the command line.
--key-pass Password for the key inside the keystore. If not set, the
same password as the keystore will be used, or if none was
set, it will be prompted on the command line.
--signing-keystore Path to the keystore containing the private key that will
be used for signing the exported encrypted private key.
--signing-key-alias Alias of the private key used for signing in the
signing Keystore. Must be specified if --signing-keystore
flag is set.
--rsa-aes-encryption Use RSA AES Key Wrap encryption for encrypting the
private key.
--encryption-key-path Path to the PEM-encoded public key to be used for
encrypting the private key. Must be specified if
--rsa-aes-encryption is set.
--encryptionkey Public key to encrypt the private key with. This will be
the hex encoded bytes of the public key. The public key
is a 4-byte identity followed by a 64-byte P256 point.
Must be specified if --rsa-aes-encryption is not set.
--include-cert Include the public certificate to be exported along with
the encrypted private key.
OTHER OPTIONS
--help Show this usage page and exit.
--license Show the license for the tool and exit.
------------------------------------------------------------------------------------
So we got stuck!?
Any insight highly appreciated!
Also off-list if neccessary.
Thanks a lot in advance!
Best
Klaus
--
Klaus Major
https://www.major-k.de
https://www.major-k.de/bass
klaus at major-k.de
More information about the use-livecode
mailing list