构建 AAB 时出错 - Flutter (Android) - 完整性检查失败：java.security.NoSuchAlgorithmException：算法 HmacPBESHA256 不可用

Question

I am trying to build an AAB for my flutter app. I generated the keystore using the following below command:

keytool -genkey -v -keystore ~/pc-keystore.jks -keyalg RSA -keysize 2048 -validity 10000 -alias pckey

I have a key.properties file, and I have referenced it using the provided code in the flutter docs. How can I solve this Java related issue? My program throws the following exception

* What went wrong:                                                      
Execution failed for task ':app:signReleaseBundle'.                     
> A failure occurred while executing com.android.build.gradle.internal.tasks.Workers$ActionFacade
   > Failed to read key pckey from store "/Users/jrperfetto/pc-keystore.jks": Integrity check failed: java.security.NoSuchAlgorithmException: Algorithm HmacPBESHA256 not available
                                                   

Answer 1

I was getting the same error, I try this command

keytool -genkey -v -keystore ~/upload-keystore.jks -keyalg RSA -keysize 2048 -validity 10000 -alias upload -storetype JKS

with extra attribute

-storetype JKS

it helps me to solve my problem and successfully create bundle.

The -storetype JKS tag is only required for Java 9 or newer. As of the Java 9 release, the keystore type defaults to PKS12.

Answer 2

It turns out i was generating my signing key using a different Java Version than my app was using to build the app. You can check this by running flutter doctor -v and seeing where the Java binary is located, and comparing it to when you run "which java".

The solution is to run your keygen command prefixed with the location of the Java bin found in the flutter doctor output like so:

/Applications/Android\ Studio.app/Contents/jre/jdk/Contents/Home/bin/keytool -genkey -v -keystore ~/pc-keystore.jks -keyalg RSA -keysize 2048 -validity 10000 -alias pckey

Answer 3

If you haven't already created a keystore file:

1. Mac:

keytool -genkey -v -keystore ~/upload-keystore.jks -keyalg RSA -keysize 2048 -validity 10000 -alias upload -storetype JKS

2. Windows (change USER_NAME):

keytool -genkey -v -keystore "c:\Users\USER_NAME\upload-keystore.jks" -storetype JKS -keyalg RSA -keysize 2048 -validity 10000 -alias upload

If you have already created a keystore file before:

keytool -importkeystore -srckeystore "path/to/upload-keystore.jks" -destkeystore "path/to/new-upload-keystore.jks" -deststoretype JKS

Answer 4

in android folder in app folder open build.gradle and make sure to keep

(buildTypes { release { signingConfig signingConfigs.debug } })

and before prepare app bundle change it to (signingConfig signingConfigs.release)

Answer 5

It solves me when I remove debug.keystore from the bellow directory.

/Users/tariqul/.android/debug.keystore

Answer 6

I don't know if the way I solved the problem is the right way, and I don't know if others will solve it this way, but I think I would have solved it if I had done a lot of things.

I adapted JAVA_HOME to the form of the java binary that came up with flutter doctor -v like this

% flutter doctor -v                            
[✓] Android toolchain - develop for Android devices (Android SDK version 31.0.0)
.
.
.
    • Java binary at: /Applications/Android Studio.app/Contents/jre/jdk/Contents/Home/bin/java

and set JAVA_HOME to .zshrc

% cd ~
% vi .zshrc

export JAVA_HOME="/Applications/Android Studio.app/Contents/jre/jdk/Contents/Home"

% echo $JAVA_HOME
/Applications/Android Studio.app/Contents/jre/jdk/Contents/Home

and

% flutter clean
% flutter build appbundle

and that works

% flutter build appbundle

💪 Building with sound null safety 💪

Running Gradle task 'bundleRelease'...                                  
Running Gradle task 'bundleRelease'... Done                         4.1s
✓ Built build/app/outputs/bundle/release/app-release.aab (21.2MB).

Answer 7

I got the same issue yesterday. I deleted my old debug key, which is located at /Users/<username>/.android/debug.keystore . I think this is the simplest way to handle this problem for a Newbie like me.

PS Not sure about the "release" mode. This just works for "debug" mode.

Answer 8

Note: The keytool command might not be in your path—it's part of Java, which is installed as part of Android Studio. For the concrete path, run flutter doctor -v and locate the path printed after 'Java binary at:'. Then use that fully qualified path replacing java (at the end) with keytool. If your path includes space-separated names, such as Program Files, use platform-appropriate notation for the names. For example, on Mac/Linux use Program\ Files, and on Windows use "Program Files". The -storetype JKS tag is only required for Java 9 or newer. As of the Java 9 release, the keystore type defaults to PKS12

1- remove upload-keystore.jks

a-  /android/app/upload-keystore.jks
b- /home/user/upload-keystore.jks

2- Regenerate file:

keytool -genkey -v -keystore ~/upload-keystore.jks -keyalg RSA -keysize 2048 -validity 10000 -alias upload -storetype JKS

3- copy file /home/user/ upload-keystore.jks to android/app/

4- flutter clean

5- Flutter build appbundle

Answer 9

This works fine for me:)

/Users/macbookpro/Library/Java/JavaVirtualMachines/openjdk-16.0.1/Contents/Home/bin/keytool -genkey -v -keystore android/app/upload-keystore.jks -keyalg RSA -keysize 2048 -validity 10000 -alias upload -storetype JKS

Answer 10

IF YOU CAN'T/DON'T WANT TO GENERATE NEW KEYS.

Generating new keys was not an option for me because our app is already in production and contacting google was such a hassle. As others have pointed out, the build fails because the app was signed with a java version higher than Java 11. But the HmacPBESHA256 algorithm is not available in java 11 which is shipped with Android Studio. That is, Android Studio is trying to build your app with Java 11.

So the solution for me was to get Android Studio to build the aab with my local java version, not java 11. To tell Android Studio which JDK version to use, in gradle.properties , I added:

org.gradle.java.home=/Library/Java/JavaVirtualMachines/jdk-15.0.2.jdk/Contents/Home

After this, I was able to build my aab without any issues with the keys I already had.

Answer 11

I found this problem befor and i solve it when i change the JDK from 11 version to 16 version in windows 10 64bit

Answer 12

Like Graciela, I am unable to recreate the certificate. However, I using Java 12+ in Android Studio isn't a good fix for me. Using an updated Java version works for deploying from my machine, but not from the CI server.

Instead, I exported and imported the certificate to change the signing algorithm.

Here are the steps I used:

Export the certificate to PKCS12 using Java v12+:

keytool -importkeystore -srckeystore ./upload-keystore.jks -destkeystore ./pcstore.p12 -deststoretype PKCS12

Using openssl, export the key as.pem

openssl pkcs12 -nodes -in pcstore.p12 -out keystore.pem

Create a new.p12 store using openssl

openssl pkcs12 -export -in keystore.pem -out new-pcstore.p12 -name upload

Create a new jks store using the Android Studio version of Java (Java 11) by importing the.p12 store:

/Applications/Android\ Studio.app/Contents/jre/Contents/Home/bin/keytool -importkeystore -srckeystore ./new-pcstore.p12 -destkeystore ./new-upload-keystore.jks -deststoretype jks

Now the keystore works with Java 11 and it's using the same certificate I signed the app with before.

Answer 13

For my case, I have used gradle 7.3 build tool to compile the source. it is worked without any problem.

First, download gradle from this link: https://gradle.org/releases/

Unzip it in your preferred location

Than run this command: export PATH=$PATH:/gradle_bin_path

This will add gradle binary for current terminal session only. If you want to add this path for permanent, you need to follow extra step:

first run this command to get what terminal you are using:

echo $SHELL

I am using zsh as shell, so if the output is /bin/zsh than run this following commands:

sudo -s
cd /users/username
ls
vim .zshrc

Before editing the.zshrc file, be sure to have a backup of this file

And than add following line to this file: export PATH=$PATH:/gradle_bin_path

Save and quit the editor.

Than run this command: source.zshrc

The path list now updated. Let's run this command:

gradle --version

It should show current gradle version.

Now, time to compile the app. lets cd to directory where your project is.

Then, run this command: gradle clean

Wait till gradle finish sync your project. once finish sync, run this command:

gradle build

Finally, you will be able to solve your problem.

Answer 14

AS I lost my Keystore, and was unable to return it back, read google documentation about getting a new key.

Google: If you've lost your private upload key or it's been compromised, you can create a new one, and then ask your account owner to contact support to reset the key. When contacting support, make sure your account owner attaches the upload_certificate.pem file.

I emailed google at the following link: https://support.google.com/googleplay/android-developer/contact/key

They sent me the following commands to re-generate keystore and certificate.pem:

Here's how to generate and register a new upload key:

Follow the instructions in the Android Studio Help Center to generate a new key. It must be different from any previous keys. Alternatively, you can use the following command line to generate a new key:

keytool -genkeypair -alias upload -keyalg RSA -keysize 2048 -validity 9125 -keystore keystore.jks

This key must be a 2048 bit RSA key and have 25-year validity. Export the certificate for that key to PEM format:

keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jks

Reply to this email and attach the upload_certificate.pem file, after replying, they will send an email mentioning your key store will be updated after 2 days,

now you have a new key store, in order to generate a signed bundle keys, you must do the following:

1- Go to the android side in your flutter (2.8.1) project. 2- go to settings> Build, Execution..> Gradle> 3- change gradle JDK to something between 16 and 11, **JDK 15 worked for me.

note: if you don't have jdk, you can download it in same place Gradle JDK with jdk download option. note: you must build your signed app bundle within android only not inside flutter framework.

Answer 15

Solution is very simple. Just delete your file mentioned in the error log. For example in my case the path was shown below.

C:\Users\kattie\.android\debug.keystore.jks

Delete this debug.keystore.jks file and make sure you close android studio or OpenJDK process from task manager.

Answer 16

The @azhar-ali answer does not work for me on Ubuntu 2020.04. And I found this answer that worked.

Commands:

keytool -genkey -v -keystore upload-keystore.jks -keyalg RSA -keysize 2048 -validity 10000 -alias upload -storetype JKS

keytool -importkeystore -srckeystore upload-keystore.jks -destkeystore upload-keystore.p12 -deststoretype PKCS12

openssl pkcs12 -nodes -in upload-keystore.p12 -out upload-keystore.pem

openssl pkcs12 -export -in upload-keystore.pem -out new-upload-keystore.p12 -name upload

(Using p12 key instead of jks key)

key.properties:

storeFile=/home/admin/Documents/Working/projects/new-upload-keystore.p12

Result:

flutter build appbundle

💪 Building with sound null safety 💪

Running Gradle task 'bundleRelease'...                           2,422ms
✓ Built build/app/outputs/bundle/release/app-release.aab (16.6MB).

Answer 17

Add this in last of your command

-storetype JKS

Like,

keytool -genkey -v -keystore ~/upload-keystore.jks -keyalg RSA -keysize 2048 -validity 10000 -alias upload -storetype JKS

Answer 18

Command

keytool -genkey -v -keystore ~/upload-keystore.jks -deststoretype JKS  -keyalg RSA -keysize 2048 -validity 10000 -alias upload 

worked for me on my mac m1.

i was using java version 17 and everytime i try to build appbundle i would get error

Integrity check failed: java.security.NoSuchAlgorithmException: Algorithm HmacPBESHA256 not available

To solve this i added

-deststoretype JKS in keytool command and it worked for me.