How to resign a .aab file for app signing in Google play console
Question
I am currently working in a pharmaceutical company witch also publishes apps. Until now the only scope was iOS and now they want to create Android apps.
From the developers we receive an unsigned .aab file because we have an internal validation process. After that process we need to resign the app to deploy it in the Google Play Console.
But as i upload the .aab i get: "You uploaded an APK with an invalid signature (learn more about signing). Error from apksigner:" with no further information
As Mentioned we get a clean .aab file, no more no less and need to deploy it.
I have created a new app in the console, enabled app signing, downloaded the pepk.jar file, run the code attached to the pepk, uploaded the output file and downloaded the upload_cert.der file.
Now i already tried to import the .der file in my .keystore file and resigned the .aab --> no success
$ keytool -importcert -file upload_cert.der -keystore appname.keystore
i tried to create a .jks keystore and import the .der --> no success
--
example code of keystore creation: $ keytool -genkey -v -keystore appname.keystore -alias alias -keyalg RSA -keysize 2048 -validity 10000
example code of the signing: $ jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore appname.keystore appname_unsigned.aab "alias"
example code of zipalign: $ zipalign -v 4 appname_signed.aab cimzia_aligned.aab
What is going wrong? Any idea?
1 answers
solution1
0 2019-06-26 16:17:45
Welcome Niels.
You need to understand better the concepts behind signing, in particular the .der file does not contain your private key so you will be unable to sign your AAB with it.
I have provided for that purpose an extensive description of the various concepts in this answer: Use provided upload_cert.der to sign a release Android APK file
Have a read and hopefully it will help.
The tldr is that you should use your private upload key , which only you have (Google does not have this key -- unless you've explicitly chosen to use the same as your signing key), not the .der file that Google lets you download since it only contains the public part of the upload key.
Depending how you enrolled in Play Signing, the private key could be the original keystore you used to sign your APKs with, or some other key you generated when you enrolled (when prompted to use a different upload key). The official documentation should explain all the process in details.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.