Add Google Play Upload Key to Keystore

Opting in Existing Apps to Google Play App Signing

App Signing by Google Play has been around since 2017. With App Signing, Google manages your app signing keys and uses it to sign your APKs for distribution. Enrolling your app in App Signing is optional. You might have decided to handle the signing and storage of your keys instead of uploading them to Google Play.

Now, you lot have changed your listen and desire Google to manage your signing keys instead of doing it personally. Or y'all want to effort to reduce your app'due south size and simplify the release procedure with Android App Bundle but you are required to employ App Signing for it. And so how can yous opt-in your existing apps to App Signing?

Opting in to app signing by Google Play

Earlier enrolling your app to App Signing by Google Play, there are two things you need to know. Outset, in that location is no opt out then brand sure that you are set up for it. Also, y'all won't be able to download your app signing keys from Google Play and so if you would need it in the future, shop them somewhere safe.

To enroll your app in App Signing, y'all need to upload your app signing key to Google Play. Open your app in the Google Play Console and navigate to Release Management > App Signing (Release > Setup > App Signing in the New Google Play Console). Read and accept the Terms of Service.

There are three options to export and upload your app signing central: from Android Studio, from a Coffee keystore, and from your key (if you're not using a Java keystore).

Export and upload a key from Android Studio

Using Android Studio is the easiest fashion to to export your app signing key. Open the Build menu, and then click Build > Generate Signed Bundle / APK… In the Generate Signed Bundle or APK dialog, select Android App Bundle and then click Next. Select Export encrypted key for enrolling published apps in Google Play App Signing, set up the location where yous want to export information technology, then click Next. Android Studio volition generate the bundle and consign the private_key.pepk in the directory yous provided.

Export encrypted key with Android Studio

In the Google Play Console App Signing page, select "Export and upload a central from Android Studio" and upload the key Android Studio generated.

Export and upload a central from a Java Keystore

If yous're using a Java keystore to sign your apps, select the "Consign and upload a central from a Java keystore" in the Google Play Panel App Signing page. Download the Play Encrypt Private Key (PEPK) tool from the console and salvage information technology in your preferred location. Also, take notation of the encryption key in the instructions.

The PEPK tool is a JAR file that allows you to consign and encrypt your app signing key. For case, if yous have the following:
* the PEPK tool in /Users/admin/Downloads
* app signing key signing-key.jks that has "release" equally the alias, located in the same folder as the pepk.jar
* encrypted key from the Google Play panel with the value encryptionkeyfromtheconsole

you lot tin can consign the key to encryptedkey.pepk using the post-obit command:

java -jar /Users/admin/Downloads/pepk.jar — keystore=signing-central.jks — alias=release — output=/Users/admin/Downloads/encryptedkey.pepk — encryptionkey=encryptionkeyfromtheconsole

The last will enquire you for the keystore and cardinal password. Once y'all input them, the command will generate the encryptedkey.pepk file in the /Users/admin/Downloads/ directory. In the Google Play Console App Signing folio, select "Export and upload a key from Java keystore" and upload the encryptedkey.pepk file.

Consign and upload a key (not using a Java keystore)

If your app signing cardinal wasn't fabricated using a Java keystore, select the "Export and upload a key (not using a Java keystore)" selection in the Google Play Console App Signing folio. Y'all can download the PEPK tool source lawmaking and use the hex encoded public key provided in the panel to consign your private central.

In the Google Play Console App Signing folio, select "Export and upload a primal (not using Java Keystore)" and upload the key you exported.

Creating an Upload Key

An upload key is the central y'all will utilise to sign your app package or APK before publishing information technology on Google Play. You can utilise the same signing key equally the upload central so your procedure will be the same every bit what you lot were doing before. However, it is better to employ a dissimilar upload key so the app signing key won't be compromised.

To create an upload fundamental for your app, you demand to create a new signing central and upload its public certificate (in PEM format). You can create a new key in Android Studio. In the Build menu, click Build > Generate Signed Bundle / APK… In the Generate Signed Bundle or APK dialog, select either Android App Bundle or APK, so click Next. Click the Create new… push button below the Key store path input text. Provide the information in the New Central Store dialog then click OK.

Generating New Central Shop from Android Studio

Allow's say your new upload key is upload-cardinal.jks with "alias" as the alias, you can export its key to upload-cert.pem past running the post-obit control:

keytool -export -rfc -keystore upload-fundamental.jks -allonym allonym -file upload-cert.pem

The terminal volition enquire you for the keystore password. Once you provide information technology successfully, the command volition generate the upload-cert.pem file. Yous can and so upload this PEM file in the Google Play Panel. Now, yous must sign the adjacent app updates with the upload-key.jks upload cardinal.

What's Next?

Once you have uploaded the app signing key (and created a new upload primal), y'all can click the Cease button (Relieve in the New Google Play Console) to relieve the changes. You will see a notification that App Signing is now enabled for the app. Y'all can at present use Android App Bundle in publishing your side by side update.

The App Signing page will also display the certificates for the app signing key and upload key, forth with their cardinal signatures (MD5, SHA-1, SHA-256), which yous will demand to use for some APIs.

harpgunfoop.blogspot.com

Source: https://proandroiddev.com/opting-in-existing-apps-to-google-play-app-signing-19239853b57f

Share this post