android

keystore

android-sdk-2.1

Ok folks.. long story short, I was developing on a computer that I no longer have access to. I was able to retrieve the source code, but not the .keystore file used to sign and publish my application to the market (with several updates). Am I, and my poor users, out of luck if I ever want to update?

I know the password used to sign the key (at least it is one of three it could be), so can I create another? There must be a way around this.. what about a hard drive fail?

Solution 1

Faced the same problem. I was trying to restore it via deleted files restoring tools, but it failed. So, there is no other way: you should issue another application.

Generally, the only advise that exists on keystores: "always back it up!"

Solution 2

Now it is possible don't worry, here is the full and final steps to reset .JKS file.

UPDATE: As it states in the Play Console Help here (scroll to bottom), you should now already do step 3 before (create new .jks, convert to .pem) and only then fill out the form with the upload_cert and .pem file attached. This will make the support process easier and faster for you.

Step-1

Download the UPLOAD CERTIFICATE (file name - upload_cert.der) from your Google Play Store Console

Step-2

Go to this LINK https://support.google.com/googleplay/android-developer/contact/key?hl=en And fill the application form with your valid Email ID and upload the file (upload_cert.der).

Step-3

Now you will get the Email from support team, and they don't need your .JKS file but .PEM file here is the email Sample.

Step-4

to convert .JKS file to .PEM file you just have to download KeyStore Explorer

After replying the Mail, wait for 48 to 72 hours your keystore fill will reset.

Solution 3

Until today, losing your key would make it impossible to update your app with a new version. In such cases, the only solution was to publish a new app, with a new package name and key, and ask all of your users to install it.

Starting from today, the app signing key in the Play Console is now securely managed by Google Play meaning that you are only responsible for managing your upload key. If your upload key is compromised or lost, Google's developer operations team can assist by verifying your identity and resetting your upload key. Google will still re-sign with the same app signing key, allowing the app to update as usual.

For existing apps, it requires transferring your app signing key to Google Play. For new apps, Google can generate your app signing key. Once enrolled in app signing, you sign your APK with an upload key, which Google uses to authenticate your identity. They'll then strip that signature and re-sign your app with the app signing key.

Reference: Play Console Help > Manage your app signing keys

Solution 4

It is possible for a long while.

  1. Follow the instructions in the Android Studio Help Center to generate a new key. It must be different from any previous keys. Alternatively, you can use the following command line to generate a new key:

keytool -genkeypair -alias newalias -keyalg RSA -keysize 2048 -validity 9125 -keystore nameofkeystore.jks

This key must be a 2048 bit RSA key and have 25-year validity.

  1. Export the certificate for that key to PEM format:

keytool -export -rfc -alias newalias -file upload_certificate.pem -keystore nameofkeystore.jks

Then upload this pem file and fill the form and submit it to this site . And then you will receive an email once we've registered the new upload key . Only accepts key reset requests from the Play Console account owner.

All well and good. You can publish new release apk with your new jks file.

Solution 5

If you know your keystore password, you still don't have the associated private key to sign your app. You also have no chance to generate the same private key which corresponds to your public key.

Therefore: Always backup your keystore file. It's as important as your source code.

Solution 6

If you have enabled Google Play App signing for your application you do not need to worry.

To check if you have Google Play App signing enabled, go to Release management -> App Signing, in your Google Play Console.

If it is enabled you can contact Google Play Support by filling the support form or else you can also opt for live chat with a support personnel here: https://support.google.com/googleplay/android-developer/answer/7218994?hl=en

Explain them your issue and they will tell you the next steps which include creating a new 2048 bit RSA keystore with 25 years validity and exporting the key to PEM format and emailing it to them.

To export key to PEM format:

keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jks

Solution 7

From long days, I also search a solution for that, but not successfully till now. If you have the last version of your app apk, then you can retrieve certificates from that by using the jarsigner cmd command. But you need a private key for update. Google Play did not provide any relaxation for that.

Solution 8

I have generated the signed apk using android studio , so in the "key Store Path" i just typed some name without extension, and fill this popup and signed the application.

next time for publishing the application i don't remember the path and name where it was created.

somehow i find the default location which is "C:\Program Files\Java\jdk1.8.0_45\jre\bin" : \jre\bin

and in that folder short by date ,then i tried with recent file and it worked for me.

Note : you should remember the Key store password and key password.

Solution 9

Yes, you can release an update to existing app with a new key!

Google now allows you to upload the new key to existing app by requesting them to reset it through email/live chat in Google Support.

This process takes 1-2 business days.

I followed this process and uploaded an update to the same app with a new key. Google Play Store technical team helped me to reset the previous key.

Solution 10

Its Possible now, After May 2017 you can Update your app if you lost your keystore or keystore password. You can not recover your lost keystore but you can replace keystore on playstore. Click here

App signing process:

You can upload APKs signed with the original app signing key before or after you opt in to app signing by Google Play.

If youre starting to use Android App Bundles, you can test them in testing tracks while you use your existing APK in production. Heres how the process works:

  1. Sign your app bundle or APK and upload it to your Play Console.
  2. Depending on what you upload, heres how the signing process differs:

    • App bundle: Google generates optimized APKs from your app bundle and signs them with the app signing key.
    • APK signed with upload key: Google verifies and strips your signature from the APK, and then resigns the APK with the app signing key.
    • APK signed with app signing key: Google verifies the signature. Google delivers signed APKs to users.

Solution 11

There must be a way around this.. what about a hard drive fail?

I would like to add that always keep a backup of the keystore in cloud storage like Google Drive, Dropbox or email it to yourself.

Solution 12

There's now a dedicated form and instructions for case of loosing the keystore. From Play Console's help page:

Lost or compromised upload key?

If youve lost your private upload key, or its been compromised, you can create a new one, and then ask your account owner to contact support to reset the key. When contacting support, make sure your account owner attaches the upload_certificate.pem file.

After our support team registers the new upload key, you receive an email, and then you can update your keystores and register your key with API providers.

Important: Resetting your upload key doesnt affect the app signing key that Google Play uses to re-sign APKs before delivering them to users.

Steps to generate new key and PEM certificate:

keytool -genkeypair -alias upload -keyalg RSA -keysize 2048 -validity 9125 -keystore keystore.jks

(*This key must be a 2048 bit RSA key and have 25-year validity.)

Export the certificate for that key to PEM format:

keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jks