4

My key for signing Android app was generated using Android Studio. It is working fine when I try to generate signed APK from Android Studio.

However the same key is not working when I try to sign using apksigner tool. Here is the command I am using.

apksigner sign --ks mykey.jks --ks-key-alias MyAlias --out app-myapp-release.apk app-myapp-release-aligned.apk

I am getting below errors:

java.io.IOException: Keystore was tampered with, or password was incorrect

Any suggestions?

** Update ** Android Studio Version 2.2.3 The keystore was generated using "Generate Signed APK" dialog box from Build menu.

Nagarjun
  • 2,346
  • 19
  • 28
  • 1. Does this keystore-alias-password combination work with jarsigner? `jarsigner -sigalg SHA1withRSA -digestalg SHA1 -keystore mykey.jks -signedjar out.apk app-myapp-release-aligned.apk MyAlias` 2. Does it work with apksigner if you provide the keystore password on the command-line using `--ks-pass pass:yourpassword`? – Alex Klyubin Jan 08 '17 at 01:18
  • 1. Yes, it works with jarsigner 2. No, it doesn;t. It shows error `java.io.IOException: Failed to obtain key with alias "myapp" from mykey.jks. Wrong password?` – Nagarjun Jan 08 '17 at 09:23
  • Thanks! Would you mind posting steps to generate a keystore using Android Studio (which version?) such that the keystore doesn't work with apksigner? I suspect the issue might be with some characters used in the password, but I haven't been able to reproduce this myself yet. – Alex Klyubin Jan 08 '17 at 20:18
  • Updated my post with the information. I used Generate Signed APK dialog to generate the keystore. However the passwords do not contain any space as they work fine with jarsigner. P.S. I am typing passwords and not copy pasting. – Nagarjun Jan 10 '17 at 07:06
  • Finally I decided to use jarsigner tool which is working fine. Is there any issues in the future if I use jarsigner tool instead of apksigner as jarsigner is from Oracle, apksigner is from Google who is actually verify package on playstore. – Nagarjun Jan 10 '17 at 07:10
  • Does the password contain non-ASCII characters? On a test Linux machine I'm seeing issues with keytool and jarsigner handling non-ASCII characters in passwords in an incompatible way between the case when the password is provided on the command-line vs the case when it's provided via stdin/console prompt. I wonder if there's something similar happening with Android Studio which, in certain cases, uses the keytool tool to generate keystores. – Alex Klyubin Jan 10 '17 at 21:49
  • It contains ! (exclamation) and - (hiphen) characters – Nagarjun Jan 11 '17 at 21:53

2 Answers2

9

I just had this exact problem, and many more while trying to sing an apk.

Try to add these options to your sign command:

--ks-pass stdin  --key-pass stdin

Now you can normally type in your keystore password and your key (alias) password in that order.

Nemanja Kovacevic
  • 3,510
  • 2
  • 30
  • 45
  • 1
    Thank you very much! You found a bug in apksigner (https://code.google.com/p/android/issues/detail?id=233426). Nagarjun@, does this workaround fix your issue with apksigner and your keystore? – Alex Klyubin Feb 03 '17 at 21:27
  • If you're fixing bugs around this perhaps take a look at the comment of my answer here http://stackoverflow.com/questions/40653492/apksigner-not-accepting-password/41703165#41703165 Looks like even this doesn't help for some weird chars – Nemanja Kovacevic Feb 03 '17 at 23:00
  • Happy to fix stuff, but for some of these issues we don't yet have steps to reproduce them. What's clear so far is that jarsigner performs some undocumented transformations on input passwords (e.g., not decoding input passwords using the current character encoding -- see my comments on the OP). So, if you have steps to reproduce, please do file a bug at https://code.google.com/p/android. – Alex Klyubin Feb 04 '17 at 18:35
  • 1
    Re: weird chars, I believe I figured it out. I have now filed code.google.com/p/android/issues/detail?id=234089 to track the issue and am working on a fix/workaround. This issue in keytool/jarsigner may also explain similar issued with Android Plugin for Gradle / Android Studio being unable to use some keystores, reporting the password is wrong. – Alex Klyubin Feb 15 '17 at 16:50
0

(I cannot write comments) so I added this as answer and hope this will help you with your issue. Did you check these links:

Just for information: Your JKS file should contain the private key and the certificate meant to sign the APK, here is the official link for more details.

Community
  • 1
  • 1
Soufiane ROCHDI
  • 1,543
  • 17
  • 24
  • Thanks for reply. I already tried those methods. keytool list the fingerprint. Its only issue with apksigner tool. – Nagarjun Jan 08 '17 at 00:35
  • Ok, I assume you're using Gradle, see this [link1] (http://stackoverflow.com/a/34652052/5806009) and this [link2](https://coderwall.com/p/zrdsmq/signing-configs-with-gradle-android) is detailled – Soufiane ROCHDI Jan 08 '17 at 00:45
  • No, I am using apksigner tool which comes with Android build tools. As I mentioned in my post, it works fine from Android Studio. But I do not want to hardcode passwords or keystore information in gradle build files which will be checked into git. – Nagarjun Jan 08 '17 at 00:49
  • You can prompt password with gradle build file You can get the **passwords** from **System.console()** `storePassword System.console().readLine("\nKeystore password: ") keyPassword System.console().readLIne("\nKey password: ")` – Soufiane ROCHDI Jan 09 '17 at 17:08
  • Thanks for the suggestion. Yes, that could be one option I should consideer, the other best option is to use jarsigner tool suggested by Alex in comments ( which is working fine). – Nagarjun Jan 10 '17 at 07:08