In the Google Play Console App Signing page, select “Export and upload a key from Android Studio” and upload the key Android Studio generated.

Export and upload a key from a Java Keystore

If you’re using a Java keystore to sign your apps, select the “Export and upload a key from a Java keystore” in the Google Play Console App Signing page. Download the Play Encrypt Private Key (PEPK) tool from the console and save it in your preferred location. Also, take note of the encryption key in the instructions.

The PEPK tool is a JAR file that allows you to export and encrypt your app signing key. For example, if you have the following:
* the PEPK tool in /Users/admin/Downloads
* app signing key signing-key.jks that has “release” as the alias, located in the same folder as the pepk.jar
* encrypted key from the Google Play console with the value encryptionkeyfromtheconsole

you can export the key to encryptedkey.pepk using the following command:

java -jar /Users/admin/Downloads/pepk.jar — keystore=signing-key.jks — alias=release — output=/Users/admin/Downloads/encryptedkey.pepk — encryptionkey=encryptionkeyfromtheconsole

The terminal will ask you for the keystore and key password. Once you input them, the command will generate the encryptedkey.pepk file in the /Users/admin/Downloads/ directory. In the Google Play Console App Signing page, select “Export and upload a key from Java keystore” and upload the encryptedkey.pepk file.

Export and upload a key (not using a Java keystore)

If your app signing key wasn’t made using a Java keystore, select the “Export and upload a key (not using a Java keystore)” option in the Google Play Console App Signing page. You can download the PEPK tool source code and use the hex encoded public key provided in the console to export your private key.

In the Google Play Console App Signing page, select “Export and upload a key (not using Java Keystore)” and upload the key you exported.

Creating an Upload Key

An upload key is the key you will use to sign your app bundle or APK before publishing it on Google Play. You can use the same signing key as the upload key so your process will be the same as what you were doing before. However, it is better to use a different upload key so the app signing key won’t be compromised.

To create an upload key for your app, you need to create a new signing key and upload its public certificate (in PEM format). You can create a new key in Android Studio. In the Build menu, click Build > Generate Signed Bundle / APK… In the Generate Signed Bundle or APK dialog, select either Android App Bundle or APK, then click Next. Click the Create new…button below the Key store path input text. Provide the information in the New Key Store dialog then click OK.

Generating New Key Store from Android Studio

Let’s say your new upload key is upload-key.jks with “alias” as the alias, you can export its key to upload-cert.pem by running the following command:

keytool -export -rfc -keystore upload-key.jks -alias alias -file upload-cert.pem

The terminal will ask you for the keystore password. Once you provide it successfully, the command will generate the upload-cert.pem file. You can then upload this PEM file in the Google Play Console. Now, you must sign the next app updates with the upload-key.jks upload key.

What’s Next?

Once you have uploaded the app signing key (and created a new upload key), you can click the Finish button (Save in the New Google Play Console) to save the changes. You will see a notification that App Signing is now enabled for the app. You can now use Android App Bundle in publishing your next update.

The App Signing page will also display the certificates for the app signing key and upload key, along with their key signatures (MD5, SHA-1, SHA-256), which you will need to use for some APIs.