Loading...
Home
  • Tech Blogs
  • Videos
  • Conferences
    • Droidcon News
    • Upcoming Conferences
    • Become a Partner
    • Past Events
    • Keep Me Informed
    • Diversity Scholarships
  • Community
    • droidcon Team
    • How to Hold a Droidcon
  • Android Careers
Sign In

Global CSS

 

Opting in Existing Apps to Google Play App Signing

 

 
Jomar Tigcal
Android Developer, Trainer, and Consultant, Software Developer, Sweldong Pinoy Developer
Published: July 23, 2020
Tweet
Share
 

 

App Signing by Google Play has been around since 2017. With App Signing, Google manages your app signing keys and uses it to sign your APKs for distribution. Enrolling your app in App Signing is optional. You might have decided to handle the signing and storage of your keys instead of uploading them to Google Play.

Now, you have changed your mind and want Google to manage your signing keys instead of doing it personally. Or you want to try to reduce your app’s size and simplify the release process with Android App Bundle but you are required to use App Signing for it. So how can you opt-in your existing apps to App Signing?

Opting in to app signing by Google Play

Before enrolling your app to App Signing by Google Play, there are two things you need to know. First, there is no opt out so make sure that you are ready for it. Also, you won’t be able to download your app signing keys from Google Play so if you would need it in the future, store them somewhere safe.

To enroll your app in App Signing, you need to upload your app signing key to Google Play. Open your app in the Google Play Console and navigate to Release Management > App Signing (Release > Setup > App Signing in the New Google Play Console). Read and accept the Terms of Service.

There are three options to export and upload your app signing key: from Android Studio, from a Java keystore, and from your key (if you’re not using a Java keystore).

Export and upload a key from Android Studio

Using Android Studio is the easiest way to to export your app signing key. Open the Build menu, then click Build > Generate Signed Bundle / APK… In the Generate Signed Bundle or APK dialog, select Android App Bundle then click Next. Select Export encrypted key for enrolling published apps in Google Play App Signing, set the location where you want to export it, then click Next. Android Studio will generate the bundle and export the private_key.pepk in the directory you provided.

 

Image for post

Export encrypted key with Android Studio

 

In the Google Play Console App Signing page, select “Export and upload a key from Android Studio” and upload the key Android Studio generated.

Export and upload a key from a Java Keystore

If you’re using a Java keystore to sign your apps, select the “Export and upload a key from a Java keystore” in the Google Play Console App Signing page. Download the Play Encrypt Private Key (PEPK) tool from the console and save it in your preferred location. Also, take note of the encryption key in the instructions.

The PEPK tool is a JAR file that allows you to export and encrypt your app signing key. For example, if you have the following:
* the PEPK tool in /Users/admin/Downloads
* app signing key signing-key.jks that has “release” as the alias, located in the same folder as the pepk.jar
* encrypted key from the Google Play console with the value encryptionkeyfromtheconsole

you can export the key to encryptedkey.pepk using the following command:

java -jar /Users/admin/Downloads/pepk.jar — keystore=signing-key.jks — alias=release — output=/Users/admin/Downloads/encryptedkey.pepk — encryptionkey=encryptionkeyfromtheconsole

The terminal will ask you for the keystore and key password. Once you input them, the command will generate the encryptedkey.pepk file in the /Users/admin/Downloads/ directory. In the Google Play Console App Signing page, select “Export and upload a key from Java keystore” and upload the encryptedkey.pepk file.

Export and upload a key (not using a Java keystore)

If your app signing key wasn’t made using a Java keystore, select the “Export and upload a key (not using a Java keystore)” option in the Google Play Console App Signing page. You can download the PEPK tool source code and use the hex encoded public key provided in the console to export your private key.

In the Google Play Console App Signing page, select “Export and upload a key (not using Java Keystore)” and upload the key you exported.

Creating an Upload Key

An upload key is the key you will use to sign your app bundle or APK before publishing it on Google Play. You can use the same signing key as the upload key so your process will be the same as what you were doing before. However, it is better to use a different upload key so the app signing key won’t be compromised.

To create an upload key for your app, you need to create a new signing key and upload its public certificate (in PEM format). You can create a new key in Android Studio. In the Build menu, click Build > Generate Signed Bundle / APK… In the Generate Signed Bundle or APK dialog, select either Android App Bundle or APK, then click Next. Click the Create new…button below the Key store path input text. Provide the information in the New Key Store dialog then click OK.

 

Image for post

Generating New Key Store from Android Studio

 

Let’s say your new upload key is upload-key.jks with “alias” as the alias, you can export its key to upload-cert.pem by running the following command:

keytool -export -rfc -keystore upload-key.jks -alias alias -file upload-cert.pem

The terminal will ask you for the keystore password. Once you provide it successfully, the command will generate the upload-cert.pem file. You can then upload this PEM file in the Google Play Console. Now, you must sign the next app updates with the upload-key.jks upload key.

What’s Next?

Once you have uploaded the app signing key (and created a new upload key), you can click the Finish button (Save in the New Google Play Console) to save the changes. You will see a notification that App Signing is now enabled for the app. You can now use Android App Bundle in publishing your next update.

The App Signing page will also display the certificates for the app signing key and upload key, along with their key signatures (MD5, SHA-1, SHA-256), which you will need to use for some APIs.

 

 

 

Tags: Android App Development, AndroidDev, Android, App Signing, Google Play

 

View original article at: 


 

Originally published: July 06, 2020

Android News
Compose CameraX on Android
Compose CameraX on Android

By Peng Jiang

Android new UI toolkit Jetpack compose is in beta now, which has all the features you need to build production-ready apps. CameraX is another Jetpack support library, which let you control the camera easier. As compose is still under development, lots of the views are still not available the compose way.

By ProAndroidDev -
Android News
Getting… your BottomSheetScaffold working on Jetpack Compose Beta 03
Getting… your BottomSheetScaffold working on Jetpack Compose Beta 03

By Carlos Mota

It’s Monday, no releases this week, and… there’s a new version of Jetpack Compose — beta 03—available. What a perfect time to just increment 02 to 03 and see what’s new. The API is (almost) final so after updating from alpha to beta there weren’t any big changes to do. However, and remember that’s still in development, there’s always something that I need to update. 

By ProAndroidDev -
Android News
Noisy Code With Kotlin Scopes
Noisy Code With Kotlin Scopes

By Chetan Gupta

Scopes make your code more readable? think again... You are going to encounter these scope functions namely let, run, apply, also, within every Kotlin codebase, along with all the mischievous ways developers exploit their usage from the way they were intended for. Let see how popular opinion on those ends up just as a code noise.

By ProAndroidDev -
Android News
Improving Android DataBinding with Bindables library
Improving Android DataBinding with Bindables library

By Jaewoong Eum

DataBinding is one of the most important factors for MVVM architecture. The basic concept of DataBinding is to link the view and view model via observer patterns, properties, event callbacks, etc. Linking and automating communication between the view via the bound properties or something in the view model has a lot of benefits in the MVVM architecture concept.

By ProAndroidDev -
droidcon News

Tech Showcases,

Developer Resources &

Partners

/portal/rest/jcr/repository/collaboration/Groups/spaces/droidcon_hq/Documents/public/home-details/EmployerBrandingHeader
EmployerBrandingHeader
https://jobs.droidcon.com/
/portal/rest/jcr/repository/collaboration/Groups/spaces/droidcon_hq/Documents/public/employerbranding/jobs-droidcon/jobs.droidcon.com
jobs.droidcon.com

Latest Android Jobs

http://www.kotlinweekly.net/
/portal/rest/jcr/repository/collaboration/Groups/spaces/droidcon_hq/Documents/public/employerbranding/kotlin-weekly/Kotlin Weekly
Kotlin Weekly

Your weekly dose of Kotlin

https://proandroiddev.com/
/portal/rest/jcr/repository/collaboration/Groups/spaces/droidcon_hq/Documents/public/employerbranding/pad/ProAndroidDev
ProAndroidDev

Android Tech Blogs, Case Studies and Step-by-Step Coding

/detail?content-id=/repository/collaboration/Groups/spaces/droidcon_hq/Documents/public/employerbranding/Zalando/Zalando
/portal/rest/jcr/repository/collaboration/Groups/spaces/droidcon_hq/Documents/public/employerbranding/Zalando/Zalando
Zalando

Meet one of Berlin's top employers

/detail?content-id=/repository/collaboration/Groups/spaces/droidcon_hq/Documents/public/employerbranding/Academy for App Success/Academy for App Success
/portal/rest/jcr/repository/collaboration/Groups/spaces/droidcon_hq/Documents/public/employerbranding/Academy for App Success/Academy for App Success
Academy for App Success

Google Play resources tailored for the global droidcon community

Follow us

Team droidcon

Get in touch with us

Write us an Email

 

 

Quicklinks

> Code of Conduct

> Terms and Conditions

> How to hold a conference

> FAQs

> Imprint

Droidcon is a registered trademark of Mobile Seasons GmbH Copyright © 2020. All rights reserved.

powered by Breakpoint One