cosmogonies.net Blog of cosmogonies.net

privacy
16Dec/120

Failing @publishing on Android PlayStore: Signing package with correct encryption !

I record here my painful experience as releasing my second game on Google Android Market: the "Play Store".

I find that I signed my apk with a key with the latest JAVA 1.7 keytool, that used as crypto algorithm "SHA256withRSA"
I found this algorithm is not supported by Android Publishing, and provoke an error : "Package file was not signed correctly" when installed (so AFTER being purchased!)
The very epic fail is that the apk was authorized and google let me release on the market a deficient application !

In the rush, I uninstalled JDK 1.7, rolling back to 1.6, delete my key from my current keystore, and re-create one (same name) with "SHA1withDSA" encryption...
When I uploaded the new release, well encrypted this time, I get this FANTASTIC error just after the upload process in my dev web-page: "The apk must be signed with the same certificates as the previous version."
Ok then... so I can NOT fix my release because of my first wrong encryption (caused by a better default algorithm remember). Wonderfull.

After several mails unanswered and some forum topics , I decided to unpublished my whole game. And create a new one, same name, same description but with a good SHA1-encrypted first apk upload.
I hope my bad experience will be useful for someone...

Lesson learned ? Not use latest jdk Well understand all releasing/publishing processes and do not let any commands or steps as default value.
If you do not understand an argument, an option in Unity3d (which create your key user-frendly but with default values, do NOT ignore it, and give you TIME to read about it. Painful BUT Safe.

Little step by step processes:
1°) Install JDK 1.6, and to not forget to add this environment variables:
JAVA_HOME C:\Program Files\Java\jdk1.6.0_26
Path C:\Program Files\Java\jdk1.6.0_26\bin
2°) In CommandLine interpreter, type:
keytool -genkey -alias TheNameYouWant -keystore TheNameYouWantPrivateKey.store
3°) Verify your key like that:
keytool -v -list -keystore "TheNameYouWantPrivateKey.keystore"
4°) Check apk signature:
jarsigner -verify -certs -verbose D:\The\Path\To\Your\Application\MyAwesomeGame.apk

Comments (0) Trackbacks (0)

No comments yet.


Leave a comment

No trackbacks yet.

international
about
e-mail