Can I use the same keystore file to sign two different applications?
Solution 1
You can use that keystore for any number of applications.
No need to generate a new keystore.
Solution 2
I'll make a counter argument to the consensus answer so far.
I agree that for most app authors most of the time, sharing the same keystore/certificate/password between your apps will work fine. The critical thing is to use "the same certificate throughout the expected lifespan of your applications" so the app can upgrade itself.
But I can think of one very good reason to have separate keystores for separate apps or families of apps. If you think you might ever want to sell an app to someone else for them to publish as an upgrade to the original, you'll have to share your one-and-only keystore and password with them to do so. Probably not a huge issue but a bit of worry to you and, perhaps, a due diligence issue to a big-enough buyer.
Also, I really don't read the same line in the documentation the same way as @ol_v_er does. I think the current line:
You should sign all of your apps with the same certificate throughout the expected lifespan of your applications.
(note the lack of a comma in the current version) is simply emphasizing that the 'lifetime' recommendation applies to all apps, not actually directing you to use the same certificate for all of your apps.
Solution 3
The official documentation tells us:
In general, the recommended strategy for all developers is to sign all of your applications with the same certificate, throughout the expected lifespan of your applications. There are several reasons why you should do so ...
https://developer.android.com/studio/publish/app-signing.html#considerations
So yes, try to sign all of your applications with the same certificate.
Solution 4
I want to add some clarification here, because this question and the answers provided lead to confusion for me. It is crucial to understand what a keystore actually is.
A keystore is just a means to securely store the public/private key pair which is used to sign your Android apks. So yes, you can use the same keystore to sign multiple apks, without a problem. You can also use the same alias (each alias is a certificate) to sign multiple apks, and it will work. It has security implications, however. If your single alias is compromised, then all of your apps will have been compromised.
However, if you intend to sell the rights to your apps one day, then using the same alias for all of your apps may not be a good idea. However, using the same keystore, provided you use a different alias for each apk, may not necessarily be a bad option. I'm sure there is a way that you can move a certificate from one keystore to another, so that you can securely give the necessary keys for only that certificate to your buyer.
To make it very clear, a keystore is just that, a storage medium for keys. It plays no actual part in the process of signing an apk, but only serves to store the keys which are actually used to sign the apk.
References:
Understanding keystore, certificates and alias
https://www.digitalocean.com/community/tutorials/java-keytool-essentials-working-with-java-keystores
Solution 5
Of course! You can use the same keystore file as many times you want. It's always better to use the same keystore file for all the applications you develop. That will help if you want to update or modify the application. At that time you need to sign your application with the same key.
Comments
-
Raluca Lucaci over 3 years
I have to upload a new application, It's just the design that's a little different. Yesterday I generated the keystore file to sign application. Can I use the same?
-
Dr.jacky over 9 yearsAnd for 'Alias', what should i write? -
Dr.jacky over 9 yearsAnd for 'Alias', what should i write?
-
ol_v_er over 9 yearsTo make it simple, also use the same for all your apps.
-
Andrew Prock about 8 yearsPlease don't post identical answers to multiple questions. Post one good answer, then vote/flag to close the other questions as duplicates. If the question is not a duplicate, tailor your answers to the question. -
Anthony Stivers about 8 yearsApologies. I'm a noob to SO.
-
Anthony Stivers about 8 yearsI don't have enough rep to vote for a duplicate. So if you would like to vote the following questions as duplicates, I feel this question is the most appropriate to be the non-duplicate. It is the first rank in Google for the relevant keywords, and has the most relevant answers. stackoverflow.com/questions/13023509/… stackoverflow.com/questions/14973205/… stackoverflow.com/questions/10514597/…
-
Sufian over 7 yearsKeeping separate keystores for each app should be the way to go! -
Admin over 7 yearsA keystore CONTAINS the public/private keypairs that make up a signing certificate. One keystore can contain many keypairs. An 'alias' is a reference to a particular keypair in the keystore. One keystore can hold all of your keypairs, but you should have one keypair per app. Use the name of the app you are signing as the alias. You can have separate passwords for your keystore and for each keypair within it. You can change these passwords and import/export keypairs from the keystore or add new keypairs to your keystore. This is all done with the command line 'keytool' command. Look it up. -
CinCout over 6 years@brycewjohnson Can new pairs be added to the keystore via a GUI? -
Ziad H. about 4 yearsWait! How can I use the same keystore but with different alias for each app?! -
Numan Karaaslan over 3 yearsI was able to generate a new key inside android studio apk signing screen. Generate new keystore and alias and it may work. It worked for me.
-
android developer over 3 yearsThe recommendation is to use a different file for each app, right? What happens if you use the same keystore file for more than one app, though? It seems to cause some issues with Firebase/Google services. I guess it's impossible to use a new one (a different one for each app) if it's already done, right? -
Admin about 3 yearsMy question is now is there any problem to use different keystore and certificate for different application
-
SkyzohKey about 3 yearsCool comment, didn't knew that thanks! :) -
ol_v_er about 3 years@Lucian absolutely no problem to do that. It's just a bit more complex to manage. If you keep your certificates whith the source code, it's ok.
-
Al Walid Ashik almost 3 yearscan we opt out this?
-
Rajakumar almost 3 yearsis this applicable for the app bundle too?
