Convert .keystore to .jks to sign apk

android xamarin xamarin.android keystore jks

13,266

If you are using a Java keystone to sign your Android apps (Xamarin-based or not) then the odds are 99.999% that the XXX.keystore that you are using to sign your Xamarin.Android apps is already in JKS format and not PKCS12 format.

A quick way of checking is to dump your keystone in RFC format and review the Keystore type: field.

Example:

/usr/bin/keytool -list -rfc -keystore debug.keystore |grep "Keystore type"

Output:

Enter keystore password:

*****************  WARNING WARNING WARNING  *****************
* The integrity of the information stored in your keystore  *
* has NOT been verified!  In order to verify its integrity, *
* you must provide your keystore password.                  *
*****************  WARNING WARNING WARNING  *****************

Keystore type: JKS

Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore debug.keystore -destkeystore debug.keystore -deststoretype pkcs12".

Example (non-filtered):

/usr/bin/keytool -list -rfc -keystore sushi.keystore

Output:

Enter keystore password:

*****************  WARNING WARNING WARNING  *****************
* The integrity of the information stored in your keystore  *
* has NOT been verified!  In order to verify its integrity, *
* you must provide your keystore password.                  *
*****************  WARNING WARNING WARNING  *****************

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: androiddebugkey
Creation date: Aug 20, 2017
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
-----BEGIN CERTIFICATE-----
MIIDDTCCAfWgAwIBAgIEeCTY/jANBgkqhkiG9w0BAQsFADA3MQswCQYDVQQGEwJV
~~~~
KvHIbSHVBsryiyCwPJkXP6A=
-----END CERTIFICATE-----


*******************************************
*******************************************

If you actually need to convert a PKCS12 type store to new JKS keystore type file:

keytool -importkeystore -srckeystore somekeystore.pkcs12 -destkeystore somenewkeystore.jks -deststoretype jks

13,266

Author by

Ciaran

Updated on June 05, 2022

Comments

Ciaran about 2 years

I have an android app that I am trying to protect using quixxi.com however it requires me to sign the app again. But to do this it has to use .jks files but my keystore is .keystore

I am using Xamarin.Android in C# with Visual Studio 2017

Is there any way around this?
Ciaran about 6 years

Where do I write the code for converting a PKCS12 to JKS?
SushiHangover about 6 years

@Ciaran What to you mean where? keytool is a cmd-line utility
Ciaran about 6 years

is there anyway of doing this in visual studio? cmd said "'keytool' is not recognised as an internal or external command, operable program or batch file"
SushiHangover about 6 years

@Ciaran no, keytool is a part of the java install, look in C:\Program Files\Java\jdk(some version number)\bin
Ciaran about 6 years

oh ok sorry I am new to this, and where do I write the line? in the command prompt? it said "'keytool' is not recognised as an internal or external command, operable program or batch file" when I tried using Command Prompt
Antonino almost 6 years

if you are on a Windows machine just copy the debug.keystore file into the C:\Program Files\Java\#jdk_version#\bin folder, open a terminal window from this folder and run: keytool -list -rfc -keystore debug.keystore