How to generate an upload key for Google App Signing?

android google-play sign signing android-app-signing

47,315

Solution 1

Upload key: A new key you generate during your enrollment in the program. You will use the upload key to sign all future APKs prior to uploading them to the Play Console.

So it is just a new key you generate using the existing process.

Solution 2

I just went through this exhausting process. I'm using React Native so I never even use Android Studio unless I need to launch a virtual device. I'm documenting this for myself and anyone else that has been traumatized by this experience. This is explicitly for the 'Upload Key' option. Google then swaps it out on Play so you aren't really responsible for making sure you don't lose the one and only key to your fortunes.

Open the 'android' file inside your React Native project in Android Studio. Build it and do whatever you have to so it gives you the options to produce an APK (unsigned or whatever). You can also just run it from here on a VD or a phone if it's attached. I had to do updates to get it to build so you may need to do the same.

First go to 'Build' in the menu:

This window will come up:

Click 'Create new...'

A dialog like this will come up. Fill it out with your info. Note that there are two separate passwords. Remember what you put there for later.

Go to someplace you want to store the key. In React Native, there is already a folder called 'keystores' at MyApp > android > app. Choose that as the key store path by clicking the '...' button.

Type in whatever you want your key called. I gave it the same name as the app.

This will bring you back to the previous dialog. Fill in the passwords from before and click 'Next'.

This will bring you to this dialog where you can choose where to put the apk. By default in React Native it goes to MyApp > android > app > app-release.apk. Click those two tick boxes otherwise you will have to change some configs or Google Play will reject it. They start out unchecked.

Go to this page in your Developer Panel. Click 'Edit Release'. This is presuming you've already set up a beta or alpha release. (Not covered here.)

That will bring you to this page. Drag and drop your apk here or upload with the button.

Please, Google, document this process somewhere! Peace out!

Solution 3

Create a signed bundle in latest version of Android Studio, sign your app with jks as usual except with "export encrypted key" checked.

Your private key will be exported at ~/.android/private_key.pepk by default.

Solution 4

For me, the experience was different as of Feb 2019. While uploading a signing key, I haven't completed the optional Upload Key section as it said that I can complete this step later.

After I have uploaded a signing key and pressed Finish, it said that now I have an upload key and I'm good to go even though I haven't created one.

It took me time to see that fingerprints of the signing certificate and upload certificate are identical, i.e. Google has silently registered my signing key as an upload key.

Hope this helps somebody.

Solution 5

The Android Developer page you mentioned(Sign an APK) clearly lays out how to generate a key using Android Studio. Notice the Generate a key and keystore section.

An upload key is no different in terms of how it is created. It is only the purpose that makes it different from the signing key. Upload key is only used to upload the APK to the Google server so that they can authenticate you. Google then does the actual app signing for you.

View more solutions

47,315

Author by

Julian Schmuckli

Developing different apps for different devices.

Updated on July 15, 2022

Comments

Julian Schmuckli almost 2 years
I am currently struggling with the upload key, which is the new method of signing APK's to publish it to Google Play.

What I have done
1. I created a new app which should now on the play store.
2. I created an app entry on the Play console.
3. Then I activated Google Play App Signing
4. I uploaded my signed APK with a normal keystore file.
And then I get the following error message from the upload dialog.

Upload failed You uploaded an APK that is signed with a key that is also used to sign APKs that are delivered to users. Because you are enrolled in App Signing, you should sign your APK with a new key before you upload it.

What's the problem

I did not find anything to upload an upload key or how to generate something like this. Is the upload key equal to the keystore file?

What I've tried to do

Then I looked at the documentation of app signing here. But I don't understand how I can create this upload key and send it Google.

Can anyone help me?
Julian Schmuckli about 7 years

But where can I generate this key. Normaly with the build in key store tool generator in Android Studio?
ianhanniballake about 7 years

Yep. Exactly same process.
leonardkraemer over 6 years

checking both boxes really makes the difference, I cowardly assumed that full apk signing was enough. thank you for the detail.
nickdnk about 6 years

How do you get the upload key to match the upload certificate on the Play Store? I've enabled Google Play Signing but still have no clue how to get hold of my upload key. I only exported my app signing key from when I did not use Google Play Signing, then they provided me with an upload certificate but no key?!
GenericJam about 6 years

@nickdnk If you go this route Google holds on to the key. That's sort of the point. You can't lose it this way. If you want to hold on to the key yourself you can generate the key yourself. It's a command line tool. developer.android.com/studio/publish/app-signing
GenericJam about 6 years

@nickdnk I know it's kind of confusing but the key mentioned in these dialogs in this post is temporary. This doesn't give you the signing key. It gives you a key which you submit and Google swaps them out.
nickdnk about 6 years

I know. I'm talking about the upload key. I only have the certificate, but I'm not sure where the key is coming from? I managed to upload an app today without problems though by importing the upload_key.der file into my keystore. I was just under the impression that the .der file only included the public part, but I guess not.
Vairavan over 5 years

@ianhanniballake How about they key used for services used in the app like AdMobs, Analytics, etc. I'm assuming that should be the app signing key (managed by play console) and not the upload key.
ianhanniballake over 5 years

@Vairavan - yes, those services rely on the app signing key. The Dev Console displays the MD5, SHA-1, and SHA-256 of the signing key for just that reason.
Vairavan over 5 years

@ianhanniballake Thx. Is there a way to get the SHA for PEPK took downloaded from Play console?
Valerie Castle over 5 years

Thank you very much, this is the best answer.
Trevor over 5 years

Thank you so much, no google guide and nobody damn else mentions where the hell the private key is exported to.
Piginhat over 5 years

I have tried following that page but the Build menu in my Studio 3.1.4 does not have the path stated so I cannot generate an upload certificate. Also I am developing the app in Unity which will sign and export the APK so I have no project to open in Studio?
Simon Raes about 5 years

I'm getting the same. The first app signing page mentions that you can skip the upload key step for now and upload one later, I can't find an option anywhere to upload a new upload key.
gmartinsnull about 5 years

is that the actual upload key though?
Blue Bot about 5 years

I dont have "export encrypted key" checkbox
ShinChven almost 5 years

@gmartinsnull yes it is.
BorhnN almost 5 years

my play console shows the same. Did you later figure out how to upload a 'upload key' later. Also, in my case although i can upload app bundle, but Google doesn't calculate the binary diff when updating the app. Everytime a full apk is delivered. What about your's?
yury.ku almost 5 years

Hi @BorhnN - I was able to update the upload key later by contacting Google - I guess that's the only way. No troubles with app bundle from my side.
Sajith Vijesekara almost 5 years

hi @yury.ku today I have tried to find place to upload Key. But It says need to contact developer support. Is there any other place to upload key ?
lasec0203 over 4 years

i.stack.imgur.com/o59zF.png checking those 2 boxes is what I was missing. Great thing I stumbled here
nt95 over 4 years

how do you use the private_key.pepk to sign an update for your app?
ShinChven over 4 years

@nt95 sign with your original key, .pepk is for opt in only. After you uploaded .pepk, you still sign your app with your original keystore.
nt95 over 4 years

@ShinChven I keep getting "Keystore Tampered with or password incorrect". The Keystore hasn't been modified since before the last release and the passwords are 100% correct. I've been stuck for 3 days, any advice?
SMBiggs over 4 years

I'm not seeing the 'Export encrypted key' option. What version of AS are you using?
Bartosz over 3 years

@SajithVijesekara As of Jan 2021, the only option is to contact Google support via this form: support.google.com/googleplay/android-developer/contact/key
Adam B over 2 years

I also am using unity. what is the process to get android studio to open properly so I can access this signing menu?
Hamed Zakery Miab over 2 years

There is no such checkbox, what should we do?