Got this error while trying to build Android app: [apkbuilder] Creating AppInfo-debug-unaligned.ap... Solution: Delete the Android debug keystore: $ rm ~/.android/debug.keystore Build again: $ ant debug The new key is valid for 30 years (keystore password is 'android'): $ keytool -list -v -keystore ~/.android/debug.keys...

Take these steps to automate Android APK signing with release key: Put the release key in the Java keystore, for example: /home/freyo/.keystore Create build.properties file with key.store and key.alias entries: key.store=/home/freyo/.keystore key.alias=andro... Build APK with ant release : $ ant release Buildfile: /home/freyo/AndroidApp...

This exception occurs when trying to get a private key: PrivateKey privateKey = (PrivateKey) keyStore.getK... Stack trace: Exception in thread "main" java.security.Unrecover... which was caused by giving a wrong private key password. The solution is to correct the key password in your code, or change the password in the keystore to match that in your code: keytool -keypasswd -alias mykey -keypass oldpasswo...

Private key: -----BEGIN PRIVATE KEY----- MIIEvAIBADANBgkqhki... Certificate: -----BEGIN CERTIFICATE----- MIIEqDCCA5CgAwIBAgI... Import the key pair to the debug keystore: $ cat platform.pem platform.x509.pem >platform-key...

The Android debug key store is located at ${user.home}/.android . On Windows XP, this is: C:\Documents and Settings\<user>\.android\ . Keystore name, password, etc: Keystore name: "debug.keystore" Keystore password: "android" Key alias: "androiddebugkey" Key password: "android" CN: "CN=Android Debug,O=Android,C=US"

To sign an Android APK from command line: Sign the APK with jarsigner (using default keystore, android-root is the alias of the signing key): $ jarsigner -signedjar HelloWorld-new.apk HelloWor... Verify signature (optional) $ jarsigner -verify -verbose -certs HelloWorld-new... Align the APK (must use -v 4 option): $ ~/android-sdk-linux_86/tools/zipalign -v 4 Hello...

When you create a new key with Java keytool , it wraps the public key in a self signed certificate. You can generate a certificate signing request with the keytool -certreq command. After a certificate authority (CA) signs the certificate request, you can import the certificate received (a .crt file) back into the key store. Instead of using a CA, you can sign the certificate request with another key (with openssl, for example). If the certificate is not signed by a CA, you'll receive an error: $ keytool -import -alias android-root -file androi... To fix the problem, import the certificate of the signer: $ keytool -import -trustcacerts -file openssl.crt ... Import the certificate again (alias is the alias of the private key whose certificate was...

Format Name Description PKCS #7 Cryptographic Message Syntax Standard A PKCS #7 file can be used to store certificates, which is a SignedData structure without data (just the certificates). The file name extension is usually .p7b , .p7c PKCS #8 Private-Key Information Syntax Standard. Used to carry private certificate keypairs (encrypted or unencrypted). PKCS #12 Personal Information Exchange Syntax Standard. Defines a file format commonly used to store private keys with accompanying public key certificates, protected with a password-based symmetric key. It is the successor to PFX from Microsoft. DER Distinguished Encoding Rules A binary format for keys or certificates. It is a message transfer syntax specified by the ITU in X.690. PEM Privacy Enhanced Mail Base64 encoded DER certificates or keys, with additional header...

The Java keytool utility does not support importing a private key directly from a file. But it does support merging a keystore with the -importkeystore command. So, for a private key generated with OpenSSL in PEM format, you first convert the PEM key into PKCS12 format , then merge the one-key PKCS12 store with the Java KeyStore: C:\>keytool -importkeystore -srckeystore openssl_c...

I tried to convert a private key from PEM to PKCS12 with OpenSSL and got this error: C:\myworks>openssl pkcs12 -export -in openssl_ca3.... The problem was that the -in parameter expects both private key and certificate in the same input file, i.e., openssl_ca3.pem in the above example. Appending the certificate file to the key fixed the problem: C:\myworks>cat openssl_ca3.crt >>openssl_ca3.pem ...