Android 新更新的应用程序签名问题:未使用上传证书签名的 apk
Android App Sign issue with new update: apk that is not signed with the upload certificate
最近我上传了一个应用程序到 play-store,现在已经上线了,我也启用了应用程序登录。但是,当我尝试上传新版本时,我无法找到我的旧密钥库。因此,当我生成新的 KEYSTORE 并尝试上传时,出现错误:
you uploaded an apk that is not signed with the upload certificate.
You must use the same certificate.
请查看我的开发人员控制台,其中包含上传证书和应用签名证书。
如何获取使用相同指纹签名的 apk 并上传到 play-store?
参考:https://support.google.com/googleplay/android-developer/answer/7384423?hl=en
If you lose your keystore or think it may be compromised, Google Play
App Signing makes it possible to request a reset to your upload key.
If you're not enrolled in Google Play App Signing and lose your
keystore, you'll need to publish a new app with a new package name.
注意:与 KeyStore 相关的许多关于堆栈溢出的问题,但这是与 Google "App Signing" 的新功能相关的一些事情,我没有得到不合适的答案。
我联系了 Google,他们的回复并未证实任何事情。请找到来自 google.
的以下消息
I'm sorry for the confusion, however I can see for your app (with
package name: com.wma.foodinns.foodinnsapp), you have successfully
registered your upload key with Google and have therefore successfully
generated an upload key. The upload key you generated and then used to
register is the key you should still have on your side and should be
used to sign your APKs when uploading new APKs for this app to the
Play Console.
The certificate you can download from the Play Console is not the full
upload key, but contains the public key as well as some extra
identifying information about who owns the key (for more information
on this, please see the definitions listed here:
https://support.google.com/googleplay/android-developer/answer/7384423?hl=en&ref_topic=7072031).
Do you still have the key you have created that was then registered as
as the upload key on the Play Console?
对不起 Siba,如果您丢失了密钥库,您将无能为力。我的意思是,如果存在一种方法,那不会破坏密钥库系统的整个安全功能吗?
我个人有 3 个重要密钥存储的备份位置。您很幸运,因为您的应用程序对于很多用户来说可能不是太新。只需重新发布此应用程序(使用不同的包名称)即可。保存我们这次要的梯形石。
由于您使用的是 Google Play App Signing,您只需创建一个新的上传密钥,然后联系 Google 支持人员即可。请参阅 the documentation,特别是该页末尾附近的 "Lost or compromised private keys" 部分。
由于您正在使用 Google app signing program,您可以请求重置您的上传密钥。为此,您需要联系 Google。如下截图所示:
联系我们 -> 在 Google Play 上发布应用 -> 应用程序签名证书和密钥库问题 -> 要请求重置上传密钥,联系我们
最后,Google 帮我解决了这个问题。我已经写了一封电子邮件来描述这个问题,然后在得到他们的回复后,按照以下步骤操作。
- 我创建了新密钥库。
- 已将该密钥的证书导出为 PEM 格式:
keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jks
- 回复了他们的电子邮件并附上了 upload_certificate.pem 文件。
- 然后 Google 发了一封电子邮件说他们已经更新了我的密钥库,我可以在 3 到 4 天后使用它。
我使用了新生成的密钥库,他们生成了已成功上传到 Playstore 的签名 APK。
以下是更新密钥库所需的位置列表
- 本地机器
- 锁定现场服务器(不同的 ACL)
- 云计算机(不同的 ACL)
- 专用机密管理服务
- (git) 回购
最近我上传了一个应用程序到 play-store,现在已经上线了,我也启用了应用程序登录。但是,当我尝试上传新版本时,我无法找到我的旧密钥库。因此,当我生成新的 KEYSTORE 并尝试上传时,出现错误:
you uploaded an apk that is not signed with the upload certificate. You must use the same certificate.
如何获取使用相同指纹签名的 apk 并上传到 play-store?
参考:https://support.google.com/googleplay/android-developer/answer/7384423?hl=en
If you lose your keystore or think it may be compromised, Google Play App Signing makes it possible to request a reset to your upload key. If you're not enrolled in Google Play App Signing and lose your keystore, you'll need to publish a new app with a new package name.
注意:与 KeyStore 相关的许多关于堆栈溢出的问题,但这是与 Google "App Signing" 的新功能相关的一些事情,我没有得到不合适的答案。
我联系了 Google,他们的回复并未证实任何事情。请找到来自 google.
的以下消息I'm sorry for the confusion, however I can see for your app (with package name: com.wma.foodinns.foodinnsapp), you have successfully registered your upload key with Google and have therefore successfully generated an upload key. The upload key you generated and then used to register is the key you should still have on your side and should be used to sign your APKs when uploading new APKs for this app to the Play Console.
The certificate you can download from the Play Console is not the full upload key, but contains the public key as well as some extra identifying information about who owns the key (for more information on this, please see the definitions listed here: https://support.google.com/googleplay/android-developer/answer/7384423?hl=en&ref_topic=7072031).
Do you still have the key you have created that was then registered as as the upload key on the Play Console?
对不起 Siba,如果您丢失了密钥库,您将无能为力。我的意思是,如果存在一种方法,那不会破坏密钥库系统的整个安全功能吗?
我个人有 3 个重要密钥存储的备份位置。您很幸运,因为您的应用程序对于很多用户来说可能不是太新。只需重新发布此应用程序(使用不同的包名称)即可。保存我们这次要的梯形石。
由于您使用的是 Google Play App Signing,您只需创建一个新的上传密钥,然后联系 Google 支持人员即可。请参阅 the documentation,特别是该页末尾附近的 "Lost or compromised private keys" 部分。
由于您正在使用 Google app signing program,您可以请求重置您的上传密钥。为此,您需要联系 Google。如下截图所示:
联系我们 -> 在 Google Play 上发布应用 -> 应用程序签名证书和密钥库问题 -> 要请求重置上传密钥,联系我们
最后,Google 帮我解决了这个问题。我已经写了一封电子邮件来描述这个问题,然后在得到他们的回复后,按照以下步骤操作。
- 我创建了新密钥库。
- 已将该密钥的证书导出为 PEM 格式:
keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jks
- 回复了他们的电子邮件并附上了 upload_certificate.pem 文件。
- 然后 Google 发了一封电子邮件说他们已经更新了我的密钥库,我可以在 3 到 4 天后使用它。
我使用了新生成的密钥库,他们生成了已成功上传到 Playstore 的签名 APK。
以下是更新密钥库所需的位置列表
- 本地机器
- 锁定现场服务器(不同的 ACL)
- 云计算机(不同的 ACL)
- 专用机密管理服务
- (git) 回购