使用上传密钥签署旧 Android 应用
Sign old Android apps with upload key
我的 Google 开发者帐户现在拥有 5 个不同的应用程序,其中 4 个是在新的 Google 应用程序签名发布之前创建的,并且它们都 4 个共享相同的证书。当我创建最后一个应用程序时,我按照步骤创建了一个新密钥,现在一个可以从其他应用程序 "separatedly" 使用它自己的发布密钥。
我想知道是否可以使用最近创建的 release-key.jks 来为其余应用程序签署最后一个应用程序。
此外,如果可以的话,Google Play 管理中心的 App Signing 页面提供的三个选项中,我应该选择上传哪个选项?
- "You've exported your app signing key"
- "You haven't exported your app signing key"
- "You don't store your app signing key in a Java Keystore"
我在这里有点迷路,我不想因为将来无法发布更多更新而把事情搞砸。
谢谢!
您应该使用第一次签名时使用的相同密钥
根据https://developer.android.com/studio/publish/app-signing#considerations
You should sign all of your APKs with the same certificate throughout
the expected lifespan of your apps. There are several reasons why you
should do so:
App upgrade: When the system is installing an update to an app, it
compares the certificate(s) in the new version with those in the
existing version. The system allows the update if the certificates
match. If you sign the new version with a different certificate, you
must assign a different package name to the app—in this case, the user
installs the new version as a completely new app. App modularity:
Android allows APKs signed by the same certificate to run in the same
process, if the apps so request, so that the system treats them as a
single app. In this way you can deploy your app in modules, and users
can update each of the modules independently. Code/data sharing
through permissions: Android provides signature-based permissions
enforcement, so that an app can expose functionality to another app
that is signed with a specified certificate. By signing multiple APKs
with the same certificate and using signature-based permissions
checks, your apps can share code and data in a secure manner. If you
plan to support upgrades for an app, ensure that your app signing key
has a validity period that exceeds the expected lifespan of that app.
A validity period of 25 years or more is recommended. When your key's
validity period expires, users will no longer be able to seamlessly
upgrade to new versions of your app.
If you plan to publish your apps on Google Play, the key you use to
sign those APKs must have a validity period ending after 22 October
2033. Google Play enforces this requirement to ensure that users can seamlessly upgrade apps when new versions are available. If you use
Google Play App Signing, Google ensures your apps are correctly signed
and able to receive updates throughout their lifespans.
我的 Google 开发者帐户现在拥有 5 个不同的应用程序,其中 4 个是在新的 Google 应用程序签名发布之前创建的,并且它们都 4 个共享相同的证书。当我创建最后一个应用程序时,我按照步骤创建了一个新密钥,现在一个可以从其他应用程序 "separatedly" 使用它自己的发布密钥。
我想知道是否可以使用最近创建的 release-key.jks 来为其余应用程序签署最后一个应用程序。
此外,如果可以的话,Google Play 管理中心的 App Signing 页面提供的三个选项中,我应该选择上传哪个选项?
- "You've exported your app signing key"
- "You haven't exported your app signing key"
- "You don't store your app signing key in a Java Keystore"
我在这里有点迷路,我不想因为将来无法发布更多更新而把事情搞砸。
谢谢!
您应该使用第一次签名时使用的相同密钥 根据https://developer.android.com/studio/publish/app-signing#considerations
You should sign all of your APKs with the same certificate throughout the expected lifespan of your apps. There are several reasons why you should do so:
App upgrade: When the system is installing an update to an app, it compares the certificate(s) in the new version with those in the existing version. The system allows the update if the certificates match. If you sign the new version with a different certificate, you must assign a different package name to the app—in this case, the user installs the new version as a completely new app. App modularity: Android allows APKs signed by the same certificate to run in the same process, if the apps so request, so that the system treats them as a single app. In this way you can deploy your app in modules, and users can update each of the modules independently. Code/data sharing through permissions: Android provides signature-based permissions enforcement, so that an app can expose functionality to another app that is signed with a specified certificate. By signing multiple APKs with the same certificate and using signature-based permissions checks, your apps can share code and data in a secure manner. If you plan to support upgrades for an app, ensure that your app signing key has a validity period that exceeds the expected lifespan of that app. A validity period of 25 years or more is recommended. When your key's validity period expires, users will no longer be able to seamlessly upgrade to new versions of your app.
If you plan to publish your apps on Google Play, the key you use to sign those APKs must have a validity period ending after 22 October 2033. Google Play enforces this requirement to ensure that users can seamlessly upgrade apps when new versions are available. If you use Google Play App Signing, Google ensures your apps are correctly signed and able to receive updates throughout their lifespans.