Friday, June 11, 2021

Keytool and Keystore tips and tricks for Android app


Keystore is literally the storage for the keys. The keys are to sign the app either for debug or for production release. See also the official docs from Android here

Keys for Android app could be generated internally via Android Studio (which is more convenient) or externally via the Oracle keytool program.

There are three different keys: debug key, upload key and app signing key 

Yep, there is such a mess with all those keys. Let's go through them.

Debug key

As per the official Android docs

When running or debugging your project from the IDE, Android Studio automatically signs your app with a debug certificate generated by the Android SDK tools. The first time you run or debug your project in Android Studio, the IDE automatically creates the debug keystore and certificate in $HOME/.android/debug.keystore, and sets the keystore and key passwords.

When the app is built for the first time, Android Studio generates the key. Thus, if we build the app from another machine, new different key will be generated. This could become a problem because the new key should be synced with Firebase and Google Cloud.

Also, docs provide:

Because the debug certificate is created by the build tools and is insecure by design, most app stores (including the Google Play Store) do not accept apps signed with a debug certificate for publishing.

That means we can't use the debug key as an upload key or app signing key for publishing the new release of the app.

How to see the current debug key

From the Android Studio

In Android Studio, open Gradle window: View -> Tool Windows -> Gradle. Or in the main menu choose Help -> Find Action -> type "Gradle". 

In the Gradle window, in the top left corner press the button "Execute Gradle Task", this button looks like an elephant. Type there:

gradle signingreport

and press Enter.

Go to the Run window: View -> Tool Windows -> Run, or press Alt+4.

We should see something like

> Task :app:signingReport

Variant: debug

Config: debug

Store: /home/liker777/.android/debug.keystore

Alias: AndroidDebugKey

MD5: [censored]

SHA1: [censored]

SHA-256: [censored]

Valid until: Wednesday, June 23, 2049


Variant: release

Config: none


Variant: debugAndroidTest

Config: debug

Store: /home/liker777/.android/debug.keystore

Alias: AndroidDebugKey

MD5: [censored]

SHA1: [censored]

SHA-256: [censored]

Valid until: Wednesday, June 23, 2049


From the terminal

In the terminal, run 

./gradlew signingreport 

from the project's folder. It will show keys, their aliases and storage path e. g. /home/oleg/.android/debug.keystore.

How to recreate the debug key

No comments:

Post a Comment