Noel De Martin Noel De Martin - 8 days ago 5
Android Question

apksigner not accepting password

Up until now I had been signing my apks with the following method:

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore {keystore-file} {apk-file} {keystore-alias}


However I am trying to use the new apksigner tool and I cannot get it to work since it always tells me the password is invalid. Which is impossible because I have done it multiple times, with the jarsigner works and with the apksigner doesn't. The commands I have tried are the following:

apksigner sign --ks {keystore-file} {apk-file}


apksigner sign --ks {keystore-file} --ks-key-alias {keystore-alias} {apk-file}


Now the weirdest part comes when I created a new keystore to test this, and with this new keystore it's working. So I don't understand what is the difference. Here's the information obtained from calling "keytool -v -list -keystore {keystore-file}" on both.

Production keystore (I have removed some text in case this is dangerous):

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: {keystore-alias}
Creation date: Apr 4, 2016
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN={removed-text}, OU={removed-text}, O={removed-text}, L=Unknown, ST=Unknown, C=Unknown
Issuer: CN={removed-text}, OU={removed-text}, O={removed-text}, L=Unknown, ST=Unknown, C=Unknown
Serial number: {removed-text}
Valid from: Mon Apr 04 12:39:50 CEST 2016 until: Fri Aug 21 12:39:50 CEST 2043
Certificate fingerprints:
MD5: {removed-text}
SHA1: {removed-text}
SHA256: {removed-text}
Signature algorithm name: SHA256withRSA
Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: {removed-text}
0010: {removed-text} {removed-text} ....
]
]



*******************************************
*******************************************


New test keystore:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: app
Creation date: Nov 17, 2016
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Foobar, OU=Foobar, O=foobar, L=Unknown, ST=Unknown, C=Unknown
Issuer: CN=Foobar, OU=Foobar, O=foobar, L=Unknown, ST=Unknown, C=Unknown
Serial number: 448c7afc
Valid from: Thu Nov 17 11:40:26 CET 2016 until: Mon Apr 04 12:40:26 CEST 2044
Certificate fingerprints:
MD5: 3E:29:C0:3C:30:B4:DC:E0:A5:94:1D:2E:E9:86:58:CA
SHA1: 3D:09:B4:42:A2:7C:14:C7:3E:54:33:0E:AB:75:2E:F1:19:23:00:FA
SHA256: 7F:E0:51:F1:6A:53:45:56:42:B9:F9:38:92:69:81:7A:DA:71:FF:44:51:15:7F:F9:B4:1C:AA:2B:53:4A:89:72
Signature algorithm name: SHA256withRSA
Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: BC 1B E6 C4 6D 25 01 70 CA AC 81 34 81 4B AE 41 ....m%.p...4.K.A
0010: 10 DF D8 13 ....
]
]



*******************************************
*******************************************

Answer

The original answer can be found on the comments of the question, I am moving it here in order to mark the question as answered.

Although I am still not sure 100% of the details, the problem was the password I was using for my keystore contained special characters (* and !). After changing the password to an alphanumeric format, the problem was solved. So it seems like apksigner does not accept the same format for passwords than jarsigner.