Noel De Martin Noel De Martin - 1 year ago 130
Android Question

apksigner not accepting password

Up until now I had been signing my apks with the following method:

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore {keystore-file} {apk-file} {keystore-alias}


However I am trying to use the new apksigner tool and I cannot get it to work since it always tells me the password is invalid. Which is impossible because I have done it multiple times, with the jarsigner works and with the apksigner doesn't. The commands I have tried are the following:

apksigner sign --ks {keystore-file} {apk-file}


apksigner sign --ks {keystore-file} --ks-key-alias {keystore-alias} {apk-file}


Now the weirdest part comes when I created a new keystore to test this, and with this new keystore it's working. So I don't understand what is the difference. Here's the information obtained from calling "keytool -v -list -keystore {keystore-file}" on both.

Production keystore (I have removed some text in case this is dangerous):

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: {keystore-alias}
Creation date: Apr 4, 2016
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN={removed-text}, OU={removed-text}, O={removed-text}, L=Unknown, ST=Unknown, C=Unknown
Issuer: CN={removed-text}, OU={removed-text}, O={removed-text}, L=Unknown, ST=Unknown, C=Unknown
Serial number: {removed-text}
Valid from: Mon Apr 04 12:39:50 CEST 2016 until: Fri Aug 21 12:39:50 CEST 2043
Certificate fingerprints:
MD5: {removed-text}
SHA1: {removed-text}
SHA256: {removed-text}
Signature algorithm name: SHA256withRSA
Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: {removed-text}
0010: {removed-text} {removed-text} ....
]
]



*******************************************
*******************************************


New test keystore:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: app
Creation date: Nov 17, 2016
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Foobar, OU=Foobar, O=foobar, L=Unknown, ST=Unknown, C=Unknown
Issuer: CN=Foobar, OU=Foobar, O=foobar, L=Unknown, ST=Unknown, C=Unknown
Serial number: 448c7afc
Valid from: Thu Nov 17 11:40:26 CET 2016 until: Mon Apr 04 12:40:26 CEST 2044
Certificate fingerprints:
MD5: 3E:29:C0:3C:30:B4:DC:E0:A5:94:1D:2E:E9:86:58:CA
SHA1: 3D:09:B4:42:A2:7C:14:C7:3E:54:33:0E:AB:75:2E:F1:19:23:00:FA
SHA256: 7F:E0:51:F1:6A:53:45:56:42:B9:F9:38:92:69:81:7A:DA:71:FF:44:51:15:7F:F9:B4:1C:AA:2B:53:4A:89:72
Signature algorithm name: SHA256withRSA
Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: BC 1B E6 C4 6D 25 01 70 CA AC 81 34 81 4B AE 41 ....m%.p...4.K.A
0010: 10 DF D8 13 ....
]
]



*******************************************
*******************************************

Answer Source

The original answer can be found on the comments of the question, I am moving it here in order to mark the question as answered.

Although I am still not sure 100% of the details, the problem was the password I was using for my keystore contained special characters (* and !). After changing the password to an alphanumeric format, the problem was solved. So it seems like apksigner does not accept the same format for passwords than jarsigner.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download