Android Question How to generate a new upload key?

[Vern]

We have to submit a new upload key for one of our apps. Google sent us this:

-----------
Here’s how to generate and register the new upload key:

Follow the instructions in the Android Studio Help Center to generate a new key. It must be different from any previous keys. Alternatively, you can use the following command line to generate a new key:
keytool -genkeypair -alias upload -keyalg RSA -keysize 2048 -validity 9125 -keystore keystore.jks

This key must be a 2048 bit RSA key and have 25-year validity.
Export the certificate for that key to PEM format:
keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jks
-----------

Since we're using b4a, it doesn't seem like those instructions will work, especially when b4a signs the bundle.
What are the proper steps to generate the new upload key?

 

[Erel]

You are updating an existing app and for some reason want to upload an AAB instead of an APK?

 

[Vern]

Yes, it's an existing app by a previous developer. Google thinks we have a compromised upload key so we need to create a new one. As you can see from the attached screenshot, the only choice when updating the app, appears to be to upload a bundle, not an APK. I think it's because Google's instructions had the statement:
"For increased security, signing your app with a new upload key, instead of your app signing key, is recommended."
so that's what the previous developer did. Now we're trying to figure out how to generate a new upload key and send Google the .pem file.

 

[Erel]

The instructions from the first post should work.

Set the alias to upload in the IDE:

#SignKeyAlias: upload

 

[AlfaizDev]

https://www.b4x.com/android/forum/threads/extract-upload_certificate-pem-؟.138510/#post-878044

 

[Vern]

Lessons Learned:

Google wants you to upload a bundle (not an APK) that is signed with your upload key.
Google Play uses your app bundle to generate and serve optimized APKs for each device configuration, so only the code and resources that are needed for a specific device are downloaded to run your app."

If you need to renew your upload key for any reason, do the following:

a. Sign-in to Google Play Console and click on your app
b. Click the Setup icon, click "App Integrity" then click the "App Signing" tab
c. In the "Upload Key Certificate" section, click the "If you have lost your upload key, please contact our support team" link
d. Fill out the form with your name, email address, Developer name, Developer account ID, app package name and in the "Give feedback or describe your issue" section, explain what you need.

e. Click "I have an upload key-related issue"
f. Click "I lost my upload key". (It doesn't matter what the issue is. This is the fastest way to renew the key.)

The following is displayed:

Please generate a new upload key in .pem format and attach it here; we cannot process a key in any other format. Here’s how:
Follow the instructions in the Android Studio Help Center to generate a new key. It must be different from any previous keys. Alternatively, you can use the following command line to generate a new key:

keytool -genkeypair -alias upload -keyalg RSA -keysize 2048 -validity 9125 -keystore keystore.jks (*This key must be a 2048 bit RSA key and have 25-year validity.)

Export the certificate for that key to PEM format:
keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jks *

g. Do both things to create the .pem file
h. Click the "Choose Files" button, attach the .pem file and click the Submit button

Google will email you the date and time that the new upload key will be active.