Android Question Private Sign Keys - IDE Behaviour

RichardN

Well-Known Member
Licensed User
Longtime User
I have two Private Sign Keys..... One that all my older projects use, and another that is RSA256 compliant for later store packages.

What I have found rather confusing (and I am easily confused) is that on loading a project, the IDE seems to default to the last PSK used rather that the one appropriate to the project just loaded. I would have thought that the PSK should be part of that project's properties rather that the last one loaded by the IDE ? Or have I got that wrong?

BTW.... I have taken to specifying the PSK and Password in code to avoid this feature which I find counter-intuitive.
 

aeric

Expert
Licensed User
Longtime User
I think the IDE settings including the private sign key file and password are stored in a INI file which does not depend on the project.

Imagine your private sign key settings are stored in the project file without you knowing it and you distribute the project source code, especially creating an example to post in this forum.

I have taken to specifying the PSK and Password in code
I think this is a better approach to avoid you forgetting which key and password to use in the future.
It is also good to confirm you have removed this information in the Main module and save as another project before sharing your private project to anyone.
 
Upvote 0

RichardN

Well-Known Member
Licensed User
Longtime User
@aeric .... I take your point. However, either way, the PSK remains on the author's PC so remains secure. The password could be masked and encrypted in the IDE. There is no 100% solution.

How many times have you seen an API key mistakenly published in code on the forum by a contributor?
 
Upvote 0

AnandGupta

Expert
Licensed User
Longtime User
@RichardN try below,
 
Upvote 0

ema01

Member
Licensed User
Longtime User
You can specify which certificate/key/password to use inside the project.
I keep the IDE key to the default one, but then when i make release builds use the key for the app store. Take advantage of compile time checks!
B4X:
#If RELEASE
    #SignKeyFile: ..\Relative\Path\To\keystore.jks.whatever
    #SignKeyAlias: Alias_In_Key_File
    #SignKeyPassword: Password_For_Key_File
    
    #SignKeyAlgorithm: -digestalg SHA1 -sigalg SHA256withRSA (or whatever you used when you generated the key)
#End If
 
Upvote 0
Top