Android Question Problem with sign key and/or AliasName

[jcredk]

Hi all,

I have a strange behavior that I don't understand in a "special context".
I have an application in the market that was developped in another environment than B4A: I know shame on my ...
The sign key was created in this environement (Xamarin & dev studio), with an Alias that is mandatory there (cf below eNewsMobApp alias):

Then for a major revision of the application I have used B4A, trying of course to reuse the same keystore file to ensure that in google play I can "upgrade" the current application and not publish a new one.

B4A seems to correctly read the keystore file:

Unfortunatly when compiling the final (obfuscated) release APK I got the following error when signing the APK:

And in fact its true that BA4 never asked me for the Alias Name ...!?

I really don't know where to search and to ensure that I will be able to really upgrade the application in google play ...!

Any help is definitly welcomed!

Thanks,

Joachim

 

[jcredk]

After having worked a couple of hours on another project I tried again ... but still no luck.

I used the "dos" java tools to "view/dump" the keystore, everything seems fine but still same issue, when compiling with the private key.
I'd rather switch again to something else before I become mad and I throw the PC through the window ...
Should I need to manually edit the manifest so that alias name is found there ? Any help please ?

Thanks,

Joachim

 

[jcredk]

Sorry and be indulgent for my many questions:
I read this post that contains part of a keystore ( http://www.b4x.com/android/forum/threads/keystore-key-associated-with-b4a-not-a-private-key.39735/ ).
Is it mandatory for BA4 compiler that Alias name is B4A as in the screenshot of the post mentioned above ?

 

[Erel]

You can change the alias name by editing Basic4android ini file.

C:\Users\<user>\AppData\Roaming\Anywhere Software\Basic4android

 

[jcredk]

Many thanks Erel, I did the change you mention (after backuping the initial ini file ) ...

I think it went one step further but now it seems it has to do with the keystore algorithm itself (cf. screen shot below).
Would you have any idea: can I change it also in the ini settings file please?

Thanks

Joachim

 

[Erel]

The algorithm should be SHA1withDSA. It cannot be changed for now.

You can however compile without signing and then manually sign the APK (only before you release the APK).

 

[jcredk]

Hi Erel,

Thanks a lot Erel, I forgot that in B4A you can compile without signing!!!
Manually signing: you mean with keytool.exe in a command box ?
Thanks in advance,

Joachim

 

[Erel]

Manually signing: you mean with keytool.exe in a command box ?

Yes. You will also need to zipalign the APK. There should be a batch file in the forum that someone wrote to do run these tools.

 

[jcredk]

Thanks Erel, I will try to find that on the forum ...!

 

[jcredk]

Thanks Erel,

I have progressed a lot: My new version is in GooglePlay as an update of the previous one ...

Unfortunatly on my Android device, when downloaded from GooglePlay application (https://play.google.com/store/apps/details?id=com.jrconseil.newsboard), and when the application is installed I have a messagebox that says the signature of package is incorrect (I did even thought it was possible to upload an APK that would have an incorrect signature ...!) .

Do you experience the same issue ?
Do you have an idea ?

Thanks,
Joachim

 

[Erel]

Never encountered such issue. How did you sign it?

 

[jcredk]

I signed it manually as explained on another post of the forum ...!

As explained earlier in the post I got really mad about this and through away my PC through the window ...
No in fact The application was not rolled out on an important number of users (and especially I know many of them), so I "unpublished" the previous one and published a new one with a brand new private key ... easy but loosing the already (small!) installed based!

If it might help someone else: What I tried to do before giving up:

1) I signed my apk manually as described in another post of the forum. I tried different variation on key signing algorithm (cf. batch file attached some variation as comment with

REM

), but no way!
It nevers worked despite some versions could be uploaded to the market sucessfully passing google post upload treatment ...!?

2) When checking the signed apk with

-verbose -certs

, I had the following kind of issues: "

[certificate is valid from 11/28/13 10:38 AM to 4/15/41 11:38 AM] [CertPath not validated: Path does not chain with any of the trust anchors]sm

"

3) I googled the web for "

CertPath not validated: Path does not chain with any of the trust anchors

", the articles I found (all aged about one year ago) explained issues with latest jdk, and advise an older version of jdk ...
I tried to uninstall jdk to install older ones with 3 different versions but keep on facing same issue ...

Anyway, tired from testing stupid things with no clear vision of what was going wrong, I give up and I handled it differently ...!

Thanks anyway ...