Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

First Android app, can't recover key?

  • 02-01-2017 11:08pm
    #1
    Registered Users, Registered Users 2 Posts: 8,493 ✭✭✭


    Hey guys,

    I'm very very new to app development and built something purely as a bit of fun for my wife for Xmas. However, I wanted to patch something on it and discovered that I cannot sign an apk anymore?

    I KNOW I'm using the right passwords as I've found them in the application logs of Android Studio (which seems odd but means I know for definite I'm not forgetting the password) but the alias key is not being recognised.

    The specific error I'm getting is:
    FAILURE: Build failed with an exception.

    * What went wrong:
    Execution failed for task ':app:packageRelease'.
    > com.android.ide.common.signing.KeytoolException: Failed to read key myappkey from store "C:\Users\redxiv\keystore\android.jks": Cannot recover key

    Has anyone come across this before? It's not the end of the world if I can't update it but I'm worried if I ever put more time into an app, this would happen again.

    Cheers,
    Red


Comments

  • Registered Users, Registered Users 2 Posts: 11,264 ✭✭✭✭jester77


    Run gradle's signingReport to see what is wrong
    ./gradlew signingReport
    


  • Registered Users, Registered Users 2 Posts: 8,493 ✭✭✭RedXIV


    jester77 wrote: »
    Run gradle's signingReport to see what is wrong
    ./gradlew signingReport
    

    Output is as below:
    :app:signingReport
    [COLOR="Red"][B][U]Variant: release
    Config: none[/U][/B][/COLOR]
    ----------
    Variant: debugUnitTest
    Config: debug
    Store: C:\Users\redxiv\.android\debug.keystore
    Alias: AndroidDebugKey
    MD5: AC:B2:C0:28:AB:A2:A3:00:ED:E5:A1:88:53:33:1A:26
    SHA1: CA:B5:65:49:27:B4:3C:1F:6B:6E:1E:A0:1F:A6:04:69:C5:CB:5F:C0
    Valid until: Thursday, 1 November 2046
    ----------
    Variant: releaseUnitTest
    Config: none
    ----------
    Variant: debug
    Config: debug
    Store: C:\Users\redxiv\.android\debug.keystore
    Alias: AndroidDebugKey
    MD5: AC:B2:C0:28:AB:A2:A3:00:ED:E5:A1:88:53:33:1A:26
    SHA1: CA:B5:65:49:27:B4:3C:1F:6B:6E:1E:A0:1F:A6:04:69:C5:CB:5F:C0
    Valid until: Thursday, 1 November 2046
    ----------
    Variant: debugAndroidTest
    Config: debug
    Store: C:\Users\redxiv\.android\debug.keystore
    Alias: AndroidDebugKey
    MD5: AC:B2:C0:28:AB:A2:A3:00:ED:E5:A1:88:53:33:1A:26
    SHA1: CA:B5:65:49:27:B4:3C:1F:6B:6E:1E:A0:1F:A6:04:69:C5:CB:5F:C0
    Valid until: Thursday, 1 November 2046
    ----------
    
    BUILD SUCCESSFUL
    
    Total time: 4 mins 17.859 secs
    

    There is a worrying few lines there I highlighted. Is the lack of config my issue?

    Red

    EDIT:

    Ok so I had a quick look and checked out the documentation here and changed the build.gradle file so the signingConfig entry "config" (which already existed with again passwords in plain text) was added in my build.gradle:
        buildTypes {
            release {
                minifyEnabled false
                proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
    			[B][U][COLOR="Red"]signingConfig signingConfigs.config[/COLOR][/U][/B]
            }
        }
    

    When I ran the signingReport again, I now get the following:
    C:\Users\redxiv\AndroidStudioProjects\ILoveHow>gradlew signingReport
    Incremental java compilation is an incubating feature.
    The TaskInputs.source(Object) method has been deprecated and is scheduled to be removed in Gradle 4.0. Please use TaskInputs.f
    ile(Object).skipWhenEmpty() instead.
    :app:signingReport
    Variant: debug
    Config: debug
    Store: C:\Users\redxiv\.android\debug.keystore
    Alias: AndroidDebugKey
    MD5: AC:B2:C0:28:AB:A2:A3:00:ED:E5:A1:88:53:33:1A:26
    SHA1: CA:B5:65:49:27:B4:3C:1F:6B:6E:1E:A0:1F:A6:04:69:C5:CB:5F:C0
    Valid until: Thursday, 1 November 2046
    ----------
    Variant: releaseUnitTest
    Config: config
    Store: C:\Users\redxiv\keystore\android.jks
    Alias: myappkey 
    Error: Failed to read key myappkey from store "C:\Users\redxiv\keystore\android.jks": Cannot recover key
    ----------
    Variant: debugAndroidTest
    Config: debug
    Store: C:\Users\redxiv\.android\debug.keystore
    Alias: AndroidDebugKey
    MD5: AC:B2:C0:28:AB:A2:A3:00:ED:E5:A1:88:53:33:1A:26
    SHA1: CA:B5:65:49:27:B4:3C:1F:6B:6E:1E:A0:1F:A6:04:69:C5:CB:5F:C0
    Valid until: Thursday, 1 November 2046
    ----------
    Variant: debugUnitTest
    Config: debug
    Store: C:\Users\redxiv\.android\debug.keystore
    Alias: AndroidDebugKey
    MD5: AC:B2:C0:28:AB:A2:A3:00:ED:E5:A1:88:53:33:1A:26
    SHA1: CA:B5:65:49:27:B4:3C:1F:6B:6E:1E:A0:1F:A6:04:69:C5:CB:5F:C0
    Valid until: Thursday, 1 November 2046
    ----------
    [B][U][COLOR="Red"]Variant: release
    Config: config
    Store: C:\Users\redxiv\keystore\android.jks
    Alias: myappkey 
    Error: Failed to read key myappkey from store "C:\Users\redxiv\keystore\android.jks": Cannot recover key[/COLOR][/U][/B]
    ----------
    
    BUILD SUCCESSFUL
    
    Total time: 5.21 secs
    
    

    Which gets me ever so slightly further but still throwing me the same error :)

    Appreciate any extra help!


  • Registered Users, Registered Users 2 Posts: 11,264 ✭✭✭✭jester77


    So you have a section in your build.gradle that looks like this, (based on your buildtypes release you posted):
        signingConfigs {
            config {
                storeFile file('android.jks')
                storePassword 'password'
                keyAlias 'myappkey'
                keyPassword 'password'
            }
        }
    

    Is 'myappkey' definitely the correct keyAlias?

    If you are not sure about the alias, you can click build, generate signed apk, select C:\Users\redxiv\keystore\android.jks, enter your password and then select the 3 dots button beside alias, this will show you what alias(es) you have for this signing.


  • Registered Users, Registered Users 2 Posts: 8,493 ✭✭✭RedXIV


    Yep, alias is definitely right, it's what android studio tells me is the only existing key when I try to generate a signed apk.

    My build.gradle looks like this:
        signingConfigs {
            config {
                keyAlias 'myappkey'
                keyPassword 'passwordAlias'
                storeFile file('C:/Users/redxiv/keystore/android.jks')
                storePassword 'password'
            }
        }
    

    The passwords are different, which from some resources online appears to cause an issue but I definitely managed to sign it once with two different passwords (one for the keystore and one for the alias)


  • Registered Users, Registered Users 2 Posts: 11,264 ✭✭✭✭jester77


    hmm, yeah I've seen that before about passwords needing to be the same, not sure why that should be the case.

    Do you know when you last signed the apk? There are probably some logs still on your PC under C:\Users\redxiv\.AndroidStudioX.X\system\log\ from around that time. You'd need to know which AS version you were using at the time as well.

    Or you could just do a string search for the "-Pandroid.injected.signing.key.alias=myappkey" and you will see the passwords in plain text:
    -Pandroid.injected.signing.store.password=PASSWORD,
    -Pandroid.injected.signing.key.alias=myappkey,
    -Pandroid.injected.signing.key.password=PASSWORD,


    Otherwise, reset the passwords for both to be the same:
    keytool -storepasswd -new NEW_PASSWORD -keystore C:/Users/redxiv/keystore/android.jks
    
    keytool -keypasswd -alias myappkey -new NEW_PASSWORD -keystore C:/Users/redxiv/keystore/android.jks
    


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 8,493 ✭✭✭RedXIV


    jester77 wrote: »
    hmm, yeah I've seen that before about passwords needing to be the same, not sure why that should be the case.

    Not sure either, but just mentioned it in case you had run across it before.
    jester77 wrote: »
    Do you know when you last signed the apk? There are probably some logs still on your PC under C:\Users\redxiv\.AndroidStudioX.X\system\log\ from around that time. You'd need to know which AS version you were using at the time as well.

    Or you could just do a string search for the "-Pandroid.injected.signing.key.alias=myappkey" and you will see the passwords in plain text:
    -Pandroid.injected.signing.store.password=PASSWORD,
    -Pandroid.injected.signing.key.alias=myappkey,
    -Pandroid.injected.signing.key.password=PASSWORD,

    Yep, found this at the start :) It was where I confirmed I was using the correct passwords. Definitely have it right :)
    jester77 wrote: »
    Otherwise, reset the passwords for both to be the same:
    keytool -storepasswd -new NEW_PASSWORD -keystore C:/Users/redxiv/keystore/android.jks
    
    keytool -keypasswd -alias myappkey -new NEW_PASSWORD -keystore C:/Users/redxiv/keystore/android.jks
    

    I was able to change the first, but not the second. When I try the second I get the same "keytool error: java.security.UnrecoverableKeyException: Cannot recover key"

    Cheers for the ideas though!


  • Registered Users, Registered Users 2 Posts: 11,264 ✭✭✭✭jester77


    RedXIV wrote: »
    Not sure either, but just mentioned it in case you had run across it before.



    Yep, found this at the start :) It was where I confirmed I was using the correct passwords. Definitely have it right :)


    I was able to change the first, but not the second. When I try the second I get the same "keytool error: java.security.UnrecoverableKeyException: Cannot recover key"

    Cheers for the ideas though!

    Weird, either the old password is wrong or the file is some how corrupt.

    Might there be trailing white space at the end of the old password, might be worth typing the old password + space?
    You could also just try the default password "changeit", although unlikely to work.


  • Registered Users, Registered Users 2 Posts: 8,493 ✭✭✭RedXIV


    jester77 wrote: »
    Weird, either the old password is wrong or the file is some how corrupt.

    Might there be trailing white space at the end of the old password, might be worth typing the old password + space?
    You could also just try the default password "changeit", although unlikely to work.

    I'm leaning towards the latter :(

    I tried a few different versions of the password and I found a brute force tool as well which couldn't crack the password after a few days of running.

    Shame, even if I knew how I corrupted it would help, but I've no idea what happened?!


  • Registered Users, Registered Users 2 Posts: 11,264 ✭✭✭✭jester77


    RedXIV wrote: »
    I'm leaning towards the latter :(

    I tried a few different versions of the password and I found a brute force tool as well which couldn't crack the password after a few days of running.

    Shame, even if I knew how I corrupted it would help, but I've no idea what happened?!

    I'm out of ideas, sorry

    Worst case, you'll have to sign the app with a new key. So you will be basically releasing a new app. This means you'll have to have different package naming, and anyone with the old app won't get the update. You should just remove it from the store if you upload the new one.


  • Registered Users, Registered Users 2 Posts: 8,493 ✭✭✭RedXIV


    jester77 wrote: »
    I'm out of ideas, sorry

    Worst case, you'll have to sign the app with a new key. So you will be basically releasing a new app. This means you'll have to have different package naming, and anyone with the old app won't get the update. You should just remove it from the store if you upload the new one.

    No worries, I appreciate all the help and ideas!


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 7,893 ✭✭✭The_B_Man


    Use keytool on the command line to get info on the signing cert.
    Or try building a signed app in Android studio in the build menu(Generate signed app, I think). At the very least, this will tell you the real alias, as it'll give you a drop down menu listing aliases if you put in the correct password.


  • Registered Users, Registered Users 2 Posts: 8,493 ✭✭✭RedXIV


    The_B_Man wrote: »
    Use keytool on the command line to get info on the signing cert.
    Or try building a signed app in Android studio in the build menu(Generate signed app, I think). At the very least, this will tell you the real alias, as it'll give you a drop down menu listing aliases if you put in the correct password.

    Tried the second option so I know the name of the alias for definite, can you elaborate more on the first option?


    Cheers!


  • Registered Users, Registered Users 2 Posts: 7,893 ✭✭✭The_B_Man


    So from what I gather, you're trying to make sure the passwords and aliases are correct.

    keytool is a cmd line tool that can do that. I assume you would have used it when creating your signing cert in the first place.
    To list the alises, type this:
    keytool -list -keystore <path_to_keystore>

    Then to list info on one of the alises, type this:
    keytool -list -keystore <path_to_keystore> -alias <alias_name>

    It'll ask you for the password each time (1 password to open keystore, 1 password to access an alias. They can be the same.), and will tell you if the password you enter is wrong.

    TBH, using the android studio way, if you try to sign the app that way, then it'll tell you if the password is wrong, so u prob don't even need to use keytool.


  • Registered Users, Registered Users 2 Posts: 8,493 ✭✭✭RedXIV


    The_B_Man wrote: »
    So from what I gather, you're trying to make sure the passwords and aliases are correct.

    keytool is a cmd line tool that can do that. I assume you would have used it when creating your signing cert in the first place.
    To list the alises, type this:
    keytool -list -keystore <path_to_keystore>

    Then to list info on one of the alises, type this:
    keytool -list -keystore <path_to_keystore> -alias <alias_name>

    It'll ask you for the password each time (1 password to open keystore, 1 password to access an alias. They can be the same.), and will tell you if the password you enter is wrong.

    TBH, using the android studio way, if you try to sign the app that way, then it'll tell you if the password is wrong, so u prob don't even need to use keytool.

    Ah ok, I understand a bit more now.

    I tried those commands but I'm not getting asked for my alias password? Is there a parameter or command missing?


  • Registered Users, Registered Users 2 Posts: 7,893 ✭✭✭The_B_Man


    Does it display your alias details though? It gives me the certificate fingerprint (SHA1) when I type in the 2nd command.
    IF yours is getting shown, then it looks like theres no password for the alias, which is weird.


  • Registered Users, Registered Users 2 Posts: 8,493 ✭✭✭RedXIV


    The_B_Man wrote: »
    Does it display your alias details though? It gives me the certificate fingerprint (SHA1) when I type in the 2nd command.
    IF yours is getting shown, then it looks like theres no password for the alias, which is weird.

    Interestingly, yes I am seeing the fingerprint.

    I wonder if I try and set the password using nothing as the current password would that work?

    Edit: No, that did not work :)

    A bit confused now, I've SEEN the password in various files (log and config) but running the command above shows the SHA1 fingerprint. How did I manage to get to this point?


  • Registered Users, Registered Users 2 Posts: 7,893 ✭✭✭The_B_Man


    Are you signing it in Android Studio? As in clicking "Generate signed APK" and inputting the password and selecting the alias etc?

    No idea how you managed to generate a signing cert without a password on the alias. Maybe google how to change the password on an alias and set it to the same password as the cert itself.


  • Registered Users, Registered Users 2 Posts: 8,493 ✭✭✭RedXIV


    The_B_Man wrote: »
    Are you signing it in Android Studio? As in clicking "Generate signed APK" and inputting the password and selecting the alias etc?

    No idea how you managed to generate a signing cert without a password on the alias. Maybe google how to change the password on an alias and set it to the same password as the cert itself.

    Yep, signing it in Android studio.

    I've no idea how it happened either, it definitely wasn't originally like that as seen in the logs. I can't change the password though :( It keeps saying "Please enter password" when I try to enter the current password as an empty string. So close!!!


  • Registered Users, Registered Users 2 Posts: 7,893 ✭✭✭The_B_Man


    So when you use Android Studio, it doesn't give you any errors?
    If you put in the wrong password it should tell you at the end that the password was wrong.

    Another option is to try change the keystore password from the command line, as follows:
    keytool -keypass "previous password" -new "new password" -keystore "keystore location"


  • Registered Users, Registered Users 2 Posts: 8,493 ✭✭✭RedXIV


    Well I can't sign it anymore in Android Studio. When I try the original password, it fails in the generation of the signed apk, when I try and leave it blank (taking into account the information above) it won't let me try and generate the apk as it's not accepting an empty field for the alias password.

    I tried the command line but it expects a value for the existing alias password also :(

    Seems like I'm caught in an infinite loop! There is probably a check before comparing to the password string that you haven't passed an empty string that is getting triggered but the password at the moment is an empty string!


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 7,893 ✭✭✭The_B_Man


    I read somewhere that if you don't set a password, then the default password is "changeit". You could try using that.
    If the password is definitely blank, you could try set an "initial" password:
    keytool -storepasswd -storepass 'mypass' -keystore <path_to_keystore>


  • Registered Users, Registered Users 2 Posts: 8,493 ✭✭✭RedXIV


    The_B_Man wrote: »
    I read somewhere that if you don't set a password, then the default password is "changeit". You could try using that.
    If the password is definitely blank, you could try set an "initial" password:
    keytool -storepasswd -storepass 'mypass' -keystore <path_to_keystore>

    Sorry, only getting back to this now.

    I tried "changeit", no joy there :(

    That command looks like it updates the keystore password rather than the alias?


Advertisement