Google signing works by Google holding the original keystore and requiring a separate upload keystore to sign the build at the developer level, which will then be re-signed by Google with the original keystore.
Before you start:
- You will most likely need to get approval from the account holder to enrol - there will be a note at the top of the enrol screen which prevents you from going any further
- You will need the original keystore - if the app is live. Or a new keystore if it's a new app
To enrol the app with Google signing follow the steps below:
1. Sign into Google Developer Console and click into the app you wish to enrol
2. Release management > App Signing you'll see an enrollment page entitled:
'Enrol your app in Google Play app signing'
3. Scroll down and you will see instructions on the set up. Note: This is for the original keystore.
Follow the steps.
Steps 1-3 are regarding the ORIGINAL keystore (the one that has been used for previous app uploads)
1. If you have this file downloaded previously you don't need to download it again
2. Make sure to replace the BOLD text with the relevant keystore information
$ java -jar pepk.jar --keystore=foo.keystore --alias=foo --output=encrypted_private_key_path --encryptionkey=eb10fe8f7c7c9df715022017b00c6471f8ba8170b13049a11e6c09ffe3056a104a3bbe4ac5a955f4ba4fe93fc8cef27558a3eb9d2a529a2092761fb833b656cd48b9de6a
- Have the pepk tool in the same folder as the project.keystore
- CD the file path before starting
- No spaces after '='
- Make sure the 'encrypted_private_key_path' has a file name at the end of it
- Have password ready. Store password/Key password the same
- Copying and pasting from the above can throw errors (no idea why) - rewrite if so
3. By uploading the encrypted keystore file it checks that it matches previous builds (? check)
Steps 4-6 are regarding the UPLOAD (new) keystore. A new keystore file will have to be created the usual way.
4. Generate a new keystore file - as you would normally. Name upload.keystore
keytool -v -genkey -keystore upload.keystore -alias aliasname -keyalg RSA -keysize 2048 -validity 20000
5. Run next command in same terminal
keytool -export -rfc -keystore upload.keystore -alias aliasname -file upload_keystore_publicationname.pem
6. A new file will appear in the folder. Upload this .pem file
Enrol will activate > click. You should see a screen like the below:
REMEMBER: Upload both keystores to drive one called 'original.keystore' one called 'upload.keystore'. We will ONLY EVER need the 'upload.keystore'.