Best IT Recipes

Android keystore has stopped working

Most recently, I had a problem with a keystore. I know that there are many questions about this issue. I read them all and google fiercely.

Mistake:

keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55) at java.security.KeyStore.load(KeyStore.java:1214) at sun.security.tools.KeyTool.doCommands(KeyTool.java:885) at sun.security.tools.KeyTool.run(KeyTool.java:340) at sun.security.tools.KeyTool.main(KeyTool.java:333) Caused by: java.security.UnrecoverableKeyException: Password verification failed at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770) ... 5 more

The software I use:

Java

 java version "1.7.0_21" Java(TM) SE Runtime Environment (build 1.7.0_21-b11) Java HotSpot(TM) 64-Bit Server VM (build 23.21-b01, mixed mode)

Eclipse

 Version: 3.8.0 Build id: I20120502-2000

Latest ADT Plugin

Latest Android SDK

Here is what I know:

  • I have not lost my password, and it never changed.
  • I can not get the password (I know the password).
  • I cannot sign an existing application with a different key without releasing a completely new application (therefore, I cannot publish updates).

Here is what I did:

  • I uninstalled and reinstalled Eclipse many times.
  • I uninstalled and reinstalled the Android ADT plugin.
  • I uninstalled and reloaded the latest version of the Android SDK many times.
  • I uninstalled and reinstalled JDK7.
  • I tried using backups of my keystore.
  • I checked the MD5 checksums using "md5sum KEYSTORE" and compared them with the backups (the same MD5 output was not faked).
  • I tried forcibly using the keystore (I received a password that I knew).
  • I created a test key (with the current setting) and tested the password, and it seemed to work fine (so something changed).
  • I tried to export android.apk manually and then tried to sign it (outside of Eclipse).

This is how I export a signed application:

  • Via Eclipse: Export File> Export> Export Android Applications.
  • Prior to JDK7: jarsigner -verbose -keystore ALIAS KEY FILES.
  • With JDK7: jarsigner -verbose -sigalg MD5withRSA -digestalg SHA1 -keystore ALIAS KEY FILES.

What is left to find out or try?

  • Do some links / urls indicate the removal of the "trusted.certs" file?
  • Try to remove "debug.keystore"?
  • Will an update to Eclipse or any of the Android development tools affect my keystore?
  • Will updating Java from jdk6 to jdk7 cause any problems?
  • Could this mess up or change the way jarsigner works?

User recommendations:

  • Try using JDK6, but I was able to export the application recently.
  • Checked key.store.password or key.alias.password in my local.properties
  • Cancel auto build in eclipse and clean your project
  • Try to delete the .metadata folder in the workspace and clear all temporary folders.

Summary

  • Keystores haven't changed
  • I have passwords for keystores,
  • I recently successfully exported an application using:
    • Eclipse 3.8 (and Eclipse 4.0 +),
    • The latest version of Java 7,
    • The latest ADT plugin.
  • My last successful export and build was a few weeks ago using Eclipse 3.8, the latest Android and Java 7 tools with the same password.

Update (6/29/14)

  • I used: keytool -list -keystore KEYSTORE to successfully prove and show that 3 of my 4 keys work.
  • I checked the last key and got the password from the keystore (the walkthrough I already knew), but the password does not work when I log in to sign it. I used: java -jar AndroidKeystoreBrute_v1.02.jar -m 3 -k KEYSTORE -d WORDLIST.
  • Oddly enough, sometimes when I type in my password in eclipse very quickly, my alias will be displayed and I can successfully export my application. (I know this is crazy).
  • Updated version of Java.

If I type in a password very quickly, it sometimes works.

It seems that opening Eclipse and entering the password for the first time allows me to use the keystore.

Obviously, if all else fails, I will need to create a new key store. I really would like it to be allowed, I'm just not sure what to do now, besides re-publishing the new key.

If the key cannot be restored properly, I can open it on Github.



Solution (6/29/14):

Special thanks to Erhannis!

Here is what I did:

The command will change every time:

 keytool -importkeystore -srckeystore old.keystore -destkeystore new.keystore -v

Since you told me that we can extract private keys from Java Keystore (.jks), I go deeper and end up using a variant of the command. I followed your links here and here :

 keytool -importkeystore -srckeystore old.keystore -destkeystore new.keystore -deststoretype pkcs12

After extracting the private key and storing it as PKCS12, I think I extracted my private key and returned it to the brand new Java Keystore:

 keytool -importkeystore -srckeystore new.keystore -srcstoretype pkcs12 -destkeystore final.keystore -deststoretype jks


Literature:

http://developer.android.com/tools/publishing/app-signing.html#signapp

http://code.google.com/p/android-keystore-password-recover/

List of StackOverflow URLs I read:

How to handle lost KeyStore password in Android?

Wrong problem with Keystore?

Android: I lost the keystore for Android, what should I do?

Am I missing a .keystore file?

I forgot the vault password, thinking about Brute-Force discovery. will it be a keystore corruption?

I lost the password for the Keystore file for Android

Problem starting my signed keystore in Eclipse

Android - Forgot your keystore password. Can I decrypt a keystore file?

Key storage problem for Android: "Keystore was changed or password was incorrect"

+48
java android apk keystore jarsigner
Nov 23 '12 at 20:35
source share
7 answers

Maybe I had the same problem. I never figured out why it fails (although I was wondering if this was because the keystore password was shorter than 6 digits), but I was able to copy my key to a new keystore, which I then renamed to replace the old one, and it mysteriously worked after that (using new passwords). By the way, you need a key password. By disabling https://security.stackexchange.com/a/3795 , I did the following:

  • keytool -importkeystore -srckeystore old.keystore -destkeystore new.keystore -v
  • Enter the new keystore password twice
  • Hit Enter when he asked me for the key source password (left it blank)
  • Enter key password

After double checking that the new one worked, I just copied it over the old one. Hope this works for you; good luck.

+5
Aug 2 '13 at 3:17
source share

Try to delete the .metadata folder in the workspace and clear all temporary folders. If your keystore file is not corrupted and you tried to reinstall Eclipse, ADT, Android SDK and Java SDK correctly, I do not see other possible reasons for this strange problem, excluding metadata cache files and / or incorrect damage.

Another suggestion

Try using the Portecle utility to manage and verify keystores, keys, certificates, certificate requests, certificate revocation lists, etc.

+3
Dec 29 '12 at 22:29
source share

I offer a couple more heat and testing.

Have patience to apply them,

Steps:

  • Disable build automatically (Project-> Build Automatically) in eclipse and clean your project.
  • Create it again. (Right click project + Build Project)
  • Export project.
  • Select "Export Android" (automatically aligned for you)
  • Choose your key. enter password. an alias should appear in the list (make sure caps are locked). Sometimes we give the correct password, but because of the caps, it always fails;)
  • Let me know if this works for you.

Hope this helps you.

+1
Dec 27 '12 at 13:01
source share

I had the same problem and tried everything that was suggested in this thread, but nothing was able to save my alias password. The fact is that I was absolutely sure about the password, since I updated the application four times already. I received the message "Keystore was changed or the password was incorrect."

Decision

It seems that when creating the keystore using eclipse , a space character was added before the password!

This unpleasant error was apparently fixed in a later version, and I was not able to sign my application with a password which, in my opinion, was correct.

Based on this SO: Ant link, it was not possible to create a signed apk after upgrading to android v20 . I would suggest that you try adding a space before after your password .

+1
Sep 04 '14 at 9:40
source share

Do you store values ​​such as key.store.password or key.alias.password in the local.properties file? Are they wrong?

I am curious if there is any kind of error that occurs for keys created using JDK6 and verified in JDK7. This explains why the new keys that you created for testing, but the old ones do not have. Try downgrading to JDK6 and see if this fixes it. Others have problems with jarsigner in JDK7 that went away when they were lowered to 6. If this works, write a bug report and ask for a patch so you can safely upgrade to Java 7 :)

0
Dec 10 '12 at 19:59
source share

I also recently struggled with this problem and tried all the suggestions listed here and elsewhere. Finally, a stupid mistake was pointed out that caused this error at my end - I would like to share it here if it helps any of you.

Most likely, if you, like me, have several versions of Java on your computer, and you updated the JRE / JDK during the time you originally created the keystore, and now when you are trying to sign the APK.

For some reason, our compilation teams referenced the full Java path as follows:

C: \ Progra ~ 1 \ Java \ jdk1.6.0_45 \ bin \ jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore cre80ve.keystore unsigned.apk cre80ve

One of the suggestions above made me think that this might not be a password problem, and it might be a version incompatibility issue causing the problem. So I ran the following command:

keytool -list -keystore cre80ve.keystore

Using a password that I knew was right, and now, he confirmed that it was the correct password.

Then I deleted the explicit link in the path to the (older) version of Java. This automatically launched the latest version of Java (jdk1.8.0_31 in my case):

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore cre80ve.keystore unsigned.apk cre80ve

And everything began to work fine!

Bottomline: this may not be a password problem, but different versions of the Java or Android SDK causing the problem, so be sure to check this out.

And as soon as it starts working, do not forget to make a backup copy of the key and password store in a safe place :-)

0
Aug 7 '15 at 18:13
source share

My key alias stopped working rudely. (Good, after a few updates to Android Studio and Java).

I tried all the solutions from this topic, as well as from others. In my case, the decision was unexpected. I have a keystore with several aliases. No one worked, except one that had the same password as the keystore. But, unfortunately, this was not the one I needed. It made me think without any logic. I copied a single alias to the new keystore using

 keytool -importkeystore -srckeystore old.keystore -destkeystore new.keystore -srcalias importantalias

And then I changed the alias to the same as the keystore password:

 keytool -keypasswd -keystore new.keystore -alias importantalias

Finally, I was able to sign my apk. This seems like a silly mistake that could waste a day of development.

0
Nov 08 '15 at 21:53
source share


More articles:


All Articles