apksigner - Invalid keystore format

Question

As described in https://developer.android.com/studio/publish/app-signing#signing-manually I try to sign an app in git bash on windows 7.

I generate a keystore with keytool -genkey -v -keystore my-release-key.jks -keyalg RSA -keysize 2048 -validity 10000 -alias my-alias this should use the default keystore type which should be fine.

Then I run zipalign zipalign -v -p 4 my-app-unsigned.apk my-app-unsigned-aligned.apk which gives "Verification succesful" (with one s)

and finally I run apksigner which gives me the error:

"C:\....\apksigner.bat" sign --ks my-release-key.jks --out my-app-release.apk my-app-unsigned-aligned.apk
Keystore password for signer #1:
123456
Failed to load signer "signer #1"
java.io.IOException: Invalid keystore format
        at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:658)
        at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
        at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
        at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
        at java.security.KeyStore.load(KeyStore.java:1445)
        at com.android.apksigner.ApkSignerTool$SignerParams.loadPrivateKeyAndCertsFromKeyStore(ApkSignerTool.java:613)
        at com.android.apksigner.ApkSignerTool$SignerParams.loadPrivateKeyAndCerts(ApkSignerTool.java:555)
        at com.android.apksigner.ApkSignerTool$SignerParams.access$200(ApkSignerTool.java:509)
        at com.android.apksigner.ApkSignerTool.sign(ApkSignerTool.java:215)
        at com.android.apksigner.ApkSignerTool.main(ApkSignerTool.java:89)

I also tried different storetypes like pkcs12 which is not supported at all (gives: java.io.IOException: parseAlgParameters failed: PBE AlgorithmParameters not available)

So my question is how to find out the right storetype? I din't find anything about this in the help nor the internet.

Answer 1

What works for me is that you don't need to align it. Just upload it to Google and it should be fine. apksigner sign --ks application.keystore app-release-unsigned.apk

So the solution is to ignore zipalign

Since this might be a mess. try to rebuild you apk again just in case you have signed it already to avoid multiple signatures.

Answer 2

This issue might happen if you generate keystore with newer JDK and then verify it with an older JDK. In my case: I generated keystore with java 16 and built app with App Center which verifies on java 8 (I think).

Try to find out where your keytool comes from (which keytool on Linux, Get-Command keytool in Powershell).

Answer 3

I know it's not the case for the OP, but for those of you who stumble upon this page when getting the Invalid keystore format error in App Center: using a .jks file rather than a .keystore file fixed the issue for me. I followed these instructions to create one via Android Studio.

Answer 4

I faced this issue when I reinstalled VS 2019 to run my existing xamarin forms app. Just follow these steps to make it work:

1. Create a new simple xamarin forms app.
2. Delete existing debug.keystore file from "C:\Users\YourUser\AppData\Local\Xamarin\Mono for Android".
3. Run and deploy the app you just created on a device (this will create fresh debug.keystore file)
4. Now run your existing app

Happy coding :)

Answer 5

command execute format example: C:/Users/root/AppData/Local/Android/Sdk/build-tools/30.0.3\apksigner sign --ks C:\development\xxxxx.jks --ks-key-alias xxxx --ks-pass pass:xxxx --key-pass pass:xxx --out C:\development\xxxxx_signed.apk C:\development\xxorigin_app.apk

The reason for the error is that AndroidSdk build-tools version Mismatch for this jks file,this '30.0.3' correct Version test needs to be modified!

Answer 6

Inside apksigner.bat from Android Studio the environment variable %JAVA_HOME% is read. It has to point to the jre/jdk with the keytool.exe which was used to create the keystore. A newer version for is also possible. But in my case Amazon Corretto has bent the pointer. Set the %JAVA_HOME% to the right jdk (in my case Oracle) just before apksigner.bat call.