So you lost your Java Keystore and you need to update your APK on Google Play?

Well…. Not saying I ever did anything as stupid as this, or spent hours fixing things. Yesterday. But say I had, this is exactly what I would have done to fix this.

Disclaimer: These keys were for a pet project of mine and got lost during a reinstall of my OS. I’m much more careful with things like this for actual clients. Anyway.

So you’ve uploaded a build of your app to the Play store some time ago, then come to upload the next version and it complains about the SHA1 checksums not matching. You’ve built with the wrong key!

I wonder where the right one is? Your keys could have a number of file extensions: .jks (which stands for Java Keystore) .keystore .cer for instance. Find your backup drive, or whatever volume said keys are likely to be on and:

find /Volumes/YourDrive/ -name “*.jks”

repeat for other extensions until you get something. Lets see what SHAs those files have:

keytool -v -list -keystore ~/Code/Keystores/Android/your.keystore

Keystores will be passworded. If they’re “debug” keystores, they’ll have been autogenerated by the Android SDK and will have passwords set to “android”. If not, happy guessing…

Any matching strings of numbers and letters there? No? Well lets see what the APK was actually signed with. …presuming you have a copy of it. If not, I think there are various ways to get it direct from the Play Store if you have a Google…

APKs are zip files so:

unzip your.apk
keytool -printcert -file META-INF/CERT.RSA

What doe this show you? You’ll see the SHA1 fingerprint you’ve been nagged about to start with, and also the owner info. That will hopefully give you some clues as to where to search next for your keystore. In my case I had Owner: C=US, O=Android, CN=Android Debug because I was a complete idiot and had signed  the production build with my debug key. I found it in an old ~/.android/ folder on a backup disk. For some reason, the Play store was happy to accept the cert, despite what people say elsewhere. Congratulations: Your debug cert is now your production cert!

Hope that helps someone anyway.