Android 由于证书不同,无法将更新的 APK 上传到 Google Play
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/26288234/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Can't upload updated APK to Google Play due to different certificate
提问by user3871129
I'm using Android Studio to build my Android projects and, when I upload my APK to Google Play, it keeps showing me this error in spite of using the same keystorewhich I used for earlier versions of my app:
我正在使用 Android Studio 来构建我的 Android 项目,当我将我的 APK 上传到 Google Play 时,尽管使用了我用于我的应用程序早期版本的相同密钥库,它仍然向我显示此错误:
Upload failed
You uploaded an APK that is signed with a different certificate to your previous APKs. You must use the same certificate.
Your existing APKs are signed with the certificate(s) with fingerprint(s):
[ SHA1: 89:2F:11:FE:CE:D6:CC:DF:65:E7:76:3E:DD:A7:96:4F:84:DD:BA:33 ]
and the certificate(s) used to sign the APK you uploaded have fingerprint(s):
[ SHA1: 20:26:F4:C1:DF:0F:2B:D9:46:03:FF:AB:07:B1:28:7B:9C:75:44:CC ]
上传失败
您上传的 APK 使用与之前的 APK 不同的证书签名。您必须使用相同的证书。
您现有的 APK 使用带指纹的证书签名:
[ SHA1: 89:2F:11:FE:CE:D6:CC:DF:65:E7:76:3E:DD:A7:96: 4F:84:DD:BA:33 ]
和用于签署您上传的 APK 的证书具有指纹:
[ SHA1: 20:26:F4:C1:DF:0F:2B:D9:46: 03:FF:AB:07:B1:28:7B:9C:75:44:CC]
回答by Christopher Orr
Firstly, it's unlikely that Google Play is wrong here. Are you sure you didn't use your debug key by mistake?
首先,Google Play 在这里不太可能出错。你确定你没有错误地使用你的调试密钥吗?
Check the signing keys used
检查使用的签名密钥
You should double-check which certificates the old APK and new APK contain, with the commands:
您应该使用以下命令仔细检查旧 APK 和新 APK 包含哪些证书:
jarsigner -verify -verbose:summary -certs old.apk
jarsigner -verify -verbose:summary -certs new.apk
This shows you information about the files signed in each APK, like this:
这会显示有关在每个 APK 中签名的文件的信息,如下所示:
sm 4642892 Thu Apr 17 10:57:44 CEST 2014 classes.dex (and 412 more)
X.509, CN=My App, O=My Company, C=DE, L=K?ln
[certificate is valid from 11/11/13 12:12 to 29/03/41 12:12]
[CertPath not validated: Path does not chain with any of the trust anchors]
If the new APK says X.509, CN=Android Debug, O=Android, C=US, then you have signed the APK with your debug key instead of the original release key.
如果新的 APK 显示X.509, CN=Android Debug, O=Android, C=US,那么您已经使用调试密钥而不是原始发布密钥对 APK 进行了签名。
If the X.509 identity strings are otherwise different, or the certificate dates are different between the two APKs, you've just confirmed that you did notuse the same signing key for both APKs.
如果X.509标识字符串是不同的,否则,或证书日期是两个的APK不同,你刚刚证实,你是不是使用两个的APK相同的签名密钥。
You can ignore any "CertPath not validated" message; it's not relevant in this case.
您可以忽略任何“CertPath 未验证”消息;在这种情况下它不相关。
Search for the original keystore
搜索原始密钥库
If the certificate information is different, you need to find the original keystore, i.e. the file with the first SHA1 value that Google Play told you.
如果证书信息不同,你需要找到原来的keystore,即Google Play告诉你的第一个SHA1值的文件。
Search through all the keystore files you can find until you have the one with the correct SHA1 fingerprint:
搜索您可以找到的所有密钥库文件,直到您拥有具有正确 SHA1 指纹的文件:
keytool -list -keystore my-release.keystore
I can't find the original keystore
我找不到原始密钥库
If you cannot find the original keystore, you will neverbe able to publish any updates to this particular app.
如果您找不到原始密钥库,您将永远无法发布此特定应用程序的任何更新。
Android mentions this explicitly on the Signing Your Applicationpage:
Android 在Signing Your Application页面上明确提到了这一点:
Warning:Keep your keystore and private key in a safe and secure place, and ensure that you have secure backups of them. If you publish an app to Google Play and then lose the key with which you signed your app, you will not be able to publish any updates to your app, since you must always sign all versions of your app with the same key.
警告:将您的密钥库和私钥保存在安全可靠的地方,并确保您有它们的安全备份。如果您将应用发布到 Google Play,然后丢失了用于签署应用的密钥,您将无法发布应用的任何更新,因为您必须始终使用相同的密钥签署应用的所有版本。
After the first release of an APK, all subsequent releases must be signed with the exact same key.
APK 首次发布后,所有后续版本都必须使用完全相同的密钥进行签名。
Can I extract the original signing key from the original APK?
我可以从原始 APK 中提取原始签名密钥吗?
No. This is not possible. The APK only contains public information, and not your private key information.
不,这是不可能的。APK 只包含公开信息,不包含您的私钥信息。
Can I migrate to a new signing key?
我可以迁移到新的签名密钥吗?
No. Even if you do find the original, you can't sign an APK with key A, then sign the next update with both keys A and B, then sign the next update with only key B.
不可以。即使您找到了原始版本,您也不能使用密钥 A 签署 APK,然后使用密钥 A 和 B 签署下一次更新,然后仅使用密钥 B 签署下一次更新。
Signing an APK (or any JAR file) with multiple keys technicallypossible, but Google Play does not accept APKs with multiple signatures.
使用多个密钥对 APK(或任何 JAR 文件)进行签名在技术上是可行的,但 Google Play 不接受具有多个签名的 APK。
What can I do?
我能做什么?
You will have to build your app with a new application ID (e.g. change from "com.example.myapp" to "com.example.myapp2") and create a brand new listing on Google Play.
您必须使用新的应用程序 ID(例如从“com.example.myapp”更改为“com.example.myapp2”)构建您的应用程序,并在 Google Play 上创建一个全新的列表。
Possibly you will also have to change your code so that people can install the new app even if they have the old app installed, e.g. you need to make sure that you don't have conflicting content providers.
可能您还必须更改您的代码,以便人们即使安装了旧应用程序也可以安装新应用程序,例如,您需要确保您没有冲突的内容提供程序。
You will lose your existing install base, reviews etc., and will have to find a way to get your existing customers to uninstall the old app and install the new version.
您将失去现有的安装基础、评论等,并且必须找到一种方法让您的现有客户卸载旧应用程序并安装新版本。
Again, ensure you have backups of the keystore and password you use for this version.
再次确保您备份了用于此版本的密钥库和密码。
