Skip to content Skip to sidebar Skip to footer
Home / Android Studio / Certificate / Google Play

How Do I Use Upload_cert.der From Play Store In Android Studio?

Post a Comment
I downloaded the upload_cert.der file from the Play store. I added the root certificate to my keystore just fine. But Android Studio won't let me use it because there is no passwor

Solution 1:

The important fact you are missing:

Google Play never gives you a key you use to sign things. It only ever gives you certificates to verify with.

I'll start with the basics you probably know. In public key cryptography, there is a private key and a public key. Only the person who signs has the private key. Otherwise anyone could sign. The public key anyone can have. They can use it to check the signature is valid.

The upload_cert.der download only contains the public key. The reason Google Play lets you download it for verification. You can verify offline your signatures match what the Play Store expects. You probably never need to do this.

Why doesn't Google give you the signing key?

Google Play doesn't give you the private key for the upload certificate for 2 reasons.

  1. Google doesn't have the private part of your upload key! You created the private key part of the upload key, when you enrolled in Google Play App signing. You never gave it to Google. All Google has is the public key part.
  2. If Google did give it to you, the key would have no value. The whole point of the upload key is that even if a hacker breaks into your Play Console account they still cannot upload a new version of your app. They would need the upload key as well. The upload key means Google Play knows the app came from you. If they let you download the signing key from your account, then a hacker could just download it too. Then it would be worthless.

How do I get the upload key I need for signing?

So now the question you probably have is "how do I get the public key I need for signing?". The answer is "you create it". When you first upload your APK, that APK was signed with a key (Google insists on it). It was probably stored in your Android Studio. That key becomes your upload key. Find where you kept it.

What if I lost it?

Now you might be in a place where you don't know where the key is that you originally used. This is the great thing about Google Play App Signing. If you were signing your app yourself and lost the signing key you would be stuck, you'd have to create a new app. But with Google Play App Signing you can contact Play Console support and they can help you. The process is on the help page.

Look at the section entitled "Create a new upload key". Notice step 1 is you create the key. Google still never has it.

Post a Comment for "How Do I Use Upload_cert.der From Play Store In Android Studio?"