- Home /
How I can sign my apk with an google play's upload certificate in unity?
I'm trying to publish a update of my application on google playstore.
because I activate the Google Play App Signing service for this app, I have to sign it with an upload certificate provided by the store in order to publish it.
https://support.google.com/googleplay/android-developer/answer/7384423
I tried many ways to do that in unity without success
anybody knows how to do that?
I'm having the same problem. I don't know how to sign an AP$$anonymous$$ with the Upload certificate. Google Play Dev. console gives you a certificate which you can download: upload_cert.der (as well as deployment_cert.der). How can they be used? It's nothing like a keystore.
If you sign with a newly created keystore, it rejects it saying that it need to be signed with Upload certificate.
Now I'm stuck as a result of opting for App Signing by mistake. The first time you upload an AP$$anonymous$$, if you don't pay attention you may not realise that you are redirected to the App Signing section, if you don't click opt-out at this point then you're done!
Please help. Thank you.
I'm having the same exact issue as Romain-$$anonymous$$acre. I have some upload certificate that I need to use to sign my apk but I have no idea how.
Did anybody find a solution to this? I can't update my app. Can unity generate the AP$$anonymous$$ using the upload cert?
No. If you have the app signing option enabled and don't have the keystore file you'll need to re-create the app store entry to generate a new keystore file (with which you can sign the apk).
Please stop posting questions and comments as Answers!
Answer by jgang1 · Jun 19, 2019 at 04:35 PM
Hi. I just had this trouble myself and being really new to all this had to take some time work out the problem in more detail. winxalex answered the question, but if you need a step by step:
You need to download your certificate from your google play console.
You need to import your certification into the keystore you used the first time you exported from Unty. You probably saved that somewhere important.
You need to use a program called keytool.exe. The path to that program probably looks something like: C:\Program Files\Java\jdk1.8.0_192\bin
If you go there in windows explorer and type "cmd" into the address bar, it'll open that location in the terminal.
You then need to use winxalex' code above in the terminal (after having navigated to the location of keystore.exe, as you did in step 3
You need to point that code to your certificate and to the keystore you're importing the ceritificate into. your final instruction will look something like the following:
keytool.exe -importcert -file "C:\Users\MyAccountName\DesktopOrWherever\deployment_cert.der" -keystore C:\Users\MyAccountName\DesktopOrWherever\user.keystore
keystore.exe will ask you for the password you used and whether you trust the app, then update the keystore
Make sure Unity is using that keystore when you export your app
Those are the steps that worked for me. I hope this helps others.
Hey ! I've did exactly what you say and key is succesfully imported but with warning. But unity cant see my newly imported key in the keystore. What might be the solution ?
Answer by · Aug 25, 2017 at 01:35 PM
Hey! From what you've described, it sounds like you followed the steps for a New App in the support page you linked. If so, you have to use the keystore and alias you used to signed your apk the first time, for all updates.
Background: If you opt in to let google handle the app signing for you, you just need to sign with the one key (the upload key) and google will manage your app-signing key.
If you didn't make a keystore, you may have uploaded an unsigned app (which I don't think you can publish).
If you're managing your own keys however, the steps are different, and I can help with that too - just let me know.
If other people (like me) are not familiar with certificate and keystore stuff : I confirm that you'll need the keystore file that was generated when creating the app account (if the Google App signing is enabled (at the top of Release managment > App signing you'll get that information)).
And because I thought it was maybe possible : you can't sign the generated apk with just a certificate. You need to have that keystore file or you'll need to recreate the app account because you can't opt out of the app signing option if enabled.
I HAVE THE SA$$anonymous$$E problem . I uploaded my app without any signing key,now when i am about to put 5th update they are asking for keystore things . App signing is enabled for my game,what should i do ?
Please mail me at niravmadhani03@gmail.com if anyone has answer
Answer by ltomov · Apr 16, 2020 at 03:49 PM
I think there's quite a bit of misunderstanding around this. This is how I eventually got it to work:
You don't sign your app with the certificate downloaded from Google. You also don't import it into the keystore created by Unity. If you do so, Unity won't see it because what you imported is only the public key, and you need the private key to sign the app. The private key is held by Google - you don't have it.
So what you do is you create the keystore and key in Unity and sign your app with it - just like before.
In Google Play Console -> App releases, you can see this: "Let Google manage and protect your app signing key (recommended) Enabled.
Upload key: The key you use to sign your first release. Sign every subsequent release with the same key to verify it’s from you. Keep your upload key safe. If it’s ever lost or compromised, contact developer support to replace it."
On the App Signing page there's this: "How it works
You digitally sign each release using your upload key before publishing it to a track in the Play Console.
Google Play uses the upload certificate to verify your identity and then re-signs your release using the app signing key for distribution.
Each Android device checks the release’s app signing certificate matches the certificate of the installed app before updating it."
So what Google does is once you upload your app, they sign the app once again - this time with their private key. And the public key for that signature is what you downloaded from Google Play.
Users will now see that your app is signed not with your Unity upload key, but will Google's. So if you want to register your app's MD5 signature somewhere (like API providers), you need to use the certificate downloaded from Google - that's the only reason you need it - you don't sign with it.
Some more info about this: https://stackoverflow.com/a/52923860/931409
The idea is that your upload key is only used to let Google know it's you, and not distribute the app. And if you lose it you can ask Google to change it. But if that key was used to actually distribute the app and you lose it - it's game over. That's why the distribution is done using Google's key which hopefully is kept much safer :)
Answer by LesBloom · Jan 13, 2021 at 05:08 PM
If, like me, you came here because you are having issues with long iteration time while testing Google Play Games Services code ....
My issue involved:
Google Play Console controls my app signing key
Unity's keystore is applied to my Unity builds
Therefore I can't test Google Play Games Services code without fully uploading and publishing my builds through the Google Play Console
This thread is how I finally got that fixed.
https://github.com/playgameservices/play-games-plugin-for-unity/issues/2981
Your answer
Follow this Question
Related Questions
The application is not installed 0 Answers
How do I keep everything inside of the screen on a laptop? 2 Answers
Access the settings when running Standalone 1 Answer
Dialog Box in Build Settings 1 Answer
Bug border android build 0 Answers