Generating an App-Signing-Key for your Solar2D apps (2024)

In this post we show you how to generate an App-Signing-Key you can use to digitally sign your Solar2D Android applications for upload to the Google Play Store.

What is an Android App-Signing-Key?

An App-Signing-Key is a unique key used to secure your Solar2D Android applications and is part of Google’s security scheme.

It identifies you as the author of your Solar2D application and any updates to that application.

How does Solar2D use an App-Signing-Key?

You need to supply the location of a “key store” file that contains your “App-Signing-Key”, as part of Solar2D’s Corona Simulator’s Android Build procedure, as shown in the screenshot below:

Solar2D Build Android App with App-Signing-Key key-store

The output from this process are two files:

  1. An Android Application Bundle – you upload this file to the Google Play Store. This file has the suffix “aab”. E.g. MyFirstapp.aab
  2. An Android Application Package – you can “side-load” file this onto a physical Android device or an Android Virtual Device (AVD). This file has the suffix “apk”. E.g. MyFirstApp.apk

How to generate an App-Signing-Key

The “App-Signing-Key” is stored in a password protected “key-store” file that we generate using a utility program called ‘keytool’.

The ‘keytool’ utility is included with Java JDK (and JRE).

You can download the latest Java JDK from the here.

So you will need to have this installed and it’s ‘bin’ folder included in a user’s PATH environment variable (or the system’s global PATH) so you can execute the command-line statements in the following section.

Here are the two ‘keytool’ commands to generate a keystore file you can use to build your Android Solar2D applications:

1) Generate Key-Store file called ‘NAME.keystore’:

You will need to supply a password to access the keystore’s app-signing-key(s).

For example, during the Android Build setup, the program will ask you for the keystore’s password. The password you entered here is the one you have to provide.

You will also be asked some additional information that will be stored with the generated app-signing-key. You can choose to leave all these questions unanswered. You will be asked to confirm your answers after the final question about ‘Country Code’ has been answered.

Below is a set of example answers to the ‘keytool’ questions:

Once it has been generated you then need to convert it into a format that Solar2D can use…

2) Convert that Key-Store type to ‘PKCS12’:

keytool -importkeystore -srckeystore NAME.keystore -destkeystore NAME.keystore -deststoretype pkcs12

Where NAME = give it a short name (e.g. the name of the app/game or your company), A-z, 0-9

‘PKCS12’ not ‘JKS’?

Solar2D can work with both ‘PKCS12’ and ‘JKS’ key store formats (though there was a wobbly moment a few years ago when the Android Build program rejected PKCS12 formatted key stores, but accepted JKS ones)

We have used ‘PKCS12’ because it is the one in wide-spread use and is language-neutral, whereas JKS (Java Key Store) was developed for use with Java applications, and as the name denotes, isn’t much used outside of Java environments.

An IMPORTANT NOTE about App-Signing-Keys

Once you have uploaded an app/game to the Google Play Store YOU CANNOT CHANGE THE KEY.

That means, updates of that app/game must also be signed with the same key.

If you do, you will have to upload any updates to your application using a different App-Signing-Key – that means as a completely separate application that your users will have to download and install again.

Our Development Environment

The keytool utility we used to generate the keystore came with version 18.9 of Java Runtime.

We used version 2023.3701 of Solar2D (Corona) Simulator to build and sign our test app.

Sir SaaS
Sir SaaS

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.