In this post we show you how to generate an App-Signing-Key you can use to digitally sign your Solar2D Android applications for upload to the Google Play Store.
What is an Android App-Signing-Key?
An App-Signing-Key is a unique key used to secure your Solar2D Android applications and is part of Google’s security scheme.
It identifies you as the author of your Solar2D application and any updates to that application.
How does Solar2D use an App-Signing-Key?
You need to supply the location of a “key store” file that contains your “App-Signing-Key”, as part of Solar2D’s Corona Simulator’s Android Build procedure, as shown in the screenshot below:
The output from this process are two files:
- An Android Application Bundle – you upload this file to the Google Play Store. This file has the suffix “aab”. E.g. MyFirstapp.aab
- An Android Application Package – you can “side-load” file this onto a physical Android device or an Android Virtual Device (AVD). This file has the suffix “apk”. E.g. MyFirstApp.apk
How to generate an App-Signing-Key
The “App-Signing-Key” is stored in a password protected “key-store” file that we generate using a utility program called ‘keytool’.
The ‘keytool’ utility is included with Java JDK (and JRE).
You can download the latest Java JDK from the here.
So you will need to have this installed and it’s ‘bin’ folder included in a user’s PATH environment variable (or the system’s global PATH) so you can execute the command-line statements in the following section.
Here are the two ‘keytool’ commands to generate a keystore file you can use to build your Android Solar2D applications:
1) Generate Key-Store file called ‘NAME.keystore’:
keytool -genkey -v -keystore NAME.keystore -alias NAME -keyalg RSA -keysize 2048 -validity 10000
You will need to supply a password to access the keystore’s app-signing-key(s).
For example, during the Android Build setup, the program will ask you for the keystore’s password. The password you entered here is the one you have to provide.
You will also be asked some additional information that will be stored with the generated app-signing-key. You can choose to leave all these questions unanswered. You will be asked to confirm your answers after the final question about ‘Country Code’ has been answered.
Below is a set of example answers to the ‘keytool’ questions:
Enter keystore password:
Re-enter new password:
What is your first and last name?
Unknown: Sir SaaS
What is the name of your organizational unit?
Unknown:
What is the name of your organization?
What is the name of your City or Locality?
What is the name of your State or Province?
Unknown:
What is the two-letter country code for this unit?
Is CN=Sir SaaS, OU=Unknown, O=SirSaas.com, L=London, ST=Unknown, C=UK correct?
Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 10,000 days
for: CN=Sir SaaS, OU=Unknown, O=SirSaas.com, L=London, ST=Unknown, C=UK
[Storing NAME.keystore]
Once it has been generated you then need to convert it into a format that Solar2D can use…
2) Convert that Key-Store type to ‘PKCS12’:
keytool -importkeystore -srckeystore NAME.keystore -destkeystore NAME.keystore -deststoretype pkcs12
Where NAME = give it a short name (e.g. the name of the app/game or your company), A-z, 0-9
‘PKCS12’ not ‘JKS’?
Solar2D can work with both ‘PKCS12’ and ‘JKS’ key store formats (though there was a wobbly moment a few years ago when the Android Build program rejected PKCS12 formatted key stores, but accepted JKS ones)
We have used ‘PKCS12’ because it is the one in wide-spread use and is language-neutral, whereas JKS (Java Key Store) was developed for use with Java applications, and as the name denotes, isn’t much used outside of Java environments.
An IMPORTANT NOTE about App-Signing-Keys
Once you have uploaded an app/game to the Google Play Store YOU CANNOT CHANGE THE KEY.
That means, updates of that app/game must also be signed with the same key.
IT IS VERY IMPORTANT NOT TO LOSE YOUR KEYSTORE FILE!
If you do, you will have to upload any updates to your application using a different App-Signing-Key – that means as a completely separate application that your users will have to download and install again.
Our Development Environment
The keytool utility we used to generate the keystore came with version 18.9 of Java Runtime.
java version “11.0.16.1” 2022-08-18 LTS
Java(TM) SE Runtime Environment 18.9 (build 11.0.16.1+1-LTS-1)
Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11.0.16.1+1-LTS-1, mixed mode)
We used version 2023.3701 of Solar2D (Corona) Simulator to build and sign our test app.
Solar2D Simulator 2023.3701 (Dec 5 2023 08:08:07)