I am trying to create a new Keystore to generate a signed apk but I am getting an error like this, please help me to get rid of this error.
Warning: Different store and key passwords not supported for PKCS12 KeyStores. Ignoring user-specified -keypass value. in Android Studio
Asked Answered
This is a known issue with Android Studio 4.2. It runs on JDK11 which has this limitation.
Google's own documentation on app signing states that the key password "should be different from the password you chose for your keystore" so I'm guessing they intend to fix this at some point.
Google have updated their documentation now. It currently says "Create and confirm a secure password for your key. This should be the same as your keystore password. (Please refer to the known issue for more information)". The "known issue" links to developer.android.com/studio/…, which basically sums up this thread's topic. Their suggested workaround is: "To work around this issue, enter the same password for both the key and keystore.". –
Rifle
The key store password and key password should be the same in order to avoid this error. However before I was able to release and deliver apps where key store password and key password are different and I still use it today when updating my apps. If anyone can point out what happened here or is this a part of update before and after the new Android Studio Arctic Fox please provide some source.
This is so weird. Should I wait for a fix or just go with it? –
Mikey
See comment from Travis to the other answer. Android Studio uses a tool (
keytool) developed by Oracle. Oracle guys really think that having two different passwords for the key and the keystore is not the way to go. It will never be fixed. Use some other tool if you value security. –
Watertight I got caught by this after upgrading to Android Studio 4.2 too.
One workaround I found is to first create the keystore file with the same password in Android Studio then switch to an old JDK (pre 11) and use the keytool command to update the key password.
- Find and use an old version of Java (Sorry assumes Mac or Linux but setting
JAVA_HOMEon Windows should work too.)$ /usr/libexec/java_home -V $ export JAVA_HOME=$(/usr/libexec/java_home -v OLD_VERSION) - Run
keytoolto update your key password.$ keytool -keypasswd -keystore PATH_TO_KEY_STORE -alias ALIAS -storepass STORE_PASSWORD -keypass OLD_KEY_PASSWORD -new NEW_KEY_PASSWORD
I got following error:
keytool error: java.lang.UnsupportedOperationException: -keypasswd commands not supported if -storetype is PKCS12 –
Desired @Desired I did too at first, but realized I was still using newer version. After ensuring I was using older version of keytool, it worked without error. I used JDK 1.8.0 (311) for instance, and temporarily removed environment variable setup, restarted command prompt, navigated to folder, and prefixed like ".\keytool.exe ..." so I could ensure right keytool.exe was used. –
Michealmicheil
Android Studio Version 4.2 Update
Now Android Studio runs on JDK 11. Due to these changes, the signing keys issue is coming.
Solution
Use the same password for both the Key and Keystore.
This is a bad solution, using the same password is not secure –
Trask
All of these answers make it sound like this is a bug in latest Android Studio or keytool and all provide "workarounds". But using PKCS12 with same key/store password is the desired and correct behavior. See the comment from the linked bug filing
The only thing that is incorrect is Android's outdated doc to use separate PWs.
I disagree on this final take. In my own test's, it's clear that an older JDK 8 version of keytool works fine to create and even edit passwords to one different than the keystore password, and newer version of keytool does not. The comment on your link shows they changed this behavior to match bad actors sadly (MSIE, Firefox, etc), not including Android Studio or Google, who still encourages and provides ways to differ those passwords, even if the underlying tool foolishly killed that behavior, causing the "outdated" doc. That said, I'm glad I can get it to work, as it benefited my project. –
Michealmicheil
I was very surprised when I entered the same with key password and password and got the right result. and jks file created successfully in android studio 4.2.
This issue occurred in android studio 4.2. it has the solution to solve this issue in android studio 4.0.
Follow the steps.
Click help menu in android studio, click Edit custom VM options, thi action response to open the file studio64.exe.vmoptions.
In this file add the below command line:
custom Android Studio #.vmoptions, see https://developer.android.com/studio/intro/studio-config.html
Or Upgrade latest version.
Note: to work around this issue, enter the same password for both the key and keystore.
From JDK version 9 default key format is set to PKCS12 see link.
To create key with different keystore and key passwords use keytool (note the -storetype JKS tag) and then choose that key you've created in Android Studio (during creation replace every string that starts with CHANGE_ in the example below):
keytool -genkey -v -alias CHANGE_KEY_ALIAS -keyalg RSA -keysize 2048 -validity 10000 -storetype JKS -dname "CN=CHANGE_FIRST_NAME_LAST_NAME,OU=IT,O=CHANGE_ORGANISATION_NAME,L=CHANGE_LOCATION_CITY_NAME,C=CHANGE_COUNTRY_CODE" -keystore CHANGE_KEYSTORE_NAME.keystore -keypass CHANGE_KEY_PASSWORD -storepass CHANGE_KEYSTORE_PASSWORD
About the key password, the doc says :
This should be the same as your keystore password. (Please refer to the known issue for more information)
And from https://developer.android.com/studio/known-issues#ki-key-keystore-warning :
To work around this issue, enter the same password for both the key and keystore.
From my understanding it is just Android Studio UI that is misleading (probably needs to be updated).
© 2022 - 2024 — McMap. All rights reserved.
Won't Fix: bugs.openjdk.java.net/browse/JDK-8008292 – Rafferty