AOS APP 上架簽署/金耀

--- tags: APP --- # AOS APP 上架簽署 <style> .blue {color: blue;} .red {color: red;} .green {color: green;} </style> 確認package name , google service json , api ket (map) 一、正式簽署Flow --- ## 1. 確認公司是否走公鑰託管模式[官方文件](https://support.google.com/googleplay/android-developer/answer/9842756?hl=zh-Hant#zippy=%2C%E6%87%89%E7%94%A8%E7%A8%8B%E5%BC%8F%E7%B0%BD%E7%BD%B2%E7%A8%8B%E5%BA%8F%2C%E9%87%91%E9%91%B0%E7%B0%BD%E7%BD%B2%E6%A8%99%E7%9A%84%E5%8F%8A%E5%B7%A5%E5%85%B7%E7%9A%84%E8%AA%AA%E6%98%8E%2C%E6%93%8D%E4%BD%9C%E8%AA%AA%E6%98%8E%E9%81%A9%E7%94%A8%E6%96%BC-%E5%B9%B4-%E6%9C%88%E5%BE%8C%E5%BB%BA%E7%AB%8B%E7%9A%84%E6%87%89%E7%94%A8%E7%A8%8B%E5%BC%8F) ![](https://i.imgur.com/HboX3aJ.png) ## 2. 簽署AAB需要有私鑰(uploadKey)與公鑰(signingKey) ![](https://i.imgur.com/kRBI5A8.png) ### 原因 ![](https://i.imgur.com/eWWftGP.png) :::info AAB會使用公鑰來更動你的APP，讓user下載到適合的安裝檔故需要在上架到正式版或是tester時，註冊公鑰的憑證 ::: ### 注意事項 * 私鑰(uploadKey)加上公鑰(signingKey)可以得出合法上傳AAB的憑證(密文)，但此憑證無法用來簽署!! * 使用自己建立的new key 是無效的，無法通過上傳審核 ( 詳見文末驗證 ) ![](https://i.imgur.com/jqkMBAg.png) :::info 上傳新版本時必須有初次上傳之私鑰 ![](https://i.imgur.com/3IHBuOp.png) 初次上傳之私鑰從keystore (可由輔助軟體keystore explorer 產生或匯入) 後再利用 Google PEPK tool 與 Google play store 公鑰 eb10fe8f7c7c9df7150...9de6a 產生加密檔案，安全的傳送給Google 而不用透漏upload key 私鑰明文。 ::: ## 3. 若私鑰由外包掌管，未來合約結束時(或私鑰遺失時)，需要向google申請更改私鑰(所託管之公鑰亦會變動)[說明](https://developer.android.com/studio/publish/app-signing.html#manage-key)與[流程](https://developer.android.com/studio/publish/app-signing.html#reset_upload_key) :::info When you use Play App Signing, if you lose your upload key, or if it is compromised, you can contact Google to revoke your old upload key and generate a new one. Because your app signing key is secured by Google, you can continue to upload new versions of your app as updates to the original app, even if you change upload keys. ::: ## 4. 簽署之作法 * 讀取txt文字檔(keystore.properties) 私鑰明文 >keyAlias=ericshihsunion keyPassword=eric_shih_sunion storePassword=eric_shih_sunion storeFile=.\./keystore.properties.jks - .\./keystore.properties.jks最前面的點點斜線 - 檔案需要放\app ``` def keystorePropertiesFile = rootProject.file("keystore.properties") def keystoreProperties = new Properties() keystoreProperties.load(new FileInputStream(keystorePropertiesFile)) signingConfigs { release { keyAlias keystoreProperties['keyAlias'] keyPassword keystoreProperties['keyPassword'] storeFile file(keystoreProperties['storeFile']) storePassword keystoreProperties['storePassword'] } } ``` ![](https://i.imgur.com/wCYkTtp.png) * 讀取私鑰檔 ``` storeFile file(keystoreProperties['storeFile']) ``` ![](https://i.imgur.com/ePvzIFb.png) * 包版上架 ![](https://i.imgur.com/jMDoN89.png) * 運用輔助軟體keystore explorer查看私鑰 ![](https://i.imgur.com/36TtsSp.png) ## 5.Gen Keystore ![螢幕擷取畫面 2024-05-19 195521](https://hackmd.io/_uploads/SJNTdwPX0.png) - 新增key pair 設定有效期限(年)10年太短設定KS名稱(專案/公司/地域) 設定Alise name/password ![螢幕擷取畫面 2024-05-19 170429](https://hackmd.io/_uploads/S16eYDDXR.png) - 儲存為jks檔 - 檔案需要放\android https://keystore-explorer.org/downloads.html 自建私鑰簽署無效之驗證 --- 查看自己建立的key >keytool.exe -list -v -keystore C:\Users\Eric\Downloads\keystore.properties.jks 把google公鑰匯入並包版上傳 >keytool.exe -import -keystore keystore.properties.jks -file upload_cert.der ![](https://i.imgur.com/gvwCjyh.png) ![](https://i.imgur.com/jqkMBAg.png) 私鑰內容錯誤，刪除自己的key，讓keystore內只剩公鑰 >keytool.exe -delete -alias ericshihsunion -keystore C:\Users\Eric\Downloads\keystore.properties.jks 包版時，IDE會告訴你alias沒有密碼保護: :::danger Cause: trusted certificate entries are not password-protected ::: 改密碼 >keytool.exe -keypasswd -alias mykey -keystore C:\Users\Eric\Downloads\keystore.properties.jks -new eric_shih_sunion **欲新增密碼會發現新alias沒有key(就是所需之私鑰):** :::danger 金鑰工具錯誤: java.lang.Exception: 別名 <mykey> 沒有金鑰 ::: #### [網友哀號1](https://stackoverflow.com/questions/51107230/use-provided-upload-cert-der-to-sign-a-release-android-apk-file)+[網友哀號2](https://stackoverflow.com/questions/44070168/signing-an-apk-with-an-upload-key-provided-by-google-play)