Signing/Uploading android
MelodyCats
Member, PRO Posts: 132
Hi all,
So I'm attempting to re-upload my android apps so they comply with the latest Android Target SDK 35.
The last time I updated all my apps was 2023, and honestly I'm having a hard time either remembering the steps or knowing if they've been changed in the last couple of years.
Would someone here be so kind as to provide a basic walkthrough - from publishing to GS all the way to the upload to the Google Console (please don't be afraid to dumb it down to the point of condescension)
Just one additional point - it seems like we can no longer jarsign the app with SHA1withRSA -digestalg SHA1 ?
Is that correct and does that mean we have to sign it with sigalg SHA256withRSA ?
Many thanks!
Comments
Ok, so I'm just going to answer my own question, as I managed to work it out and this may be helpful to others, as a lot of the info seems to be scattered in different locations or slightly out of date.
I don’t have a technical background, so please feel free to add comments to clarify or improve on this if necessary.
The following instructions are for Mac , and assumes that you have already:
Can find it here: https://www.oracle.com/java/technologies/downloads/#jdk25-mac
https://web.archive.org/web/20220814164514/https://help.gamesalad.com/gamesalad-cookbook/publishing/4-android-publishing/4-02-creating-a-keystore/
If you’re creating a keystore for the first time I imagine you should probably replace where its written. sigalg SHA1withRSA in the Terminal with sigalg SHA256withRSA to comply with newer standards.
I can’t confirm this (maybe a more knowledge soul can) - My older Keystore was created with SHA1withRSA and still works however I still need to Jar sign it now using SHA256withRSA ( will get to that later)
PART 1
So, you’ve finished your GS app and uploaded it to your gamesalad portfolio and filled in the main settings etc for an android app.
Now you click on Build RC.
A few minutes later you can click on link to start app signing process.
You will select your relevant Keystore, and enter the corresponding passwords you chose.
You will have to make sure that 3 of the Android signing tools are located properly. Which they may not be depending on which version of the SDK you have or where the folder is located in your computer.
For example what works for me as of now:
Keytool:
/usr/bin/keytool
Apksigner:
/Users/*myusername*/Library/Android/sdk/build-tools/36.0.0/Apksigner
Zipalign:
/Users/*myusername*/Library/Android/sdk/build-tools/36.0.0/zipalign
Once all the sections have a green check mark you can proceed to next and select a location for your app package to be saved.
You should now see two APKs - for example: appoutput1.apk and appoutput1_unsigned.apk
Ok so if you’ve made it this far great! You’ve completed the first part.
PART 2
Ok so now you need to manually “jarsign” your app and output it as an .aab package that you can upload to the google console.
You open the Terminal and enter the follow replacing the details with your own.
You will be using the unsigned apk.
jarsigner -verbose -sigalg SHA256withRSA -digestalg SHA-256 -keystore /Path/To/Keystore/yourgame.keystore -signedjar Nameofyourapp.aab /Path/To/YourGame/yourgame_unsigned.apk *yourchosenkeyname_associated with your keystore*
Note for the old timers here - it seems like we now need to use sigalg SHA256withRSA -digestalg SHA-256, instead of the previous sigalg SHA1withRSA -digestalg SHA1 - It works for me, and using the previous encryption no longer appears to work.
Important: If you’re not sure how to write out the correct paths. For example Path/to/Keystore - you can just drag your keystore into the terminal and it will automatically write out the path for you. Same goes for the unsigned.apk
Hopefully if all goes according to plan you should have a Nameofyourapp.aab file
You may have to search for it - mine gets output to Users/myusername
Hope that helps! And any additional comments very welcome.