0. Upload key & application signing key
"Google will use your upload certificate to verify your identity and your app signing key to sign the APK for distribution"
The above is the official explanation.
From August 2021, applications uploaded to Google Play must be in aab format, and the signing process of aab is more complicated than that of the previous apk. Two keys, the upload key and the app signing key, are required.
First, you need to upload or update two keys on the google developer platform (there are three situations here, which will be described in detail below: 1. Create a new aab application in google play 2. Update the key for the aab application before google play 3 .Update the key for the apk application before google play. Here, the third case is more complicated, because the apk used to have only one key, and now it needs to be updated to two keys of aab. The previous key cannot be lost. You need to sign the new key with the previous key and upload it to update successfully). Then use android studio to play the aab package signed with the upload key, and upload it to the google play console. Google play Console will verify the upload key of the aab application, if the verification fails, the upload will fail. After the upload is successful, the version can be published. After the review is passed, when the user downloads the application on Google Play, Google Play will remove your upload key, assemble the aab into an apk, and then sign it with the application signing key for the user to download.
0.1. Generate upload key
Fill in the information, note: the validity period is preferably 25 years, if the time is too long, it may fail the review when uploading to Google Play.
Make a note of the key's alias and password,
In the future, use this key to sign aab and upload it to Google Play.
0.2. Generate application signing key
The basic process is the same as that of generating an upload key, but there are a few places to pay attention to
When generating a new key, it is best to choose the .keystore format
Apps on Google Play must check the "Google Play App Signing" option
upload the signature to google play console
1. The process of listing aab on Google play
1.1. Create an application
Click to create application
Fill in the information and click Create
1.2. Fill in the product details in turn according to the prompts
1.3. Add countries and regions
1.4. Create a release version
1.5. Upload your own signature
Upload your own signature file (upload key + application signing key)
Download the pepk tool and generate the required files according to the command line
App signing key:
java -jar pepk.jar --keystore=test_app_signing_key.keystore --alias=swiftpasssign --output=app_sigining_key_output.zip --include-cert --encryptionkey=eb10fe8f7c7c9df715022017b00c6471f8ba8170b1304 9a11e6c09ffe3056a104a3bbe4ac5a955f4ba4fe93fc8cef27558a3eb9d2a529a2092761fb833b656cd48b9de6a
Upload key:
keytool -export -rfc -keystore test_upload_key.jks -alias swiftpass -file upload_key_certificate.pem
Click save after uploading
It will prompt after saving successfully
Note: If only the application signing key is uploaded but the upload key is not uploaded at this time, after the review is passed, the two keys will be the same in the application integrity section.
1.6. Upload aab file
After the upload is successful, fill in the corresponding information and click Save
click to check
Version check passed, click release official version
In the version overview, you can view the current released version, which is in the state of "ready for review"
Click "Submit for Review" in the release overview
2. Google play aab application update signature
The application signing key can only be modified once a year, and the upload key needs to be modified by contacting the Google team.
2.1. Modify the application signing key app_signing_key
Generate the required files according to the command line
The command line contains the operation of signing the new application signing key with the upload key
java -jar pepk.jar --keystore=new_app_signing_key.keystore --alias=wftsign --output=new_app_signing_key_output.zip --signing-keystore=test_upload_key.jks --signing-key-alias=swiftpass --encryptionkey=eb10fe8f7c7c9df715022017b00c6471f8ba8170b13049a11e6c09ffe3056a104a3bbe4ac5a955f4ba4fe93fc8cef27558a3eb9d2a529a2092761fb833b656cd48b9de6a
Choose an upgrade version as needed
Upload the file, select the reason, and click Upgrade
click to confirm
The system will prompt
At this time, check the application signing key again, it has been changed
2.2. Modify the upload key upload_key
need to contact google team
3. The apk application on Google play is updated to aab
3.1. Upload upload key and application signing key
Generate app signing key
Pay attention to pitfalls
Note: First use the signature file used to upload the apk to generate it first, and then upgrade and modify it after generation
old signature file
java -jar pepk.jar --keystore=spay_intl_keystore.jks --alias=spay_intl --output=old_app_signing_private_key.pepk --encryptionkey=eb10fe8f7c7c9df715022017b00c6471f8ba8170b13049a11e6c09ffe3056a104a3bbe4ac5a955f4ba4fe93fc8cef27558a3eb9d2a529a2092761fb833b656cd48b9de6a
Generate upload key
keytool -export -rfc -keystore swiftpass_upload_key.jks -alias wft -file upload_certificate.pem
upload key
uploaded successfully
3.2. Replace the application signing key
Note: Because the encryption strength of the old key does not meet the new Google Play standard.
Upload a new app signing key
The application signing key needs to be signed with the upload key when generating it (this operation is already included in the command line, just replace the corresponding parameters)
java -jar pepk.jar --keystore=swiftpass_app_signing_key.keystore --alias=wftsign --output=app_sigining_key_output.zip --signing-keystore=swiftpass_upload_key.jks --signing-key-alias=wft --encryptionkey=eb10fe8f7c7c9df715022017b00c6471f8ba8170b13049a11e6c09ffe3056a104a3bbe4ac5a955f4ba4fe93fc8cef27558a3eb9d2a529a2092761fb833b656cd48b9de6a
Select reason, upload key