Android: I lost my android key store, what should I do?

Question

Based on my android keystore I created some apps. now, I want to update one of my programs but I lost my keystore. can I generate another one and update my app?

Thanks

dup of http://stackoverflow.com/questions/4322367/i-lost-my-keystore-file/4322386#4322386 — Vladimir Ivanov, Dec 16 '10 at 10:46
Thankfully, you can REQUEST THE UPLOAD KEY TO BE RESET. Create a new keystore, then go to https://support.google.com/googleplay/android-developer/answer/9842756?hl=en, scroll to the bottom where it says "Lost or compromised upload key?" — Zoltán Matók, Feb 07 '21 at 16:09

score 102 · Accepted Answer · answered Dec 16 '10 at 10:40

102

You can create a new keystore, but the Android Market wont allow you to upload the apk as an update - worse still, if you try uploading the apk as a new app it will not allow it either as it knows there is a 'different' version of the same apk already in the market even if you delete your previous version from the market

Do your absolute best to find that keystore!!

When you find it, email it to yourself so you have a copy on your gmail that you can go and get in the case you loose it from your hard drive!

answered Dec 16 '10 at 10:40

Scoobler

9,696
4
36
51

19

did the "gmail backup" for myself :D – WarrenFaith Dec 16 '10 at 11:00
Thanks dear Scoobler. actually, I have my keystore but I zipped it. the problem is I think I forgot that password. for several times I extracted with my password but I don't know why it says me the password is not correct! – Hesam Dec 16 '10 at 11:12
1

Kepp trying that password! As far as I know, there isnt any tools for getting the password either - try everything you can think you may have set it as - then when you email it to yourself as a 'gmail backup' include a password reminder on the email! – Scoobler Dec 16 '10 at 11:23
If i change the package name, can i add it as new app to the market ? – Kamalone Jan 18 '13 at 11:24
As far as I am aware Paru, you can't do that, at least you never used to be able to do that. When I tried changing the package name to see what would happen, I got a message saying there was another version of this app, that was after I had deleted the original app as well. I think the idea was to try and stop copycats who may have gotten hold of someone else code. That was quite some time ago though, so things may have changed. – Scoobler Jan 19 '13 at 08:48
51

Just found it again after trying for 1.5h... I'm gonna tattoo this somewhere – dumazy Mar 10 '14 at 20:46
Even better, just add it to Version Control ! – Shubham A. Jul 24 '16 at 01:28
2

https://support.google.com/googleplay/android-developer/answer/7384423 contact google to update the signing key – Matej Sep 08 '17 at 21:52
Thankfully, you can REQUEST THE UPLOAD KEY TO BE RESET. Create a new keystore, then go to https://support.google.com/googleplay/android-developer/answer/9842756?hl=en, scroll to the bottom where it says "Lost or compromised upload key?" – Zoltán Matók Feb 07 '21 at 16:09

score 47 · Answer 2 · answered Dec 16 '10 at 10:31

47

No, there is no chance to do that. You just learned how important a backup can be.

answered Dec 16 '10 at 10:31

WarrenFaith

57,492
25
134
150

2

Thankfully, you can REQUEST THE UPLOAD KEY TO BE RESET. Create a new keystore, then go to https://support.google.com/googleplay/android-developer/answer/9842756?hl=en, scroll to the bottom where it says "Lost or compromised upload key?" – Zoltán Matók Feb 07 '21 at 16:09

score 29 · Answer 3 · answered Feb 20 '14 at 22:20

29

Brute Force is the only way!

Here is a script that helped me out:

https://code.google.com/p/android-keystore-password-recover/wiki/HowTo

Using a list of 5-10 possible words from memory, it recovered my password in <1 sec.

answered Feb 20 '14 at 22:20

Artur

1,125
11
17

12

That is a great tool, but if you don't have the keystore file that tool will not help – Eric Sep 15 '14 at 02:27
3

Had a bit of a scare. This helped me out as well. I hadn't update the app in a couple of years and forgot the password. It's taught me to document my work. – eBehbahani Sep 24 '18 at 02:33
oh, damn! THANK YOU SO MUCH!!!!! I just got my pass, xd – Mixno Jul 23 '20 at 04:29
Thankfully, you can REQUEST THE UPLOAD KEY TO BE RESET. Create a new keystore, then go to https://support.google.com/googleplay/android-developer/answer/9842756?hl=en, scroll to the bottom where it says "Lost or compromised upload key?" – Zoltán Matók Feb 07 '21 at 16:09
1

Hmm. It just errors for me - java.io.IOException: not a JavaKeyStore – Jammer Mar 04 '21 at 15:36
1

Great tool! I was so near with my password and just trying with caps. It was all in small case. – shrishail sh May 17 '21 at 09:23

JASON G PETERSON · Answer 4 · 2013-01-04T17:09:27.293

As everyone has said, you definitely need the key. There's no workaround for that. However, you might be surprised at how good the data recovery software can be, and how long the key may linger on your systems -- it's a tiny, tiny file, after all, and may not yet be overwritten. I was pleasantly surprised on both counts.

I develop on an OSX machine. I unintentionally deleted my app key around 6 weeks ago. When I tried to update, I realized my schoolboy error. I tried all the recovery tools I could find for OSX, but none could find the file -- not because it wasn't there, but because these tools are optimized to find the sorts of files the majority of users want back (photos, Word docs, etc.). They're definitely not looking for a 1KB file with an unusual file signature.

Now this next part is going to sound like a plug, but it isn't -- I don't have any connection to the developers:

The only recover tool I found that worked was one called Data Rescue by Prosoft Engineering (which I believe works for other files systems as well -- not just HFS+). It worked because it has a feature which allows you to train it to look for any file type -- even an Android key. You give it several examples. (I generated a few keys, filling in the data fields in as like manner as possible to the original). You then tell it to "deep search". If you're lucky, you'll get your key back in the "custom files" section.

For me, it was a life saver.

It's $100 to purchase, so it's not cheap, but it's worth it if you've got a mass of users and no further means of feeding them updates.

I believe they allow you 1 free file recovery in demo mode, but, unfortunately, in my case, I had several keys and could not tell which one was the one I needed without recovering them all (file names are not preserved on HFS+).

Try it first in demo mode, you may get lucky and be able to recover the key without paying anything.

May this message help someone. It's a sickening feeling, I know, but there may be relief.

This software (Data Rescue 4 by Prosoft Engineering) worked for me! I was able to recover my keystore file and keep my job!! — 695Multimedia, Nov 12 '14 at 17:00
This is actually pretty cool. Wish I had seen it back when I lost a key, but at least I've learned my lesson now. =) — Qw4z1, Dec 19 '14 at 09:55

score 4 · Answer 5 · edited Apr 04 '13 at 14:49

If you lost a keystore file, don't create/update the new one with another set of value. First do the thorough search. Because it will overwrite the old one, so it will not match to your previous apk.

If you use eclipse most probably it will store in default path. For MAC (eclipse) it will be in your elispse installation path something like:

/Applications/eclipse/Eclipse.app/Contents/MacOS/

then your keystore file without any extension. You need root privilege to access this path (file).

Igor Čordaš · Answer 6 · 2020-07-16T11:08:01.667

I want to refine this a little bit because down-votes indicate to me that people don't understand that these suggestions are like "last hope" approach for someone who got into the state described in the question.

Check your console input history and/or ant scripts you have been using if you have them. Keep in mind that the console history will not be saved if you were promoted for password but if you entered it within for example signing command you can find it.

You mentioned you have a zip with a password in which your certificate file is stored, you could try just brute force opening that with many tools available. People will say "Yea but what if you used strong password, you should bla,bla,bla..." Unfortunately in that case tough-luck. But people are people and they sometimes use simple passwords. For you any tool that can provide dictionary attacks in which you can enter your own words and set them to some passwords you suspect might help you. Also if password is short enough with today CPUs even regular brute force guessing might work since your zip file does not have any limitation on number of guesses so you will not get blocked as if you tried to brute force some account on a website.

Android: I lost my android key store, what should I do?

6 Answers6

Linked

Related