must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain

Question

I have done the following steps to sign an APK using the Google upload cert.

1. Got the upload certificate from the app signing section of the google play dev site.

2. Created a key

   keytool -genkey -v -keystore XXXXX.keystore -alias XXXXX -keyalg RSA -keysize 2048 -validity 10000

3. Imported the upload cert from Google

   keytool -importcert -file upload_cert.der -keystore XXXXX.keystore

4. Then I list information about the key store

   keytool -list -v -keystore XXXXX.keystore -storepass Password

5. From there I can see the importer cert from Google has Alias "mykey"

6. When I try to sign the apk using the alias "mykey" jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore XXXXX.keystore android-release-unsigned.apk XXXXX

I get the following error: mykey must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.

Answer 1

Signing an APK requires more than a certificate (which is public information), it requires a private key. Although Play Console shares with you the certificate for convenience, only you have access to the private key. The upload key is whatever key you used to sign the first APK you uploaded (assuming you enrolled in App Signing by Play at this time): just re-sign with the same keystore+alias as your first upload and you'll be fine. If you've lost the key you signed with initially, then you can contact Play support team to have the key reset.