Search Unity

  1. Welcome to the Unity Forums! Please take the time to read our Code of Conduct to familiarize yourself with the forum rules and how to post constructively.
  2. We have updated the language to the Editor Terms based on feedback from our employees and community. Learn more.
    Dismiss Notice
New Forum User Notice Update to the Unity Editor Software Terms

Bug Keystore upload is broken?

Discussion in 'Unity Build Automation' started by alexander_unity978, Aug 14, 2023.

  1. alexander_unity978

    alexander_unity978

    Joined:
    Jul 11, 2023
    Posts:
    2
    Hi,

    I was trying to upload a keystore for Android to the Unity Cloud -> Gaming Services -> Settings -> Credentials.


    When I tried uploading this to the Credentials it said "Keystore failed validation (invalid password or alias)."

    I triple checked the passwords and alias.
    The keystore was succesfully used to build with unity editor and upload on Google Play store.

    So I created another keystore and it still said the same: "Keystore failed validation (invalid password or alias)."

    Then I went testing the Keystore upload feature and this is what I found:


    TestCase 1:
    Keystore:
    Any configuration of passwords and aliases
    Input to Unity cloud:
    Incorrect keystore password
    Result:
    ERROR:"The password entered for this keystore was invalid."

    TestCase 2:
    Keystore:
    Any configuration of passwords and aliases
    Input to Unity cloud:
    Incorrect alias name
    Result:
    FAIL:"This does not appear to be a valid keystore file. Perhaps it's been corrupted."

    TestCase 3:
    Keystore:
    Keystore password is different from alias password
    Input to Unity cloud:
    correct keystore password
    correct alias name
    correct alias password
    Result:
    FAIL: "Keystore failed validation (invalid password or alias)."

    TestCase 4:
    Keystore:
    Keystore password is same as alias password
    Input to Unity cloud:
    correct keystore password
    correct alias name
    incorrect alias password !!!
    Result:
    UPLOAD SUCCESS
    Build success

    TestCase 5:
    Keystore:
    Keystore password is same as alias password
    Input to Unity cloud:
    correct keystore password
    correct alias name
    INcorrect alias password
    Result:
    UPLOAD SUCCESS
    Build failed with "Failed to read key uploadtestkey from store "BUILD_PATH/p\bvr\6fa94529-7256-42ce-a459-e8434eb63abf.keystore": Get Key failed: Given final block not properly padded. Such issues can arise if a bad key is used during decryption."


    Conclusion:
    It seems that in order to load a keystore for Unity cloud build it has to have same keystore password AND key password.


    I just can't wrap my head around what is going on with the credentials upload.
    The same password requirement is a clear security issue.

    Can anyone explain this behaviour?
    Do you have different/similar experiences?
    Am I doind something wrong?
     
    alexander_unity978, Aug 14, 2023
    #1

  2. kristoffer-roro

    kristoffer-roro

    Joined:
    Jan 11, 2023
    Posts:
    1
    Has there been any update on this? I'm seeing the same issue. Being forced to use the same password for both the keystore and the key seems like an awful practice from a security standpoint.
     
    kristoffer-roro, Aug 18, 2023
    #2

  3. scar027

    scar027

    Joined:
    May 23, 2018
    Posts:
    5
    Weird, I was able to use different passwords.
     
    scar027, Aug 20, 2023
    #3

  4. brettkercher

    brettkercher

    Unity Technologies

    Joined:
    Mar 19, 2018
    Posts:
    3
    Hey! I was able to verify this behavior and dug into it a bit more. This most likely related to a known issue unrelated to Unity. See: https://developer.android.com/studio/known-issues#ki-key-keystore-warning

    For TestCase 4/5 - Since the passwords must be the same, the software being used to validate the keystore is actually purposely ignoring the provided alias password. The full error message that we receive internally is "Different store and key passwords not supported for PKCS12 KeyStores. Ignoring user-specified -keypass value."

    There doesn't seem to be much we can do on our end about this, but I'll at least look into getting a more useful error message surfaced in this scenario.
     
    brettkercher, Aug 22, 2023
    #4

  5. alexander_unity978

    alexander_unity978

    Joined:
    Jul 11, 2023
    Posts:
    2
    The useful error message would help a lot to clear the confusion.

    Thanks for looking into it.
     
    alexander_unity978, Aug 24, 2023
    #5