Search Unity

  1. Are you interested in providing feedback directly to Unity teams? Sign up to become a member of Unity Pulse, our new product feedback and research community.
    Dismiss Notice

New Android Signing Method

Discussion in 'Android' started by stejervis, Jul 7, 2017.

  1. stejervis

    stejervis

    Joined:
    Jun 3, 2016
    Posts:
    3
    Google have an updated method for app signing: https://support.google.com/googleplay/android-developer/answer/7384423

    So I've run through all the steps but I've created my new keystore through Unity in the regular way rather than having to manually sign my apks on the command line.

    Trouble is there are restrictions on key length and Unity doesn't seem to meet them:

    Upload key restrictions

    • The upload key must be an RSA key that's 2048 bits or more.
    • The following aren't supported: DSA keys, EC keys, or RSA keys that are less than 2048 bits.
    And it gets rejected when I try to enroll...

    Can Unity be configured to generate signing keys with a longer length? I can't see any options for doing so when creating the keystores.
     
  2. Yury-Habets

    Yury-Habets

    Unity Technologies

    Joined:
    Nov 18, 2013
    Posts:
    1,148
    We'll see what we can do with it. Thanks for the heads up!
     
    stejervis likes this.
  3. CreativePunish

    CreativePunish

    Joined:
    Sep 6, 2014
    Posts:
    1
    same problem here :(
    any updates so far?
    thanks!
     
  4. Yury-Habets

    Yury-Habets

    Unity Technologies

    Joined:
    Nov 18, 2013
    Posts:
    1,148
    It's on our roadmap.
     
  5. reedny

    reedny

    Joined:
    Mar 4, 2017
    Posts:
    56
    I created an upload key with keytool from JDK (no Android studio needed), and that has worked fine so far (dev builds and app working in play store):
    Code (CSharp):
    1. jdk1.8.0_111\bin\keytool -genkey -v -keystore spinpaint_upload.keystore -storepass <your password> -alias <your key alias> -keyalg RSA -keysize 2048 -validity 10000 -dname "C=<country>, ST=<state>, L=<city>, O=<organization>, OU=<org unit>, CN=<you>"
    2.  
    Modify anything above in <> as needed.

    I always use the upload key in Unity to sign APKs. The only thing is when you install your app from the Play Store you need to uninstall it first on the phone since the store APK will have a different signing key that Google keeps safe.
     
  6. timmmeh

    timmmeh

    Joined:
    Dec 9, 2016
    Posts:
    3
    So if you have shipped an app that now has thousands of active installs, and then you enable the new app signing feature in the Google Play Console, all your users will have to uninstall then reinstall to get the new version working?
     
  7. reedny

    reedny

    Joined:
    Mar 4, 2017
    Posts:
    56
    No, if you have an existing app (you sign it yourself) and then opt into the Google program you can send them your signing key to use. See here under Existing Apps.
     
  8. mc1695

    mc1695

    Joined:
    Jun 3, 2016
    Posts:
    3
    Has this been released yet? If so do you know which version? We currently use 2017.2.0p1

    Thanks,

    Sam
     
  9. JuliusM

    JuliusM

    Unity Technologies

    Joined:
    Apr 17, 2013
    Posts:
    760
    Yes. New keys generated starting with Unity 2017.3.1p1 (and later 2017.3 and 2018.x versions) comply with Google requirements. For Unity 2017.2 you can either generate a key yourself (see previous posts in this thread) or use a newer Unity version to generate a key and then use that key with your Unity 2017.2 project.
     
    mc1695 likes this.
  10. SavedByZero

    SavedByZero

    Joined:
    May 23, 2013
    Posts:
    71
    Really? Because the google play console is asking me for an md5 encrypted OAuth certificate signing and I see no such option in the keystore fields within the Unity player settings. Those just have me enter standard text passwords. I’m using 2017.3.1f1
     
    Last edited: Mar 21, 2018
  11. Yury-Habets

    Yury-Habets

    Unity Technologies

    Joined:
    Nov 18, 2013
    Posts:
    1,148
    The whole thread is about Google Play App Signing. Where is the Developer console asking you for a "md5 encrypted OAuth certificate signing"?
     
  12. Loomabox

    Loomabox

    Joined:
    Nov 4, 2015
    Posts:
    41
    Does Unity 5.6.6f2 meets Google's Upload key restrictions?
     
  13. JuliusM

    JuliusM

    Unity Technologies

    Joined:
    Apr 17, 2013
    Posts:
    760
    No. Unity 2017.3.1p1 is the oldest version that generates keys accepted by Google.
     
  14. mc1695

    mc1695

    Joined:
    Jun 3, 2016
    Posts:
    3
    I've been able to get this to work, the missing steps here are generating the ppk to upload to Google Play the steps for which are on the App signing page on the console(encrypted_private_key_path should be in the format "path\\to\\output\\location\\filename.ppk")


    Next thing to note, is once you've done this and uploaded it all to the console, they will give you the upload cert, you'll need to download this and import it into a keystore like so - https://stackoverflow.com/a/45749607

    Once you've done this, you can simply point unity at the keystore and alias that you imported the key into :)

    If you're not confident with this on a live app I recommend testing on a dummy app first (i.e. set one up to use the old signing method and convert it to the new method)

    I'm yet to test whether this is compatible with cloud build but I fail to see why it wouldn't work (assuming you update the keystore in your cloud build credentials with the new one)

    UPDATE: Tested on cloud build and it all works :)
     
    Last edited: Jul 10, 2018
    Yury-Habets likes this.
  15. quizcanners

    quizcanners

    Joined:
    Feb 6, 2015
    Posts:
    103
unityunity