New Android Signing Method

Google have an updated method for app signing: https://support.google.com/googleplay/android-developer/answer/7384423

So I've run through all the steps but I've created my new keystore through Unity in the regular way rather than having to manually sign my apks on the command line.

Trouble is there are restrictions on key length and Unity doesn't seem to meet them:

Upload key restrictions

• The upload key must be an RSA key that's 2048 bits or more.
• The following aren't supported: DSA keys, EC keys, or RSA keys that are less than 2048 bits.

And it gets rejected when I try to enroll...

Can Unity be configured to generate signing keys with a longer length? I can't see any options for doing so when creating the keystores.

 

same problem here
any updates so far?
thanks!

 

I created an upload key with keytool from JDK (no Android studio needed), and that has worked fine so far (dev builds and app working in play store):

Code (CSharp):

1. jdk1.8.0_111\bin\keytool -genkey -v -keystore spinpaint_upload.keystore -storepass <your password> -alias <your key alias> -keyalg RSA -keysize 2048 -validity 10000 -dname "C=<country>, ST=<state>, L=<city>, O=<organization>, OU=<org unit>, CN=<you>"
2.  

Modify anything above in <> as needed.

I always use the upload key in Unity to sign APKs. The only thing is when you install your app from the Play Store you need to uninstall it first on the phone since the store APK will have a different signing key that Google keeps safe.

 

So if you have shipped an app that now has thousands of active installs, and then you enable the new app signing feature in the Google Play Console, all your users will have to uninstall then reinstall to get the new version working?

 

No, if you have an existing app (you sign it yourself) and then opt into the Google program you can send them your signing key to use. See here under Existing Apps.

 

Has this been released yet? If so do you know which version? We currently use 2017.2.0p1

Thanks,

Sam

 

Really? Because the google play console is asking me for an md5 encrypted OAuth certificate signing and I see no such option in the keystore fields within the Unity player settings. Those just have me enter standard text passwords. I’m using 2017.3.1f1

 

Does Unity 5.6.6f2 meets Google's Upload key restrictions?

 

I've been able to get this to work, the missing steps here are generating the ppk to upload to Google Play the steps for which are on the App signing page on the console(encrypted_private_key_path should be in the format "path\\to\\output\\location\\filename.ppk")


Next thing to note, is once you've done this and uploaded it all to the console, they will give you the upload cert, you'll need to download this and import it into a keystore like so - https://stackoverflow.com/a/45749607

Once you've done this, you can simply point unity at the keystore and alias that you imported the key into

If you're not confident with this on a live app I recommend testing on a dummy app first (i.e. set one up to use the old signing method and convert it to the new method)

I'm yet to test whether this is compatible with cloud build but I fail to see why it wouldn't work (assuming you update the keystore in your cloud build credentials with the new one)

UPDATE: Tested on cloud build and it all works

 

Got my answer here: https://forum.unity.com/threads/android-app-signing-by-google.471539/page-2 ;
Added some personal notes.