14

I have an android app that I am trying to protect using quixxi.com however it requires me to sign the app again. But to do this it has to use .jks files but my keystore is .keystore

I am using Xamarin.Android in C# with Visual Studio 2017

Is there any way around this?

SushiHangover
  • 73,120
  • 10
  • 106
  • 165
Ciaran
  • 199
  • 1
  • 2
  • 14

1 Answers1

25

If you are using a Java keystone to sign your Android apps (Xamarin-based or not) then the odds are 99.999% that the XXX.keystore that you are using to sign your Xamarin.Android apps is already in JKS format and not PKCS12 format.

A quick way of checking is to dump your keystone in RFC format and review the Keystore type: field.

Example:

/usr/bin/keytool -list -rfc -keystore debug.keystore |grep "Keystore type"

Output:

Enter keystore password:

*****************  WARNING WARNING WARNING  *****************
* The integrity of the information stored in your keystore  *
* has NOT been verified!  In order to verify its integrity, *
* you must provide your keystore password.                  *
*****************  WARNING WARNING WARNING  *****************

Keystore type: JKS

Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore debug.keystore -destkeystore debug.keystore -deststoretype pkcs12".

Example (non-filtered):

/usr/bin/keytool -list -rfc -keystore sushi.keystore

Output:

Enter keystore password:

*****************  WARNING WARNING WARNING  *****************
* The integrity of the information stored in your keystore  *
* has NOT been verified!  In order to verify its integrity, *
* you must provide your keystore password.                  *
*****************  WARNING WARNING WARNING  *****************

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: androiddebugkey
Creation date: Aug 20, 2017
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
-----BEGIN CERTIFICATE-----
MIIDDTCCAfWgAwIBAgIEeCTY/jANBgkqhkiG9w0BAQsFADA3MQswCQYDVQQGEwJV
~~~~
KvHIbSHVBsryiyCwPJkXP6A=
-----END CERTIFICATE-----


*******************************************
*******************************************

If you actually need to convert a PKCS12 type store to new JKS keystore type file:

keytool -importkeystore -srckeystore somekeystore.pkcs12 -destkeystore somenewkeystore.jks -deststoretype jks
SushiHangover
  • 73,120
  • 10
  • 106
  • 165
  • 1
    Where do I write the code for converting a PKCS12 to JKS? – Ciaran Apr 20 '18 at 08:03
  • 1
    @Ciaran What to you mean where? `keytool` is a cmd-line utility – SushiHangover Apr 20 '18 at 08:06
  • is there anyway of doing this in visual studio? cmd said "'keytool' is not recognised as an internal or external command, operable program or batch file" – Ciaran Apr 20 '18 at 11:44
  • @Ciaran no, keytool is a part of the java install, look in C:\Program Files\Java\jdk(some version number)\bin – SushiHangover Apr 20 '18 at 12:13
  • oh ok sorry I am new to this, and where do I write the line? in the command prompt? it said "'keytool' is not recognised as an internal or external command, operable program or batch file" when I tried using Command Prompt – Ciaran Apr 20 '18 at 13:03
  • 3
    if you are on a Windows machine just copy the debug.keystore file into the `C:\Program Files\Java\#jdk_version#\bin folder`, open a terminal window from this folder and run: `keytool -list -rfc -keystore debug.keystore` – Antonino Sep 17 '18 at 04:05
  • `keytool -list -rfc -keystore debug.keystore` returns `keytool error: java.io.IOException: Invalid keystore format` – Spixy Feb 02 '23 at 11:43
  • 1
    Thank you very much! I was able to convert a `.keystore` key that was actually of `PKCS12` into a `.jks` to setup a React Native app on Expo. – RilDev May 16 '23 at 10:36