App Signing Error "The app signature key information is different from that of the app version uploaded earlier. Please upload a valid key file"

Question

Trying to upload an update in Huawei App Gallery I have created the .zip required for "App Signing":

java -jar pepk.jar --keystore jorgesyskeystore.jks --alias jorgesysioana --output=output.zip --encryptionkey=1234567892224EE22B45D19B23DB91BA9F52DE0A06513E03A5821409B34976FDEED6E0A47DBA48CC249DD93734A6C5D9A0F43461F9E140F278A5D2860846C2CA3B434AC65D --include-cert

The .zip created, contains the required files certificate.pem and encryptedPrivateKey:

But now I get the message, when I try to upload the .zip file:

"The app signature key information is different from that of the app version uploaded earlier. Please upload a valid key file"

The Keystore used to sign this version is the same of later versions.

How could I fix this problem?

Answer 1

The app signature key information is different from that of the app version uploaded earlier. Please upload a valid key file

The error prompts are very clear. That is, the signature of the signature certificate uploaded by you is different from the signature of the released app, please check again.

It is possible that the encryption key you use is a Google command, not provided by Huawei. You need to strictly follow the Huawei following command:

java -jar pepk.jar --keystore test.jks --alias test --output=output.zip --encryptionkey=034200041E224EE22B45D19B23DB91BA9F52DE0A06513E03A5821409B34976FDEED6E0A47DBA48CC249DD93734A6C5D9A0F43461F9E140F278A5D2860846C2CF5D2C3C02 --include-cert

For details, pls follow this docs.

Answer 2

Other than the info. included in the other answer. You can also use Java keytool to print the public key and compare it to see if there is any difference.

You can refer to this post: How to print the public key of a certificate using keytool?

Or this might help: http://developer.android.com/reference/android/content/pm/PackageManager.html

First, unzip the APK and extract the file /META-INF/ANDROID_.RSA (this file may also be CERT.RSA, but there should only be one .RSA file).

Then issue this command:

keytool -printcert -file ANDROID_.RSA You will get certificate fingerprints like this:

MD5: B3:4F:BE:07:AA:78:24:DC:CA:92:36:FF:AE:8C:17:DBSHA1: 16:59:E7:E3:0C:AA:7A:0D:F2:0D:05:20:12:A8:85:0B:32:C5:4F:68 Signature algorithm name: SHA1withRSA Then use the keytool again to print out all the aliases of your signing keystore:

keytool -list -keystore my-signing-key.keystore You will get a list of aliases and their certificate fingerprint:

android_key, Jan 23, 2010, PrivateKeyEntry, Certificate fingerprint (MD5): B3:4F:BE:07:AA:78:24:DC:CA:92:36:FF:AE:8C:17:DB Voila! we can now determined the apk has been signed with this keystore, and with the alias 'android_key'.