Skip to main content
H
hhhhhhhhhhhhhh5
Inspiring
June 5, 2018
Answered

How to move .p12 to a .keystore?

  • June 5, 2018
  • 2 replies
  • 4716 views

Does anyone know how to move (convert?) .p12 to a .keystore? I'm migrating an app to Unity and Google Play requires existing apps to be signed with the same credentials. Thanks!

    This topic has been closed for replies.
    Correct answer -_Simon_-

    My .p12 was created in 2012. I suspect the error that I'm getting is related to some incompatibility between JDK 8 and whatever old JDK that was used in 2012. Did you run your test with a relatively new .p12?


    >My .p12 was created in 2012.

    Use portecle to create a jks from your p12

    Enroll in Google Key Signing and follow the instructions in the Play Developer Console - ie use pepk.jar to extract a pem from your new jks - and get a new upload key from Google for app signing on your side.

    Although Google specify RSA2048 minimum they have a workaround in place to support legacy keys if you're enrolling an existing app for updates rather than creating a new key/app.

    Simon

    2 replies

    A
    ASWC
    Inspiring
    June 5, 2018

    I'm not aware of Google play having changed their policy on app signing, good for you if it's the case. If it's not the case it's not the credentials that must remain the same but the certificate itself (the physical file). In that case I'm not sure a conversion will work but of course you can give it a try.

    Colin Holgate
    Colin Holgate
    Inspiring
    June 5, 2018

    I don't know the exact command, but keytool is most likely what you'll need:

    Java Keytool Commands

    You have a different problem though, in that the app id starts with air. currently. You could perhaps use the same app id in Unity, but a different approach would be to do an update to the AIR app, that promotes the upcoming improved version. People would then buy your Unity app as a new game, with its own app id and certificate.

    H
    hhhhhhhhhhhhhh5Author
    Inspiring
    June 5, 2018

    I did try keytool. When attempting to do anything with my .p12, it throws this error:

    keytool error: java.security.cert.CertificateException: Unable to initialize, java.io.IOException: DerInputStream.getLength(): Redundant length bytes found

    java.security.cert.CertificateException: Unable to initialize, java.io.IOException: DerInputStream.getLength(): Redundant length bytes found

            at sun.security.x509.X509CertImpl.<init>(Unknown Source)

            at sun.security.provider.X509Factory.engineGenerateCertificate(Unknown Source)

            at java.security.cert.CertificateFactory.generateCertificate(Unknown Source)

            at sun.security.pkcs12.PKCS12KeyStore.loadSafeContents(Unknown Source)

            at sun.security.pkcs12.PKCS12KeyStore.engineLoad(Unknown Source)

            at java.security.KeyStore.load(Unknown Source)

            at sun.security.tools.keytool.Main.doCommands(Unknown Source)

            at sun.security.tools.keytool.Main.run(Unknown Source)

            at sun.security.tools.keytool.Main.main(Unknown Source)

    Caused by: java.io.IOException: DerInputStream.getLength(): Redundant length bytes found

            at sun.security.util.DerInputStream.getLength(Unknown Source)

            at sun.security.util.DerValue.<init>(Unknown Source)

            at sun.security.util.DerInputStream.getDerValue(Unknown Source)

            at sun.security.x509.X509CertImpl.parse(Unknown Source)

            ... 9 more

    I found several discussions on how to deal with it, none seems to be conclusive. There's also an option to sign up for Google managing keys. Hopefully it will accept this .p12.

    Colin Holgate
    Colin Holgate
    Inspiring
    June 5, 2018

    What was the line you typed, that led to the errors?

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices