SOLUTION: You uploaded an APK with an invalid signature - digest algorithm SHA-256 / Signature RSA

gingagaminggingagaming FREELANCE GS DEVMember Posts: 1,685
edited October 2017 in Community Tutorials

So I have had a couple of clients contact me with recent issues with publishing and updating Google play apps. It seems there are issues with some older .keystore certs and apps and google are no longer allowing you to update the app (or sign new ones) using the algorithm SHA-256. From my research, it looks like its caused by Java 8 and Sierra and combined with GameSalad using the default Jarsigner of SHA-256 to sign the apps. Maybe @adent could really look into this further as this is a game breaker for people with these .keystore’s as without manual signing, you will not be able to update your apps in Google Play!

The error that is shown in Google Play is something like this:

Upload failed
You uploaded an APK with an invalid signature (learn more about signing). Error from apksigner: ERROR (Jar signer XXX.RSA): JAR signature META-INF/XXX.RSA uses digest algorithm SHA-256 and signature algorithm RSA which is not supported on API Level(s) 10-17 for which this APK is being verified

Personally I don’t have this issue as my .keystore works without error but for those of you who are experiencing this I have listed an easy way to sign your apps without using the GameSalad signing tool. However to do this you need to use Terminal and therefore should also proceed with caution as Terminal can break your operating system if used incorrectly. So as with anything you stumble on on the internet, please take my instructions as a guide only and always back up your machine and work before attempting this solution.

Instructions:
-Generate an UNSIGNED APK
-Rename the UNSIGNED APK old.apk and delete the signed version to save confusion
-Place old.apk on your desktop
-Locate your keystore signing key (the one you normally sign your apps with)
-Make a copy of it and place it on your desktop for ease of the code below
-Change the following code so that AAA is your home folder of your computer and BBB to your keystore name (without extension as I have included this)

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore /Users/AAA/Desktop/BBB.keystore >/Users/AAA/Desktop/old.apk android

-Open Terminal and copy/paste the above code and press enter. This will generate a new signed APK called new.apk
-The change the following code so AAA is your home folder again:

/Users/AAA/Library/Android/sdk/build-tools/25.0.2/zipalign -v 4 /Users/AAA/Desktop/old.apk >/Users/AAA/Desktop/new.apk

This will zip align your APK. This path is based on the assumption you have installed the android SDK in the correct position as instructed when installing your Android SDK, if you didn’t follow that instruction, you will have to enter the new path in the above code before exicting it in terminal.

You will now have a signed app using SHA1withRSA which is zip aligned and can upload this to Google play without error.

If you are unsure how to use Terminal or feel that this is a little to advanced for you, I can offer this as a service to complete this for you. Just send me a PM or email me directly at damien@gingagaming.com and I can do this for you for a small fee.

Comments

  • gingagaminggingagaming FREELANCE GS DEV Member Posts: 1,685

    Giving @ForumNinja a nudge as I've just spotted him online and maybe able to escalate to the powers that be...

  • adent42adent42 Key Master, Head Chef, Executive Chef, Member, PRO Posts: 3,170

    SHA256 is supported for API levels 18 and higher (Jelly Bean 4.3). If you exclude lower levels, you only loose 6.8% of the market (mostly people stuck on earlier Jelly Bean iterations).

    Since it effects such a small market of much older OSes and there is a manual work-a-round, we're probably not going to fix this issue.

    Getting the new tool up to the standards of the current tool, adding engine features, and fixing High Sierra bugs are all higher priority.

  • gingagaminggingagaming FREELANCE GS DEV Member Posts: 1,685
    edited October 2017

    @adent42 said:
    SHA256 is supported for API levels 18 and higher (Jelly Bean 4.3). If you exclude lower levels, you only loose 6.8% of the market (mostly people stuck on earlier Jelly Bean iterations).

    Since it effects such a small market of much older OSes and there is a manual work-a-round, we're probably not going to fix this issue.

    But you don't allow us to exclude lower than 13! We only have the option of excluding lower than 13 which is the issue. You also stoped us from restricting versions iOS too. We can't restrict any version of iOS (not that that is related to this issue but it is also needed).

    So as we can't restrict Android version lower than 13, we can't get around this issue other than signing the app outside GS. If you can change the publishing side to restrict any version then this will solve the issue. Please don't dismiss the issue because users can do it manually in terminal. We have already have lost signing for Windows and have to use Terminal for this, Losing Android as well isn't good for the software. Using Terminal to sign apps is a bad thing for GameSalad. (in my opinion). The average user wouldn't normally use Terminal and is at high risk of doing something Terminal (see what I did there...) So moving forward to a quick fix, can you simply add the ability in the publishing side to restrict below 18 rather than 13 please?

    Getting the new tool up to the standards of the current tool, adding engine features, and fixing High Sierra bugs are all higher priority.

    I agree but we also need creator 1.0 to stay stable!

  • JapsterJapster Member Posts: 672
    edited October 2017

    +1

    I also got really excited about the QR code functionality until I realised it was only gonna be in the web tool... darn it....

    I'm also getting concerned by the complete lack of responses from GS (also messaged using the blue box as well as asking fellow users on the forum, and even emailed RevMob) about whether or not Video Reward ads should actually work...

    Not feeling the love atm....

  • adent42adent42 Key Master, Head Chef, Executive Chef, Member, PRO Posts: 3,170

    @gingagaming doh, forgot about that. I'll look into updating the publishing system to make that more flexible.

    And the High Sierra fix is part of the stability thing :)

    @Japster, sorry about that, the team is a bit backlogged. They should both work. @ForumNinja is checking his test cases again now.

  • adent42adent42 Key Master, Head Chef, Executive Chef, Member, PRO Posts: 3,170

    @gingagaming I've updated the Min SDK Level range to go up to 18!

  • JapsterJapster Member Posts: 672

    @adent42 said:
    @Japster, sorry about that, the team is a bit backlogged. They should both work. @ForumNinja is checking his test cases again now.

    Thanks @adent42 , @ForumNinja - really appreciated - Apologies for jumping in on this thread, but after seeing you'd responded to Damien I figured I'd try and catch your ear here... :smile:

    I'd love to know if it's just a (fixable) bug or something stupid I haven't done with my testing, but failing that, I'm pretty (alright, REALLY) stumped.... :frowning:

    Maybe I need a valid App Store URL for RevMob before it will work as expected? (I do for Chartboost, apparently, that at present does diddly - no ads, nothing, even though it's set up and integrated for everything other than the app store URL), but I figured in test mode, you wouldn't actually make the app live on the store (doesn't make sense if I need rewarded ads to make sure I can monetise it, and if they aren't live how do the players earn more rewards/turns etc - like I say, that doesn't make sense to me!), and until it's live, any attempt to access/cross-reference it on the app store by RevMob or Chartboost should fail?

    Cheers...

    @gingagaming - Apologies for the mini de-rail of your thread mate, but glad to hear that the guys are taking on board your simpler (and fast!) solution to the problem!

  • gingagaminggingagaming FREELANCE GS DEV Member Posts: 1,685

    @adent42 said:
    @gingagaming I've updated the Min SDK Level range to go up to 18!

    Ive just done a test and setting the restriction to 18 does solve this issue. Thank you for addressing this so quickly. Any chance you can do the same on the iOS too? We have functionality listed there, just needs activating as its greyed out.

  • pHghostpHghost London, UKMember Posts: 2,342

    @gingagaming said:
    Any chance you can do the same on the iOS too?

    Seconded! Please!

  • unbeatenpixelunbeatenpixel Game Developer Member, PRO Posts: 568

    @gingagaming said:

    @adent42 said:
    @gingagaming I've updated the Min SDK Level range to go up to 18!

    Any chance you can do the same on the iOS too?

    +1

    Check out my games on the App Store!

    Wordgraphy / Polycolor / 20 Seconds / Minimal Maze

  • gingagaminggingagaming FREELANCE GS DEV Member Posts: 1,685

    @Braydon_SFX I think this can be unpinned now as @adent42 quick fix solves the issue and makes this post redundant now! Thank you all for pushing this fix through and saving devs a lot of work.

  • pHghostpHghost London, UKMember Posts: 2,342

    We still need the same option for iOS! :wink:

  • gingagaminggingagaming FREELANCE GS DEV Member Posts: 1,685

    @pHghost said:
    We still need the same option for iOS! :wink:

    I agree but I think it was "selective hearing" when it can to the iOS request!

  • adent42adent42 Key Master, Head Chef, Executive Chef, Member, PRO Posts: 3,170

    Lol... kind of? Basically been busy juggling servers over the last few days. I think I may finally have gotten things settled. I'll take a look now.

  • adent42adent42 Key Master, Head Chef, Executive Chef, Member, PRO Posts: 3,170
    edited October 2017

    Okay... so this is a bit embarrassing. A while back, we locked the min OS version for newer engines. Aaaand... I forget why. I'm pretty sure that we can't dynamically adjust min versions like we can for Android. Basically we'd have to recompile to handle different binary versions. I don't think this is a impediment for anyone like it is for Android though (just a little annoying if you want to enforce a higher spec machine for a resource intense game). I'll do some research, but I think that we'll leave it locked for now unless something at Apple forces our hand.

  • pHghostpHghost London, UKMember Posts: 2,342
    edited October 2017

    @adent42 said:
    Okay... so this is a bit embarrassing.

    No worries. It's be nice to be able to limit it, as you said, mainly for resources intense projects, but if it's not a simple quickie fix like with Android, s'all good. There are more important fishies to fry. High Sierra, wink, wink... :wink:

  • gingagaminggingagaming FREELANCE GS DEV Member Posts: 1,685

    @pHghost said:

    @adent42 said:
    Okay... so this is a bit embarrassing.

    No worries. It's be nice to be able to limit it, as you said, mainly for resources intense projects, but if it's not a simple quickie fix like with Android, s'all good. There are more important fishies to fry. High Sierra, wink, wink... :wink:

    I agree. Android was a game breaker whilst iOS is just frustrating. Keep moving forward with the new tool and the Sierra fix for Creator

  • GeordiestrandGeordiestrand Member Posts: 8

    Would just creating a new keystore work I am encountering this issue but haven't published any apps yet I just created my keystore a while ago

  • gingagaminggingagaming FREELANCE GS DEV Member Posts: 1,685

    @Geordiestrand said:
    Would just creating a new keystore work I am encountering this issue but haven't published any apps yet I just created my keystore a while ago

    Creating a new keystone will work but only if you don't update an existing published app as it will be rejected. However as you haven't published an app yet, in your case, this will work.

  • gingagaminggingagaming FREELANCE GS DEV Member Posts: 1,685

    @tatiang can we bury this thread as its irrelevant now and no need for it to be pinned. Thank you!

  • alpharittoalpharittoalpharittoalpharitto Member Posts: 2
    edited December 2018

    @gingagaming said:
    Giving @ForumNinja a nudge as I've just spotted him online and maybe able to escalate to the powers that be... https://notepad.software/ https://downloader.vip/malwarebytes/ https://filezilla.software/

    Getting the new tool up to the standards of the current tool, adding engine features, and fixing High Sierra bugs are all higher priority.[

Sign In or Register to comment.