Home / Questions / 314230
Accepted
Richard
Asked: 2020-12-06 17:17:02 +0800 CST 2020-12-06 17:17:02 +0800 CST

How to know if my key is RSA 2048 bits or how to generate one?

  • 772

Just recently I lost my key that is used to keep updating my apk in the play store ask for help with play console support.

First option

To solve my problem I have to generate a new key , I tried to do it with Androi Studio . Following the documentation but when giving Ok the following alert message appears.

Key was created with errors:

Warning: The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12, which is an industry standard format that uses "keytool -importkeystore -srckeystore Path \update-keystore.jks -destkeystore Path \update-keystore.jks -deststoretype pkcs12".

Which I don't know if it generates me as requested by Google assistance, which says that This key must be a 2048-bit RSA key and is valid for 25 years.

  • How do I validate if my generated key is RSA 2048 bits ?

Other option given by Google support

Is you use the following commands to generate it

keytool -genkeypair -alias upload -keyalg RSA -keysize 2048 -validity 9125 -keystore keystore.jks

When you try to use it by entering the path of c:\Program Files\Java\jdk1.8.0_181\bin>executing the following.

keytool -genkeypair -alias upload -keyalg RSA -keysize 2048 -validity 9125 -keystore 'C:\Users\User\Documents\Trabajo\Proyecto\resourse\almacen-de-claves\keystore.jks'

shows the following message

Option not allowed: with keytool -genkeypair [OPTION]...

android-studio

1 Answers

  1. Best Answer

    Regarding the jks warning, it is just that, a warning because jks is a format that is not recommended. The solution to the warning is that, when you follow the documentation step that says

    key store

    • Key store path: Select the location where your keystore should be created.

    change the output keystore path to be PKS12 ( upload-keystore.pks12). You can also change the format of the keystore you already have

    keytool -importkeystore \
    -srckeystore keystore.jks \
    -destkeystore keystore.p12 \
    -deststoretype PKCS12 \
    -srcalias <jkskeyalias> \
    -deststorepass <password> \
    -destkeypass <password>

    Edit : To generate the certificate, the command is

    keytool -genkey -alias <desired certificate alias> 
-keystore <path to keystore.pfx>
-storetype PKCS12 
-keyalg RSA 
-storepass <password> 
-validity 9125 
-keysize 2048

    To know how your private key is defined, check the content of the keystore

    keytool -list -v -keystore ../path/de/tu/archivo/upload-keystore.jks -alias myalias

    The keytool comes with the JDK, so you should find it there. He aliasmust be the one you put your private key in that same form.

    enter image description here

    It is possible to see the length of the key usingopenssl

    openssl rsa -in private.key -text -noout

    And for this, you would have to first export the key from the keystore

    openssl pkcs12 -in keystore.p12  -nodes -nocerts -out key.pem

    Or you could also use keystore-explorer

    • 1