Application signature (key issues)

0 favourites
From the Asset Store
Random Maze Generator with Door & Key System - tutorial capx
  • As ever I think your best course of action here is to raise this as a bug, link below.

    https://github.com/Scirra/Construct-3-bugs

    I refer you to these previous related issues.

    https://github.com/Scirra/Construct-3-bugs/issues/3830

    https://github.com/Scirra/Construct-3-bugs/issues/3949

    Thank you for your participation in this matter. Your knowledge helps in solving this issue for everyone.

    We hope that Scirra will also invest in efforts to resolve this serious issue.

  • UP post

  • RASHID_AB - it is generally accepted that you can bump a post after 24 hours, especially as this is a global forum. If you need to add something to an existing post, please use the edit post button.

  • RASHID_AB - it is generally accepted that you can bump a post after 24 hours, especially as this is a global forum. If you need to add something to an existing post, please use the edit post button.

    Hello. Thank you for writing.

    Now, the question of how to sign an APK application using the built-in Construct 3 tool has become very acute.

    As you can see from what is happening now, there is a problem related to the fact that the application signing tool APK when creating a key and also when signing with a key, the key password and alias password are automatically inserted into the same field (as I understand it) inside the key.jks, and then the key that is created has an invisible error. This error does not allow signing applications with another key that was created outside the Construct boundary. That is, I can no longer sign the application with a key that was created in another application.

    Could you intensify your search for a solution to this issue, which, as I understand it, has been present for a long time?

    I repeat, the Construct 3 game creation tool is simply gorgeous and irreplaceable, for me personally, the tool is an ideal tool for creating games or something else.

    Especially when you are so diligently supplementing it with new features with new examples of new behavior plugins.

    Apart from small mistakes and problems that you diligently solve almost every day, the tool is simply gorgeous.

    But now the problem that is present in my opinion is very much stopping me and other developers. In general, I personally do not know much about deep programming, it may be very difficult for you, but still, you really need to solve this))

  • RASHID_AB It's obvious now that nobody on the forum knows how to solve this. If you think that Construct creates a key in the wrong format, which is no longer supported by Google Play, you need to log a bug report:

    github.com/Scirra/Construct-3-bugs/issues

    Otherwise you can try researching this issue in the internet how to generate a proper v2 key. And if you find the solution, post it here for the benefit of others.

    My workaround was to change the target version to 29. Export as Cordova project, extract files and change target version from 30 to 29 in config.json and config.xml

    Then package back to zip and build with C3 through Export Manager.

    This is only a temporary workaround, I'm afraid Google Play will soon no longer accept SDK 29.

  • RASHID_AB It's obvious now that nobody on the forum knows how to solve this. If you think that Construct creates a key in the wrong format, which is no longer supported by Google Play, you need to log a bug report:

    https://github.com/Scirra/Construct-3-bugs/issues

    Otherwise you can try researching this issue in the internet how to generate a proper v2 key. And if you find the solution, post it here for the benefit of others.

    My workaround was to change the target version to 29. Export as Cordova project, extract files and change target version from 30 to 29 in config.json and config.xml

    Then package back to zip and build with C3 through Export Manager.

    This is only a temporary workaround, I'm afraid Google Play will soon no longer accept SDK 29.

    I agree with you, just reducing the Target SDK is just a temporary solution.

    Of course, you need to invest effort in solving this issue, I think everyone wants to understand this and solve it as needed)

  • Of course, you need to invest effort in solving this issue, I think everyone wants to understand this and solve it as needed)

    I meant you should try investigating it :) And then explain us how to fix it.

  • Try Construct 3

    Develop games in your browser. Powerful, performant & highly capable.

    Try Now Construct 3 users don't see these ads
  • > Of course, you need to invest effort in solving this issue, I think everyone wants to understand this and solve it as needed)

    I meant you should try investigating it :) And then explain us how to fix it.

    I am looking for

  • I just tried creating a new key in Construct 3 and doing a signed release APK build with it. It worked fine.

    One thing that may be at work here is IIRC the keytool used by the server does not support using a different password for the key and the keystore. For this reason we removed the option to use two different passwords when creating a keystore in Construct. But we made this change some time ago and it's been in place for some time. We preserved the option to specify separate passwords when using an existing keystore though, for backwards compatibility with existing keystores. Since then we haven't changed anything apart from the target SDK version, since Google require that, and as far as I can see the signing process still works, at least with a newly created key.

    I'm afraid I can't comment on third-party software - whether or not it works is out of our control and we can't be held responsible for it, so it may be more fruitful to get in touch with the developer of the tool you use.

  • Ashley I haven't actually tried to make a signed APK in the new version, but I believe OP is referring to this issue:

    Google Play doesn't allow uploading APKs targeting SDK 30 and signed with signature scheme v1. Does the C3 build service support v2 signatures?

  • We updated the target API level to 30 a few weeks ago for r231 and this is the first I've heard of it.

    Unfortunately signing is complicated and it's going to be difficult to make changes on the build server - I'm not sure when we could get this updated to the signature scheme v2, if that is indeed now required.

    It still looks confusing: their documentation seems to specify four signing schemes (v1, v2, v3 and v4), and v2 seems to have specific support requirements (Android 6+ only)... maybe we should put back the target API version until we figure this out. In the mean time you can try building an unsigned release APK and sign it yourself as per Google's documentation.

  • Yes, Google Play does require this. I got that error a couple of days ago and had to change target SDK version to 29.

  • Thank you, I am very glad that the information about this has further raised the priority of necessity.

  • I did a signed release build in Construct and ran the following command on it:

    .\apksigner.bat verify --verbose .\test-signed.apk

    It produced the following output:

    Verifies

    Verified using v1 scheme (JAR signing): true

    Verified using v2 scheme (APK Signature Scheme v2): true

    Verified using v3 scheme (APK Signature Scheme v3): false

    Verified using v4 scheme (APK Signature Scheme v4): false

    Verified for SourceStamp: false

    Number of signers: 1

    The line "Verified using v2 scheme (APK Signature Scheme v2): true" appears to indicate the APK is already signed with the APK Signature Scheme v2.

    So I don't know why the Play Store would show an error. Perhaps if you are using your own key it is that key which does not support the v2 scheme? It seems to be valid if you use Construct to both create the key and sign with it. The build server uses apksigner, which is the official Android build tool for signing APKs, and according to the documentation, it appears to automatically detect the signing schemes to use, and according to my test it appears to indeed be correctly adding the v2 scheme. Maybe you could run a similar apksigner command to identify the schemes being added to your own APKs.

    If I speculate, perhaps the v2 scheme can only be added if you use the same password for the keystore and the key - after all, the official keytool program no longer supports different passwords (hence the headache about having separate passwords last year), so maybe the v2 scheme doesn't support different passwords either. 🤷‍♂️

  • Ashley, good to know, thanks for the info!

Jump to:
Active Users
There are 1 visitors browsing this topic (0 users and 1 guests)