Long time we used JDK 6 Jarsigner to sign APK files with jarsigner and a certificate stored in Windows personal certstore (Windows-MY). As JDK 6 is very old now we wanted to move to the newest JDK 8 (1.8.0.111), but we keep getting the error:
jarsigner error: java.security.SignatureException: Keyset does not exist
To reproduce follow this workflow:
- create a certificate using keytool:
"C:\Program Files (x86)\Java\jdk1.8.0_111\bin\keytool.exe" -genkeypair -alias "%Friendly Name%" -keysize 2048 -keyalg RSA -validity 20000 -storetype PKCS12 -keystore c:\%KeyFile%.p12 -storepass %PasswordFromKeePass%
(the long validity is needed for Android)
- Import the p12 into the windows user personal cert store.
- try to sign the apk with following command:
"C:\Program Files (x86)\Java\jdk1.8.0_111\bin\jarsigner.exe" -verbose -storetype Windows-MY -signedjar "D:\%SignedAPK%" "D:\%APKToSign%" "%Friendly Name%"
The command returns:
adding: META-INF/MANIFEST.MF
jarsigner error: java.security.SignatureException: Keyset does not exist
The file SignedAPK gets created and contains the Manifest.mf but nothing else. Executing the same jarsigner command from JDK 6 is working fine with a valid signed apk. Also Keytool list provides valid output for JDK 6 and 8.
Does anyone know whether this is a bug or if we have to change our workflow due to changed Jarsigner behavior?
Best regards,
Klaus