1. Help us improve the editor usability and artist workflows. Join our discussion to provide your feedback.
    Dismiss Notice
  2. We're looking for feedback on Unity Starter Kits! Let us know what you’d like.
    Dismiss Notice
  3. We’re giving 2017.1 beta testers a chance to win t-shirts and a Nintendo Switch. Read more on the blog.
    Dismiss Notice
  4. We want to know how you learned Unity! Help us by taking this quick survey and have a chance at a $25 gift card
    Dismiss Notice
  5. Unity 5.6 is now released.
    Dismiss Notice
  6. Check out all the fixes for 5.6 on the patch releases page.
    Dismiss Notice

"Package file was not signed correctly" error on publishing

Discussion in 'Android' started by Cyrille Paulhiac_legacy, Oct 3, 2012.

  1. Cyrille Paulhiac_legacy

    Cyrille Paulhiac_legacy

    Joined:
    May 13, 2011
    Posts:
    8
    Hello, I know this is an Android Publishing issue, but I find insteresting to talk here about it because it's an evil trap !

    Customers that buy my newly released game have an "Package file was not signed correctly" error.

    I find that I signed my key with JAVA 1.7 keytool (32bits), that used as algorithm "SHA256withRSA"
    I was thinking this - default - algorithm is not supported by Android Publishing, and provoke this error.

    So I rolled-back to JAVA 1.6, delete my key from my current keystore, and re-create one (same name).
    And it comes with "SHA1withDSA".
    (You can check your keys in a keystore with the command:
    [JDK_PATH]\keytool -v -list -keystore "[YOUR_PATH]\[YOUR_NAME].keystore"


    I thought that will solve my signature problem, but when uploading it in Google Play I encounter the message:
    "The apk must be signed with the same certificates as the previous version."
    I'm really disapointed, the purpose of the new update was specifically to change my current certificate !

    Right now, I do not know what to do, I'm waiting answers from google^^.
    If anyone knows how to CHANGE an algorithm from a .keystore WITHOUT deleteing/creating a key, you're welcome!
     
  2. Errorsatz

    Errorsatz

    Joined:
    Aug 8, 2012
    Posts:
    391
    We ran into a similar issue. The solution, in our case, was to build and sign the game on a different computer (a mac, in this case). Since this does generate a new keystore, you need to delete and re-create your app in Google Play to do it. I'm not sure if there's a way to generate the same key with a different algorithm.
     
  3. Cyrille Paulhiac_legacy

    Cyrille Paulhiac_legacy

    Joined:
    May 13, 2011
    Posts:
    8
    After some researches, I found that was the easiest way.

    I unpublish my game I generate a totaly brand new keystore and key, change the game name and re-upload a new Google Play page.
    It works.

    But, I'm disapointed to have fallen into the "JDK1.7" trap.
    It is really a trap, we will not be the last ones to used the lastest JDK and so the latest -unsupported- crypto algorithm.

    Readers, always check your keystore with the given line:
    you must double check to really be in SHA1 !