I lost my .keystore file?

Question

Ok folks.. long story short, I was developing on a computer that I no longer have access to. I was able to retrieve the source code, but not the .keystore file used to sign

Answer 1

Yes, you can release an update to existing app with a new key!

Google now allows you to upload the new key to existing app by requesting them to reset it through email/live chat in Google Support.

This process takes 1-2 business days.

I followed this process and uploaded an update to the same app with a new key. Google Play Store technical team helped me to reset the previous key.

Answer 2

There must be a way around this.. what about a hard drive fail?

I would like to add that always keep a backup of the keystore in cloud storage like Google Drive, Dropbox or email it to yourself.

Answer 3

If you have enabled Google Play App signing for your application you do not need to worry.

To check if you have Google Play App signing enabled, go to Release management -> App Signing, in your Google Play Console.

If it is enabled you can contact Google Play Support by filling the support form or else you can also opt for live chat with a support personnel here: https://support.google.com/googleplay/android-developer/answer/7218994?hl=en

Explain them your issue and they will tell you the next steps which include creating a new 2048 bit RSA keystore with 25 years validity and exporting the key to PEM format and emailing it to them.

To export key to PEM format:

keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jks

Answer 4

Now it is possible don't worry, here is the full and final steps to reset .JKS file.

Step-1

Download the UPLOAD CERTIFICATE (file name - upload_cert.der) from your Google Play Store Console

Step-2

Go to this LINK https://support.google.com/googleplay/android-developer/contact/otherbugs And fill the application form with your valid Email ID and upload the file (upload_cert.der).

Step-3

Now you will get the Email from support team, and they don't need your .JKS file but .PEM file here is the email Sample.

Step-4

to convert .JKS file to .PEM file you just have to download KeyStore Explorer

After replying the Mail, wait for 48 to 72 hours your keystore fill will reset.

Answer 5

Until today, losing your key would make it impossible to update your app with a new version. In such cases, the only solution was to publish a new app, with a new package name and key, and ask all of your users to install it.

Starting from today, the app signing key in the Play Console is now securely managed by Google Play meaning that you are only responsible for managing your upload key. If your upload key is compromised or lost, Google's developer operations team can assist by verifying your identity and resetting your upload key. Google will still re-sign with the same app signing key, allowing the app to update as usual.

For existing apps, it requires transferring your app signing key to Google Play. For new apps, Google can generate your app signing key. Once enrolled in app signing, you sign your APK with an upload key, which Google uses to authenticate your identity. They'll then strip that signature and re-sign your app with the app signing key.

Reference: Play Console Help > Manage your app signing keys

Answer 6

It’s Possible now, After May 2017 you can Update your app if you lost your keystore or keystore password. You can not recover your lost keystore but you can replace keystore on playstore. Click here

App signing process:

You can upload APKs signed with the original app signing key before or after you opt in to app signing by Google Play.

If you’re starting to use Android App Bundles, you can test them in testing tracks while you use your existing APK in production. Here’s how the process works:

1. Sign your app bundle or APK and upload it to your Play Console.

2. Depending on what you upload, here’s how the signing process differs:

   • App bundle: Google generates optimized APKs from your app bundle and signs them with the app signing key.
   • APK signed with upload key: Google verifies and strips your signature from the APK, and then resigns the APK with the app signing key.
   • APK signed with app signing key: Google verifies the signature. Google delivers signed APKs to users.