Use an unchanging default debug certificate when bundling for Android

Eddie_Willman · January 29, 2016, 2:00pm

When bundling for Android without specifying a certificate, a generate certificate is used. This creates the problem that I cannot install the app over a previous installation, since the certificates will differ. It would be helpful if the default certificate wouldn’t change every time the app is bundled.

Currently I have generated a pem and pk8 file from my generated Android debug keystore that I specify each time I bundle. It works, but it’s a bit annoying to have to select them each time.

kosaj · January 29, 2016, 5:43pm

@Eddie_Willman would you mind if I ask you for help generating key? Im using KeyStore Explorer to generate certificate and key but defold dont like the key that is generated…

Defold error:
Build failed: 2016/01/29 18:30:59 ASN.1 structure error: tags don’t match (16 vs {class:0 tag:13 length:45 isCompound:true}) {optional:false explicit:false application:false defaultValue: tag: stringType:0 set:false omitEmpty:false} pkcs8 @2

sicher · January 29, 2016, 6:52pm

You can run the bundler (Bob, the builder) stand alone. Check out http://www.defold.com/doc/bob

kosaj · January 29, 2016, 8:19pm

@sicher thx, I will try with Bob

Eddie_Willman · February 1, 2016, 2:20pm

Here’s how you can generate a keystore, and a pem and pk8 file from it.

# Generate a keystore with validity set to 50 years.
keytool \
-genkeypair \
-keyalg RSA \
-keysize 2048 \
-keystore my_keystore.keystore \
-validity 18250 \
-alias my_alias \
-dname "CN=, OU=, O=My Company or Organization, L=London, S=, C=UK"
 
# Export the keystore to PKCS12.
keytool \
-importkeystore \
-srckeystore my_keystore.keystore \
-srcstoretype JKS \
-destkeystore intermediate.p12 \
-deststoretype PKCS12

# Export from PKCS12 to PEM (Base64-encoding).
openssl pkcs12 \
-in intermediate.p12 \
-out intermediate.rsa.pem \
-nodes

# Copy the private key to a separate file.
sed -n '1,/^-----END PRIVATE KEY/ p' intermediate.rsa.pem > my_private_key.rsa.pem

# Copy the certificate to a separate file.
sed -n '1,/^-----END PRIVATE KEY/ !p' intermediate.rsa.pem > my_certificate.x509.pem

# Convert the private key from PEM to PKCS8.
openssl pkcs8 \
-topk8 \
-in my_private_key.rsa.pem \
-inform PEM \
-nocrypt \
-out my_private_key.pk8 \
-outform DER