[Solved] Your Android App Bundle is signed with the wrong key

[Solved] Your Android App Bundle is signed with the wrong key

To submit or publish your Android app on the Google Play Store, you have to configure the app bundle keys.

If you are using the Expo tool for app development, you have to configure Android key credentials at the beginning or anytime during development.

Ensure you configure your Android key credentials before uploading your apk on Google Play.

Otherwise, you will get an error.

Your Android App Bundle is signed with the wrong key. Ensure that your App Bundle is signed with the correct signing key and try again. Your App Bundle is expected to be signed with the certificate with fingerprint:
SHA1: <key_1>
but the certificate used to sign the App Bundle you uploaded has fingerprint:
SHA1: <key_2>

Whether you are publishing app on play store first time or if you have forgotten your keystore credentials, follow the steps below.

Step 1: Download keys aka Android keystore credentials from Expo

  • Login to your expo developer account.
  • Select the project that you want to publish on the Play Store.
  • From the left sidebar, select “Credentials”.
  • Select “Application Identifiers”.
  • You see the “Android Keystore” section and the download icon right side of it. Download Android Keystore from there.

It will download a zip file which includes a .md file for credentials and a .jks file for Keystore details.

Step 2: Get the key alias and keystore password from Expo

Run the below command to get the keystore password and credentials.

eas credentials

Choose the following options.

Select platform › Android
Which build profile do you want to configure? › production

Then choose…

Keystore: Manage everything needed to build your project
✔ What do you want to do? › Download existing keystore
✔ Do you want to display the sensitive information of the Android Keystore? … yes

You will see the keystore password, key alias, and key password. Take note of these credentials. You need them in the next step.

Step 3: Generate pem file from jks file

Unzip the bundle you downloaded from the first step.

There are two files in it with extensions .md and .jks.

In this step, we are interested in .jks file.

We are using keytool for generating pem file. To execute keytool you need Java runtime install on your system.

Install Java runtime using Brew if you don’t have it installed.

brew install --cask adoptopenjdk

To make sure Java is installed properly, check the Java version.

java -version
openjdk version "16.0.1" 2021-04-20
OpenJDK Runtime Environment AdoptOpenJDK-16.0.1+9 (build 16.0.1+9)
OpenJDK 64-Bit Server VM AdoptOpenJDK-16.0.1+9 (build 16.0.1+9, mixed mode, sharing)
keytool -export -rfc -alias <key_alias> -file upload_certificate.pem -keystore \@<filename.jks>

In the above command, enter the key_alias you received from the 2nd step.

You can provide any name for the upload certificate .pem file for option file.

On execution of the command, you will be asked to enter the keystore password.

Enter keystore password:

Again you get the password from the 2nd step.

If you don’t have Java runtime installed, you will get the below error.

The operation couldn’t be completed. Unable to locate a Java Runtime.
Please visit http://www.java.com for information on installing Java.

On successful execution of the command, upload_certificate.pem will be downloaded.

Step 4: Change the Android upload key in the Google Play Console

  • Open the Google Play console and log in.
  • From the left sidebar, select “Setup”, and choose “App signing”.
  • You will see the “Upload key certificate” section. Click “Request upload key reset”.
  • Upload the upload-certificate.pem file (file generated in the 3rd step).

With this, you have requested Google Console to reset the app upload key.

It will take two business to get your new upload key validated.

Once your new update key is validated, you can upload your app bundle to publish on the Google Play Store.

Note: Also make sure you update version code before submitting app on Google play store.

Hope this solves your problem and you are able to submit your Android app bundle on Google play store. If you are still facing any problem, share it in the comment section below.

1 Comment

  1. Check the credential of your build

    eas credentials

    All the credentials are stored in credentioals.json for local use.

    Here you can upload credentials.json to eas server
    you can download the credentilas and save it to credentials.jso. from eas server

    If you have updated app bundle key on play store, you have already have credential file (.jks),

    copy .jks file to credentios/android directory add details in the credentioals.json

    “android”: {
    “keystore”: {
    “keystorePath”: “credentials/android/keystore.jks”,
    “keystorePassword”: ““,
    “keyAlias”: ““,
    “keyPassword”: “

    Now rebuild your application (delete android/ios directory).

    and check the credentials again

    eas credentials

    It should show the new credentials.

Leave a Reply

Your email address will not be published. Required fields are marked *