Failed to load signer "signer #1" java.io.IOException: Invalid keystore format #1

joeyoggie · 2019-11-18T14:29:21Z

Hello, I'm trying to use this action to sign an apk, but I'm having an issue. I added the "ALIAS", "KEY_PASSWORD", "KEY_STORE_PASSWORD", and "SIGNING_KEY" to the Secrets tab in the project. The "SIGNING_KEY" is the shaded part between
-----BEGIN ENCRYPTED PRIVATE KEY-----
and
-----END ENCRYPTED PRIVATE KEY-----

I tried with BEGIN and END text, and got the same results.

Actual .yml file:

name: Android CI

on:
  push:
    branches:
      - master

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v1

    - name: set up JDK 1.8
      uses: actions/setup-java@v1
      with:
        java-version: 1.8

    - name: Grant rights
      run: chmod +x build.gradle

    - name: Build project with Gradle
      run: ./gradlew build

    - name: Build Debug APK with Gradle
      run: ./gradlew assembleDebug

    - name: Build Release APK with Gradle
      run: ./gradlew assembleRelease

    - name: Releasing Debug APK using Hub
      uses: ShaunLWM/action-release-debugapk@master
      env:
        GITHUB_TOKEN: ${{ secrets.TOKEN }}
        APP_FOLDER: app
        RELEASE_TITLE: BarberApp

    - name: Signing and Releasing Release APK using Hub
      uses: r0adkll/sign-android-release@v1
      with:
        releaseDirectory: ./app/build/outputs/apk/release
        signingKeyBase64: ${{ secrets.SIGNING_KEY }}
        alias: ${{ secrets.ALIAS }}
        keyStorePassword: ${{ secrets.KEY_STORE_PASSWORD }}
        keyPassword: ${{ secrets.KEY_PASSWORD }}

Log output showing the error:

/usr/local/lib/android/sdk/build-tools/29.0.2/apksigner sign --ks app/build/outputs/apk/release/signingKey.jks --ks-key-alias *** --ks-pass pass:*** --key-pass pass:*** --out app/build/outputs/apk/release/app-release-unsigned-signed.apk app/build/outputs/apk/release/app-release-unsigned-aligned.apk
Failed to load signer "signer #1"
java.io.IOException: Invalid keystore format
	at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:663)
	at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
	at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
	at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
	at java.security.KeyStore.load(KeyStore.java:1445)
	at com.android.apksigner.SignerParams.loadKeyStoreFromFile(SignerParams.java:353)
	at com.android.apksigner.SignerParams.loadPrivateKeyAndCertsFromKeyStore(SignerParams.java:239)
	at com.android.apksigner.SignerParams.loadPrivateKeyAndCerts(SignerParams.java:181)
	at com.android.apksigner.ApkSignerTool.sign(ApkSignerTool.java:277)
	at com.android.apksigner.ApkSignerTool.main(ApkSignerTool.java:83)
##[error]The process '/usr/local/lib/android/sdk/build-tools/29.0.2/apksigner' failed with exit code 2
##[error]Node run failed with exit code 1

The text was updated successfully, but these errors were encountered:

r0adkll · 2019-11-18T17:03:58Z

You will need to base64 encode the entire file as the action decodes it straight to the disk.

For example, I run this on my signing key: (I run this on macOS, so your implementation may differ)

openssl base64 < some_key.jks | tr -d '\n' | tee some_key.jks.base64.txt

Then I copy the contents of some_key.jks.base64.txt to my GitHub secret secrets.SIGNING_KEY

r0adkll · 2019-11-18T17:04:31Z

I could look into adding an optional input that just takes a raw key text and uses that to sign the key

joeyoggie · 2019-11-19T14:12:45Z

Perfect, that did the trick! Thank you so much! Really appreciate your work :)

me-at-syeds-me · 2021-02-09T23:29:02Z

@r0adkll

I am still facing this issue including converting base64 of jks.

Verification succesful
/bin/cp android/app/build/outputs/apk/release/app-release.apk android/app/build/outputs/apk/release/app-release-aligned.apk
/usr/local/lib/android/sdk/build-tools/30.0.2/apksigner sign --ks android/app/build/outputs/apk/release/signingKey.jks --ks-key-alias *** --ks-pass pass:*** --out android/app/build/outputs/apk/release/app-release-signed.apk --key-pass pass:*** android/app/build/outputs/apk/release/app-release-aligned.apk
Failed to load signer "signer #1": android/app/build/outputs/apk/release/signingKey.jks entry "***" does not contain a key
Error: The process '/usr/local/lib/android/sdk/build-tools/30.0.2/apksigner' failed with exit code 2

Any thoughts or guidance is super helpful. Have been stuck for two days on this issue.
Thanks.

vm-aditya-anand · 2021-05-21T05:32:05Z

@me-at-syeds-me did you able to fix the issue

TheBeachMaster · 2021-10-09T20:35:20Z

Having this issue as well

Failed to load signer "signer #1"
java.io.IOException: Integrity check failed: java.security.NoSuchAlgorithmException: Algorithm HmacPBESHA256 not available
	at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2167)
	at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:222)
	at java.base/java.security.KeyStore.load(KeyStore.java:1479)
	at com.android.apksigner.SignerParams.loadKeyStoreFromFile(SignerParams.java:353)
	at com.android.apksigner.SignerParams.loadPrivateKeyAndCertsFromKeyStore(SignerParams.java:239)
	at com.android.apksigner.SignerParams.loadPrivateKeyAndCerts(SignerParams.java:181)
	at com.android.apksigner.ApkSignerTool.sign(ApkSignerTool.java:277)
	at com.android.apksigner.ApkSignerTool.main(ApkSignerTool.java:83)
Caused by: java.security.NoSuchAlgorithmException: Algorithm HmacPBESHA256 not available
	at java.base/javax.crypto.Mac.getInstance(Mac.java:191)
	at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2145)
	... 7 more

Of interest, take a look at the exception :

java.io.IOException: Integrity check failed: java.security.NoSuchAlgorithmException: Algorithm HmacPBESHA256 not available

Kiperfy · 2021-12-11T07:06:54Z

i have the same issue:

Verification succesful
/usr/bin/cp app/build/outputs/apk/release/app-release.apk app/build/outputs/apk/release/app-release-aligned.apk
/usr/local/lib/android/sdk/build-tools/30.0.2/apksigner sign --ks app/build/outputs/apk/release/signingKey.jks --ks-key-alias  --ks-pass pass: --out app/build/outputs/apk/release/app-release-signed.apk app/build/outputs/apk/release/app-release-aligned.apk
Failed to load signer "signer #1"
java.io.IOException: keystore password was incorrect
	at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2116)
	at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:222)
	at java.base/java.security.KeyStore.load(KeyStore.java:1479)
	at com.android.apksigner.SignerParams.loadKeyStoreFromFile(SignerParams.java:353)
	at com.android.apksigner.SignerParams.loadPrivateKeyAndCertsFromKeyStore(SignerParams.java:239)
	at com.android.apksigner.SignerParams.loadPrivateKeyAndCerts(SignerParams.java:181)
	at com.android.apksigner.ApkSignerTool.getSignerConfig(ApkSignerTool.java:368)
	at com.android.apksigner.ApkSignerTool.sign(ApkSignerTool.java:291)
	at com.android.apksigner.ApkSignerTool.main(ApkSignerTool.java:84)
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
	... 9 more
Error: The process '/usr/local/lib/android/sdk/build-tools/30.0.2/apksigner' failed with exit code 2

TheBeachMaster · 2021-12-20T13:35:08Z

java.io.IOException: keystore password was incorrect

@Kiperfy Seems that your error is here

zhangjing-GitHub-Code · 2022-07-04T09:48:17Z

@r0adkll I use it in workflow(forked from https://github.com/577fkj/HMCL-PE) and I changed the key to mine, it dont work, but 577fkj says it works on his key(is my key's encrypt algorithm wrong?)
umm... This keystore type I use cannot keypasswd

$ keytool -keystore HMCLPE/key.jks -keypasswd
keytool error: java.lang.UnsupportedOperationException: -keypasswd commands not supported if -storetype is PKCS12

Also -list -v output:

$ keytool -keystore HMCLPE/key.jks -list -alias key -v
Enter keystore password:
Alias name: key
Creation date: Apr 15, 2022
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=zhangjing-GitHub-Code, OU=Unknown, O=1145141919810, L=China, ST=Beijing, C=CN
Issuer: CN=zhangjing-GitHub-Code, OU=Unknown, O=1145141919810, L=China, ST=Beijing, C=CN
Serial number: e74(******)3f6cc1f
Valid from: Fri Apr 15 09:54:06 GMT 2022 until: Tue Apr 09 09:54:06 GMT 2047
Certificate fingerprints:
         SHA1: 49:67:C2:1A:8A:0D:**:**:**:**:**:**:9A:9D:BB:1F:9A:5C:07:A0
         SHA256: C6:76:11:8B:5B:4D:**:**:**:**:**:**:1F:6D:D2:BF:04:64:30:3C:14:FD:**:**:**:**:**:**:1F:33:EB:CA
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 7A E1 ** ** ** ** 87 B9   73 ** ** ** A8 CE D9 0A  z.......s.......
0010: ** ** 1A 16                                        ....
]
]

Actions output:

(thousand lines of output)
Verification succesful
/usr/bin/cp HMCLPE/build/outputs/apk/debug/HMCLPE-debug.apk HMCLPE/build/outputs/apk/debug/HMCLPE-debug-aligned.apk
/usr/local/lib/android/sdk/build-tools/29.0.3/apksigner sign --ks HMCLPE/build/outputs/apk/debug/signingKey.jks --ks-***-alias *** --ks-pass pass:*** --out HMCLPE/build/outputs/apk/debug/HMCLPE-debug-signed.apk --***-pass pass:*** HMCLPE/build/outputs/apk/debug/HMCLPE-debug-aligned.apk
Failed to load signer "signer #1"
java.io.IOException: Integrity check failed: java.security.NoSuchAlgorithmException: Algorithm HmacPBESHA256 not available
	at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2167)
	at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:222)
	at java.base/java.security.KeyStore.load(KeyStore.java:1479)
	at com.android.apksigner.SignerParams.loadKeyStoreFromFile(SignerParams.java:353)
	at com.android.apksigner.SignerParams.loadPrivateKeyAndCertsFromKeyStore(SignerParams.java:239)
	at com.android.apksigner.SignerParams.loadPrivateKeyAndCerts(SignerParams.java:181)
	at com.android.apksigner.ApkSignerTool.sign(ApkSignerTool.java:277)
	at com.android.apksigner.ApkSignerTool.main(ApkSignerTool.java:83)
Caused by: java.security.NoSuchAlgorithmException: Algorithm HmacPBESHA256 not available
	at java.base/javax.crypto.Mac.getInstance(Mac.java:191)
	at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2145)
	... 7 more
Error: The process '/usr/local/lib/android/sdk/build-tools/29.0.3/apksigner' failed with exit code 2

Devanathan2015 · 2022-11-25T10:02:36Z

I have the same issue.

Failed to load signer "signer #1"
java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:666)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:57)
at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:71)
at java.security.KeyStore.load(KeyStore.java:1445)
at com.android.apksigner.SignerParams.loadKeyStoreFromFile(SignerParams.java:353)
at com.android.apksigner.SignerParams.loadPrivateKeyAndCertsFromKeyStore(SignerParams.java:239)
at com.android.apksigner.SignerParams.loadPrivateKeyAndCerts(SignerParams.java:181)
at com.android.apksigner.ApkSignerTool.sign(ApkSignerTool.java:277)
at com.android.apksigner.ApkSignerTool.main(ApkSignerTool.java:83)

kamkyi · 2024-02-20T05:23:53Z

Failed to load signer "signer #1"
java.io.IOException: Integrity check failed: java.security.NoSuchAlgorithmException: Algorithm HmacPBESHA256 not available
at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2167)
at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:222)
at java.base/java.security.KeyStore.load(KeyStore.java:1479)
at com.android.apksigner.SignerParams.loadKeyStoreFromFile(SignerParams.java:362)
at com.android.apksigner.SignerParams.loadPrivateKeyAndCertsFromKeyStore(SignerParams.java:248)
at com.android.apksigner.SignerParams.loadPrivateKeyAndCerts(SignerParams.java:181)
at com.android.apksigner.ApkSignerTool.getSignerConfig(ApkSignerTool.java:419)
at com.android.apksigner.ApkSignerTool.sign(ApkSignerTool.java:336)
at com.android.apksigner.ApkSignerTool.main(ApkSignerTool.java:92)
Caused by: java.security.NoSuchAlgorithmException: Algorithm HmacPBESHA256 not available
at java.base/javax.crypto.Mac.getInstance(Mac.java:191)
at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2145)
... 8 more

joeyoggie closed this as completed Nov 19, 2019

nadav-virdee mentioned this issue Jul 10, 2020

Issues with signing the app #11

Open

abhijitvalluri pushed a commit to abhijitvalluri/sign-apks that referenced this issue Sep 28, 2020

Support signing multiple release files (r0adkll#1)

ab1c17c

abhijitvalluri pushed a commit to abhijitvalluri/sign-apks that referenced this issue Sep 28, 2020

Support signing multiple release files (r0adkll#1)

d2ba97c

SmartManoj mentioned this issue Oct 10, 2022

Failed to load signer "signer #1" niklashigi/apk-mitm#115

Open

PuerNya pushed a commit to PuerNya/sign-android-release that referenced this issue Oct 11, 2023

Support signing multiple release files (r0adkll#1)

ac95b3c

LaxmikantMahamuni mentioned this issue Apr 15, 2024

Failed to load signer "signer #1" java.io.IOException: Tag number over 30 is not supported #91

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Failed to load signer "signer #1" java.io.IOException: Invalid keystore format #1

Failed to load signer "signer #1" java.io.IOException: Invalid keystore format #1

joeyoggie commented Nov 18, 2019

r0adkll commented Nov 18, 2019

r0adkll commented Nov 18, 2019

joeyoggie commented Nov 19, 2019

me-at-syeds-me commented Feb 9, 2021

vm-aditya-anand commented May 21, 2021

TheBeachMaster commented Oct 9, 2021

Kiperfy commented Dec 11, 2021

TheBeachMaster commented Dec 20, 2021

zhangjing-GitHub-Code commented Jul 4, 2022 •

edited

Loading

Devanathan2015 commented Nov 25, 2022

kamkyi commented Feb 20, 2024 •

edited

Loading

Failed to load signer "signer #1" java.io.IOException: Invalid keystore format #1

Failed to load signer "signer #1" java.io.IOException: Invalid keystore format #1

Comments

joeyoggie commented Nov 18, 2019

r0adkll commented Nov 18, 2019

r0adkll commented Nov 18, 2019

joeyoggie commented Nov 19, 2019

me-at-syeds-me commented Feb 9, 2021

vm-aditya-anand commented May 21, 2021

TheBeachMaster commented Oct 9, 2021

Kiperfy commented Dec 11, 2021

TheBeachMaster commented Dec 20, 2021

zhangjing-GitHub-Code commented Jul 4, 2022 • edited Loading

Devanathan2015 commented Nov 25, 2022

kamkyi commented Feb 20, 2024 • edited Loading

zhangjing-GitHub-Code commented Jul 4, 2022 •

edited

Loading

kamkyi commented Feb 20, 2024 •

edited

Loading