[16.4] Keystore was tampered with or password was incorrect

[xdr-synapse]

After upgrade to VS 16.4, I was unable to sign again my application for Google Play with my keystore. Tought it was a bug so I waited for for an update to see if it was fixed, but no (16.4.1)

I tried so sign my APK with jarsigner from Android JDK and it worked, so I confirm that I don't lost the password or alias.

Steps to Reproduce

1. Keystore password and alias the same (generated by VS old version). Password have the next symbols: @ ^ ] $
2. Distribute project with AdHoc/Google Play
3. Get error

Expected Behavior

Sign the APK

Actual Behavior

Failed to load signer "signer 1"
java.io.IOException: Keystore was tampered with, or password was incorrect.

Version Information

Microsoft Visual Studio Enterprise 2019
Version 16.4.1
VisualStudio.16.Release/16.4.1+29609.76
Microsoft .NET Framework
Version 4.8.03752

Installed Version: Enterprise

Azure App Service Tools v3.0.0 16.4.457.38025
Azure App Service Tools v3.0.0

C# Tools 3.4.1-beta4-19607-02+52d275c4f82f329a9732b078c7f7fa0e45cd3e84
C# components used in the IDE. Depending on your project type and settings, a different version of the compiler may be used.

Common Azure Tools 1.10
Provides common services for use by Azure Mobile Services and Microsoft Azure Tools.

Extensibility Message Bus 1.2.0 (d16-2@8b56e20)
Provides common messaging-based MEF services for loosely coupled Visual Studio extension components communication and integration.

IntelliCode Extension 1.0
IntelliCode Visual Studio Extension Detailed Info

Microsoft JVM Debugger 1.0
Provides support for connecting the Visual Studio debugger to JDWP compatible Java Virtual Machines

Microsoft MI-Based Debugger 1.0
Provides support for connecting Visual Studio to MI compatible debuggers

Mono Debugging for Visual Studio 16.5.23 (1b51e8c)
Support for debugging Mono processes with Visual Studio.

NuGet Package Manager 5.4.0
NuGet Package Manager in Visual Studio. For more information about NuGet, visit https://docs.nuget.org/

ProjectServicesPackage Extension 1.0
ProjectServicesPackage Visual Studio Extension Detailed Info

Visual Basic Tools 3.4.1-beta4-19607-02+52d275c4f82f329a9732b078c7f7fa0e45cd3e84
Visual Basic components used in the IDE. Depending on your project type and settings, a different version of the compiler may be used.

Visual F# Tools 10.4 for F# 4.6 16.4.0-beta.19556.5+e7597deb7042710a7142bdccabd6f92b0840d354
Microsoft Visual F# Tools 10.4 for F# 4.6

Visual Studio Code Debug Adapter Host Package 1.0
Interop layer for hosting Visual Studio Code debug adapters in Visual Studio

VisualStudio.DeviceLog 1.0
Information about my package

VisualStudio.Foo 1.0
Information about my package

VisualStudio.Mac 1.0
Mac Extension for Visual Studio

Xamarin 16.4.000.306 (d16-4@564b8d0)
Visual Studio extension to enable development for Xamarin.iOS and Xamarin.Android.

Xamarin Designer 16.4.0.464 (remotes/origin/d16-4@4abf337c3)
Visual Studio extension to enable Xamarin Designer tools in Visual Studio.

Xamarin Templates 16.4.25 (579ee62)
Templates for building iOS, Android, and Windows apps with Xamarin and Xamarin.Forms.

Xamarin.Android SDK 10.1.1.0 (d16-4/f2c9364)
Xamarin.Android Reference Assemblies and MSBuild support.
Mono: bef1e63
Java.Interop: xamarin/java.interop@c4e569f
ProGuard: xamarin/proguard@905836d
SQLite: xamarin/sqlite@46204c4
Xamarin.Android Tools: xamarin/xamarin-android-tools@9f4ed4b

Xamarin.iOS and Xamarin.Mac SDK 13.8.3.0 (0d8fe21)
Xamarin.iOS and Xamarin.Mac Reference Assemblies and MSBuild support.

[alexkozler]

Did you try deleting the keystore from VS and then re-adding it from the keystore file? I had to do that before when using a fresh install of VS with a lot of stuff dragged over

[xdr-synapse]

I just tried it, but it didn't work.

[sh0ckrates]

any solutions yet please ? Same issue for me after updating Visual Studio

[xdr-synapse]

Upgraded to VS 16.4.2, same error.

[chrome050]

I have the same issue on two installations (VS 16.4.1 and VS 16.4.2). If I create a new keystore with a simple password without "@ ^ ] $" it works. But this can't be a solution!

[chrome050]

If i change the password for the alias it works (./keytool.exe -keypasswd -alias myalias -keystore "pathtokeystore")

[dellis1972]

Its possible that we need to escape the password being sent to the key tool. I'll try to create a unit test for this.

[less0]

@chrome050

This did not work for me, but pointed me in the right direction. I had to change the keystore password, too with the command

keytool.exe -storepasswd -alias myalias -keystore "pathtokeystore"

[xdr-synapse]

My way to solve this was: Create a new certificate without the special characters and request/send to google support the upload key with pem file of the new certificate

[VictorK1902]

@chrome050

This did not work for me, but pointed me in the right direction. I had to change the keystore password, too with the command

keytool.exe -storepasswd -alias myalias -keystore "pathtokeystore"

OMG. Thank you so much!!! The solution is to change both alias password and keystore password:

keytool.exe -keypasswd -alias myalias -keystore "pathtokeystore"
keytool.exe -storepasswd -alias myalias -keystore "pathtokeystore"

[dellis1972]

I have tested this and we are correctly quoting the passwords.

It seems that the signing tools do NOT like certain characters. The @ always breaks it with the following error .

Failed to load signer "signer 1"
java.io.IOException: Keystore was tampered with, or password was incorrect.

I don't think this is anything we can actually fix since the problem is within the java tooling itself. Best thing to do is try to avoid certain characters ('@' especially).

I am however adding a test which will use special characters in the password field.

[dellis1972]

For some reason, keytool is no longer breaking when using the @ symbol on my machine.

Interestingly I do get the following

keytool -genkeypair -alias teststringkey -storepass "r@^]$test12" -keypass "r@^]$test12" -keystore foo.keystore -dname "CN=Android Debug,O=Android,C=US" -keyalg RSA -validity 10000 -storetype pkcs12
keytool error: java.lang.Exception: Key password must be at least 6 characters

[cjsharp01]

I don't know if this is still an issue for people but none of the above solutions worked for me (VS 16.6.1). What I did notice is putting the keystore file details into the Android Package Signing tab in the Android project seemed to make it work.

[matll42]

Same for me and my coworker with Visual Studio Community 16.6.1 and 16.6.2.
Compilation from Visual Studio for Mac 8.6.3 as I don't need to enter the password anymore (last keystore used).

[mtossain]

I had the same problem:

• migrated to VS 8.7 Preview, Android X (10.0.99) R on MacOS Catalina 10.15.6 Beta

and got the following error on archive build:

• keystore is tampered with or password incorrect:

Solution was combination of the above:

1. reset keystore and alias password with keytool -storepasswd and keytool -alias commands in terminal
2. under android project settings: android package signing, use the keystore details to automatically sign the apk

Took me several days to get this working... VS team please could you have a look to this? It can be very critical if you need to release an app, and you cannot, since the apk signing does not work.anymore.

[chrome050]

You can replace your uploaded keystore with a new keystore, which has a password without certain characters.

[mtossain]

Sorry I tried that but it did not work...

[brendanzagaeski]

For anyone seeing this in the past few weeks, a recent possible cause is if Android SDK Build-Tools 30 is installed in the build-tools directory of the Android SDK.

Candidate workaround

1. In Visual Studio, open Tools > Options, open the Xamarin > Android Settings item, and copy the directory from the Android SDK Location.
2. Open the Android SDK Location in Windows Explorer, open the build-tools directory, and delete any 30.0.0* directories.

Explanation: If Android SDK Build-Tools 30 is installed, the Xamarin section of the Output window shows the following error during the Distribute workflow:

Xamarin.AndroidTools.AndroidSdkToolException: java.lang.UnsupportedClassVersionError: com/android/apksigner/ApkSignerTool has been compiled by a more recent version of the Java Runtime (class file version 53.0), this version of the Java Runtime only recognizes class file versions up to 52.0

This happens because the apksigner tool in Android SDK Build-Tools 30 requires Java JDK 9 or higher but Xamarin.Android currently requires Java JDK 8. The Distribute step automatically uses the highest Android SDK Build-Tools version in the build-tools directory, so removing Android SDK Build-Tools 30 from the build-tools directory allows Distribute to use Android SDK Build-Tools 29 or lower.

A future version of Visual Studio 2019 will install Java JDK 9 or higher to enable compatibility with Android SDK Build-Tools 30, but Java JDK 9 is not yet compatible with Xamarin.Android.

Other possible workarounds

• As noted in earlier comments, if the project is configured to use the Android Package Signing options in the Visual Studio project property pages, then the Distribute step will succeed as long as the matching signing identity is used.

  Explanation: Unlike the Distribute step, the initial Build > Archive step obeys the AndroidSdkBuildToolsVersion MSBuild property and uses Android SDK Build-Tools 29.0.2 even if Android SDK Build-Tools 30 is installed. I've added an internal tracking item to request that the Distribute step be adjusted to obey the AndroidSdkBuildToolsVersion MSBuild property in the future.

• One other possible workaround if preparing apps for upload to Google Play is to switch to the Android App Bundle publishing format by setting Android Package Format to aab in the Visual Studio project property pages.

  Explanation: Android App Bundles are signed using jarsigner instead of apksigner, so they do not hit the problem.

[SergioJoel98]

For anyone seeing this in the past few weeks, a recent possible cause is if Android SDK Build-Tools 30 is installed in the build-tools directory of the Android SDK.

Candidate workaround

1. In Visual Studio, open **Tools > Options**, open the **Xamarin > Android Settings** item, and copy the directory from the **Android SDK Location**.

2. Open the Android SDK Location in Windows Explorer, open the _build-tools_ directory, and delete any _30.0.0*_ directories.

Explanation: If Android SDK Build-Tools 30 is installed, the Xamarin section of the Output window shows the following error during the Distribute workflow:

Xamarin.AndroidTools.AndroidSdkToolException: java.lang.UnsupportedClassVersionError: com/android/apksigner/ApkSignerTool has been compiled by a more recent version of the Java Runtime (class file version 53.0), this version of the Java Runtime only recognizes class file versions up to 52.0

This happens because the apksigner tool in Android SDK Build-Tools 30 requires Java JDK 9 or higher but Xamarin.Android currently requires Java JDK 8. The Distribute step automatically uses the highest Android SDK Build-Tools version in the build-tools directory, so removing Android SDK Build-Tools 30 from the build-tools directory allows Distribute to use Android SDK Build-Tools 29 or lower.

A future version of Visual Studio 2019 will install Java JDK 9 or higher to enable compatibility with Android SDK Build-Tools 30, but Java JDK 9 is not yet compatible with Xamarin.Android.

Other possible workarounds

* As noted in earlier comments, if the project is configured to use the **Android Package Signing** options in the Visual Studio project property pages, then the **Distribute** step will succeed as long as the matching signing identity is used.
  Explanation: Unlike the **Distribute** step, the initial **Build > Archive** step obeys the `AndroidSdkBuildToolsVersion` MSBuild property and uses Android SDK Build-Tools 29.0.2 even if Android SDK Build-Tools 30 is installed. I've added an internal tracking item to request that the **Distribute** step be adjusted to obey the `AndroidSdkBuildToolsVersion` MSBuild property in the future.

* One other possible workaround if preparing apps for upload to Google Play is to switch to the Android App Bundle publishing format by setting **Android Package Format** to **aab** in the Visual Studio project property pages.
  Explanation: Android App Bundles are signed using `jarsigner` instead of `apksigner`, so they do not hit the problem.

This saved my day.

[ArielHashuel]

Candidate workaround

1. In Visual Studio, open Tools > Options, open the Xamarin > Android Settings item, and copy the directory from the Android SDK Location.
2. Open the Android SDK Location in Windows Explorer, open the build-tools directory, and delete any 30.0.0* directories.

This worked for me

[gktval]

None of the above steps have worked for me. I don't have Android SDK Build-Tools 30. The things is, it worked about half a dozen times, but then suddenly stopped. I use the exact same key on another computer for the same project and it works. The error occurs even before the dialog pops up asking me for the password.

Fix for me was to clean out all the bin and obj folders.

[dharamhbtik]

I tried all above steps but its always giving same error. I am creating new certificate and on entering password while publishing, it is showing error Keystore was tampered with, or password was incorrect.

I am using latest version of visual studio 2019 community for Mac

[dentep]

I tried all above steps but its always giving same error. I am creating new certificate and on entering password while publishing, it is showing error Keystore was tampered with, or password was incorrect.

I am using latest version of visual studio 2019 community for Mac

Same thing here

[analusorbara]

I tried all above steps but its always giving same error. I am creating new certificate and on entering password while publishing, it is showing error Keystore was tampered with, or password was incorrect.

I am using latest version of visual studio 2019 community for Mac

I getting the same problem here.

[polotto]

I get that problem and It's really annoying the lack of information of what happening. I solved with following steps:

1. creating the APK archive in Visul Studio;
2. Sign the APK with an amazing tool called uber-apk-signer (https://github.com/patrickfav/uber-apk-signer);

[MadManMarkAu]

This issue is a little old, but I just ran into the same problem, and this is the top result on Google, so I thought I'd share my solution.

If you use a timestamp server, and that server is offline or is rate limiting you, you will get the same error. Try a different timestamp server, or don't timestamp.

[MosCD3]

None of the above worked for me
When I try to change the keystone password I get
java.lang.UnsupportedOperationException: -keypasswd commands not supported if -storetype is PKCS12
Its frustrating, suddenly all that happened and I can't seem to find any solution, tried creating new certificate but again same result. I even updated VS and yet same problem

The only solution that worked for me is
Android properties> Android Package Signing> and add same info for the keystore
By default if certificate where created using VS the "Alias password" and "Keystone password" are both the same
the default url for keystone files created by VS
[Home]/Library/Developer/Xamarin/Keystore/

[raddevus]

I was having a problem very similar to this but directly in AndroidStudio -- got same error "keystore tampered with or incorrect password". I knew my password was correct because it is from a password manager.
I finally wanted to prove my password was correct so I ran the following command (on Ubuntu):

$ keytool -list -keystore 'fakeName.jks' -storepass fake-password-same-one-i-used-in-android-studio

I saw the details of my keystore & it confirmed my password was fine -- saw the following message:
Keystore type: JKS Keystore provider: SUN
Your keystore contains 1 entry

fake-alias-name, Dec 15, 2019, PrivateKeyEntry, Certificate fingerprint (SHA-256): 63:D3:69:69:39:29:5D:5E:14:20:E1:F6:FA:DF:ED (fake data)

Warning: The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore fakeName.jks -destkeystore fakeName.jks -deststoretype pkcs12".

My keystore was created 1 or 2 years ago so maybe something in the expected format changed??

The odd thing is that after I ran that and went back to Android Studio, then Studio was able to build the signed APK. It was fixed. I wrote this up on StackOverflow.
Hope it helps.

[MadameMinty]

It seems that the signing tools do NOT like certain characters. The @ always breaks it with the following error .

This is it—my problem wasn't in the password or alias, but in the unsigned apk's path as it contained "β".

VS uses its own bundled apksigner.jar in ...\Visual Studio\2022\Community\MSBuild\Xamarin\Android\apksigner.jar, which then yells Exception in thread "main" java.io.FileNotFoundException: ...\�\...