Failed to load signer "signer #1" java.io.IOException: Invalid keystore format

[joeyoggie]

Hello, I'm trying to use this action to sign an apk, but I'm having an issue. I added the "ALIAS", "KEY_PASSWORD", "KEY_STORE_PASSWORD", and "SIGNING_KEY" to the Secrets tab in the project. The "SIGNING_KEY" is the shaded part between -----BEGIN ENCRYPTED PRIVATE KEY----- and -----END ENCRYPTED PRIVATE KEY-----

I tried with BEGIN and END text, and got the same results.

Actual .yml file:

name: Android CI

on:
  push:
    branches:
      - master

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v1

    - name: set up JDK 1.8
      uses: actions/setup-java@v1
      with:
        java-version: 1.8

    - name: Grant rights
      run: chmod +x build.gradle

    - name: Build project with Gradle
      run: ./gradlew build

    - name: Build Debug APK with Gradle
      run: ./gradlew assembleDebug

    - name: Build Release APK with Gradle
      run: ./gradlew assembleRelease

    - name: Releasing Debug APK using Hub
      uses: ShaunLWM/action-release-debugapk@master
      env:
        GITHUB_TOKEN: ${{ secrets.TOKEN }}
        APP_FOLDER: app
        RELEASE_TITLE: BarberApp

    - name: Signing and Releasing Release APK using Hub
      uses: r0adkll/sign-android-release@v1
      with:
        releaseDirectory: ./app/build/outputs/apk/release
        signingKeyBase64: ${{ secrets.SIGNING_KEY }}
        alias: ${{ secrets.ALIAS }}
        keyStorePassword: ${{ secrets.KEY_STORE_PASSWORD }}
        keyPassword: ${{ secrets.KEY_PASSWORD }}

Log output showing the error:

/usr/local/lib/android/sdk/build-tools/29.0.2/apksigner sign --ks app/build/outputs/apk/release/signingKey.jks --ks-key-alias *** --ks-pass pass:*** --key-pass pass:*** --out app/build/outputs/apk/release/app-release-unsigned-signed.apk app/build/outputs/apk/release/app-release-unsigned-aligned.apk
Failed to load signer "signer #1"
java.io.IOException: Invalid keystore format
    at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:663)
    at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
    at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
    at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
    at java.security.KeyStore.load(KeyStore.java:1445)
    at com.android.apksigner.SignerParams.loadKeyStoreFromFile(SignerParams.java:353)
    at com.android.apksigner.SignerParams.loadPrivateKeyAndCertsFromKeyStore(SignerParams.java:239)
    at com.android.apksigner.SignerParams.loadPrivateKeyAndCerts(SignerParams.java:181)
    at com.android.apksigner.ApkSignerTool.sign(ApkSignerTool.java:277)
    at com.android.apksigner.ApkSignerTool.main(ApkSignerTool.java:83)
##[error]The process '/usr/local/lib/android/sdk/build-tools/29.0.2/apksigner' failed with exit code 2
##[error]Node run failed with exit code 1

[r0adkll]

You will need to base64 encode the entire file as the action decodes it straight to the disk.

For example, I run this on my signing key: (I run this on macOS, so your implementation may differ)

openssl base64 < some_key.jks | tr -d '\n' | tee some_key.jks.base64.txt

Then I copy the contents of some_key.jks.base64.txt to my GitHub secret secrets.SIGNING_KEY

[r0adkll]

I could look into adding an optional input that just takes a raw key text and uses that to sign the key

[joeyoggie]

Perfect, that did the trick! Thank you so much! Really appreciate your work :)

[me-at-syeds-me]

@r0adkll

I am still facing this issue including converting base64 of jks.

Verification succesful /bin/cp android/app/build/outputs/apk/release/app-release.apk android/app/build/outputs/apk/release/app-release-aligned.apk /usr/local/lib/android/sdk/build-tools/30.0.2/apksigner sign --ks android/app/build/outputs/apk/release/signingKey.jks --ks-key-alias --ks-pass pass: --out android/app/build/outputs/apk/release/app-release-signed.apk --key-pass pass: android/app/build/outputs/apk/release/app-release-aligned.apk Failed to load signer "signer #1": android/app/build/outputs/apk/release/signingKey.jks entry "" does not contain a key Error: The process '/usr/local/lib/android/sdk/build-tools/30.0.2/apksigner' failed with exit code 2

Any thoughts or guidance is super helpful. Have been stuck for two days on this issue. Thanks.

[vm-aditya-anand]

@me-at-syeds-me did you able to fix the issue

[TheBeachMaster]

Having this issue as well

Failed to load signer "signer #1"
java.io.IOException: Integrity check failed: java.security.NoSuchAlgorithmException: Algorithm HmacPBESHA256 not available
    at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2167)
    at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:222)
    at java.base/java.security.KeyStore.load(KeyStore.java:1479)
    at com.android.apksigner.SignerParams.loadKeyStoreFromFile(SignerParams.java:353)
    at com.android.apksigner.SignerParams.loadPrivateKeyAndCertsFromKeyStore(SignerParams.java:239)
    at com.android.apksigner.SignerParams.loadPrivateKeyAndCerts(SignerParams.java:181)
    at com.android.apksigner.ApkSignerTool.sign(ApkSignerTool.java:277)
    at com.android.apksigner.ApkSignerTool.main(ApkSignerTool.java:83)
Caused by: java.security.NoSuchAlgorithmException: Algorithm HmacPBESHA256 not available
    at java.base/javax.crypto.Mac.getInstance(Mac.java:191)
    at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2145)
    ... 7 more

Of interest, take a look at the exception :

java.io.IOException: Integrity check failed: java.security.NoSuchAlgorithmException: Algorithm HmacPBESHA256 not available

[Kiperfy]

i have the same issue:

Verification succesful
/usr/bin/cp app/build/outputs/apk/release/app-release.apk app/build/outputs/apk/release/app-release-aligned.apk
/usr/local/lib/android/sdk/build-tools/30.0.2/apksigner sign --ks app/build/outputs/apk/release/signingKey.jks --ks-key-alias  --ks-pass pass: --out app/build/outputs/apk/release/app-release-signed.apk app/build/outputs/apk/release/app-release-aligned.apk
Failed to load signer "signer #1"
java.io.IOException: keystore password was incorrect
    at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2116)
    at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:222)
    at java.base/java.security.KeyStore.load(KeyStore.java:1479)
    at com.android.apksigner.SignerParams.loadKeyStoreFromFile(SignerParams.java:353)
    at com.android.apksigner.SignerParams.loadPrivateKeyAndCertsFromKeyStore(SignerParams.java:239)
    at com.android.apksigner.SignerParams.loadPrivateKeyAndCerts(SignerParams.java:181)
    at com.android.apksigner.ApkSignerTool.getSignerConfig(ApkSignerTool.java:368)
    at com.android.apksigner.ApkSignerTool.sign(ApkSignerTool.java:291)
    at com.android.apksigner.ApkSignerTool.main(ApkSignerTool.java:84)
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
    ... 9 more
Error: The process '/usr/local/lib/android/sdk/build-tools/30.0.2/apksigner' failed with exit code 2

[TheBeachMaster]

java.io.IOException: keystore password was incorrect

@Kiperfy Seems that your error is here

[zhangjing-GitHub-Code]

@r0adkll I use it in workflow(forked from https://github.com/577fkj/HMCL-PE) and I changed the key to mine, it dont work, but 577fkj says it works on his key(is my key's encrypt algorithm wrong?) umm... This keystore type I use cannot keypasswd

$ keytool -keystore HMCLPE/key.jks -keypasswd
keytool error: java.lang.UnsupportedOperationException: -keypasswd commands not supported if -storetype is PKCS12

Also -list -v output:

$ keytool -keystore HMCLPE/key.jks -list -alias key -v
Enter keystore password:
Alias name: key
Creation date: Apr 15, 2022
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=zhangjing-GitHub-Code, OU=Unknown, O=1145141919810, L=China, ST=Beijing, C=CN
Issuer: CN=zhangjing-GitHub-Code, OU=Unknown, O=1145141919810, L=China, ST=Beijing, C=CN
Serial number: e74(******)3f6cc1f
Valid from: Fri Apr 15 09:54:06 GMT 2022 until: Tue Apr 09 09:54:06 GMT 2047
Certificate fingerprints:
         SHA1: 49:67:C2:1A:8A:0D:**:**:**:**:**:**:9A:9D:BB:1F:9A:5C:07:A0
         SHA256: C6:76:11:8B:5B:4D:**:**:**:**:**:**:1F:6D:D2:BF:04:64:30:3C:14:FD:**:**:**:**:**:**:1F:33:EB:CA
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 7A E1 ** ** ** ** 87 B9   73 ** ** ** A8 CE D9 0A  z.......s.......
0010: ** ** 1A 16                                        ....
]
]

Actions output:

(thousand lines of output)
Verification succesful
/usr/bin/cp HMCLPE/build/outputs/apk/debug/HMCLPE-debug.apk HMCLPE/build/outputs/apk/debug/HMCLPE-debug-aligned.apk
/usr/local/lib/android/sdk/build-tools/29.0.3/apksigner sign --ks HMCLPE/build/outputs/apk/debug/signingKey.jks --ks-***-alias *** --ks-pass pass:*** --out HMCLPE/build/outputs/apk/debug/HMCLPE-debug-signed.apk --***-pass pass:*** HMCLPE/build/outputs/apk/debug/HMCLPE-debug-aligned.apk
Failed to load signer "signer #1"
java.io.IOException: Integrity check failed: java.security.NoSuchAlgorithmException: Algorithm HmacPBESHA256 not available
    at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2167)
    at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:222)
    at java.base/java.security.KeyStore.load(KeyStore.java:1479)
    at com.android.apksigner.SignerParams.loadKeyStoreFromFile(SignerParams.java:353)
    at com.android.apksigner.SignerParams.loadPrivateKeyAndCertsFromKeyStore(SignerParams.java:239)
    at com.android.apksigner.SignerParams.loadPrivateKeyAndCerts(SignerParams.java:181)
    at com.android.apksigner.ApkSignerTool.sign(ApkSignerTool.java:277)
    at com.android.apksigner.ApkSignerTool.main(ApkSignerTool.java:83)
Caused by: java.security.NoSuchAlgorithmException: Algorithm HmacPBESHA256 not available
    at java.base/javax.crypto.Mac.getInstance(Mac.java:191)
    at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2145)
    ... 7 more
Error: The process '/usr/local/lib/android/sdk/build-tools/29.0.3/apksigner' failed with exit code 2

[Devanathan2015]

I have the same issue.

Failed to load signer "signer #1"
  java.io.IOException: Invalid keystore format
  at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:666)
  at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:57)
  at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
  at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:71)
  at java.security.KeyStore.load(KeyStore.java:1445)
  at com.android.apksigner.SignerParams.loadKeyStoreFromFile(SignerParams.java:353)
  at com.android.apksigner.SignerParams.loadPrivateKeyAndCertsFromKeyStore(SignerParams.java:239)
  at com.android.apksigner.SignerParams.loadPrivateKeyAndCerts(SignerParams.java:181)
  at com.android.apksigner.ApkSignerTool.sign(ApkSignerTool.java:277)
  at com.android.apksigner.ApkSignerTool.main(ApkSignerTool.java:83)

[kamkyi]

Failed to load signer "signer #1" java.io.IOException: Integrity check failed: java.security.NoSuchAlgorithmException: Algorithm HmacPBESHA256 not available at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2167) at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:222) at java.base/java.security.KeyStore.load(KeyStore.java:1479) at com.android.apksigner.SignerParams.loadKeyStoreFromFile(SignerParams.java:362) at com.android.apksigner.SignerParams.loadPrivateKeyAndCertsFromKeyStore(SignerParams.java:248) at com.android.apksigner.SignerParams.loadPrivateKeyAndCerts(SignerParams.java:181) at com.android.apksigner.ApkSignerTool.getSignerConfig(ApkSignerTool.java:419) at com.android.apksigner.ApkSignerTool.sign(ApkSignerTool.java:336) at com.android.apksigner.ApkSignerTool.main(ApkSignerTool.java:92) Caused by: java.security.NoSuchAlgorithmException: Algorithm HmacPBESHA256 not available at java.base/javax.crypto.Mac.getInstance(Mac.java:191) at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2145) ... 8 more